FBI Virus - how to remove?

md252 · November 17, 2013

I picked up the FBI virus last night. The ran Malwarebytes and nothing was found. I saw that my Vipre Anitvirus was disabled. Today I logged in to my Administrator account and ran Malwarebytes(free version), Vipre, Farber Recovery, Malwarebytes Rootkit, FSRT64, and tdsskiller. Everything came up clean. I also ran the quick version of GMER. It was clean. The fulll scan of GMER seems to hang. The logs are below. Any help is greatly appreciated!

Farber:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Administrator (administrator) on MICHAEL-PC on 16-11-2013 11:50:25
Running from C:\Users\Administrator\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_S10IC2.EXE
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
(Corsair Components Inc) C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [EPSON Stylus Photo 2200] - C:\Windows\System32\spool\drivers\x64\3\E_S10IC2.EXE [99840 2003-05-27] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair M60 Mouse] - C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe [1712640 2012-01-06] (Corsair Components Inc)
HKLM-x32\...\Run: [ASUS ShellProcess Execute] - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-11-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [sBAMTray] - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe [3155776 2013-04-18] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\MikeD\...\Run: [gStart] - C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\MikeD\...\Run: [Akamai NetSession Interface] - C:\Users\MikeD\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\MikeD\...\Run: [AdobeBridge] - [x]
Startup: C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpectraView II Gamma Loader.lnk
ShortcutTarget: SpectraView II Gamma Loader.lnk -> C:\Program Files (x86)\NEC DISPLAY SOLUTIONS\SpectraView II\SpectraView.exe (NEC Display Solutions, Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F1032843F3CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 24.205.224.36 24.205.192.61 68.116.46.115

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2011-08-08] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [1430144 2011-10-05] (ASUSTeK Computer Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-06] (DTS, Inc)
R2 gfi_lanss10_attservice; C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [115568 2012-10-24] (GFI Software Development Ltd.)
R2 SBAMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [3680512 2013-04-18] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [175936 2013-04-18] (ThreatTrack Security, Inc.)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4545952 2012-12-22] (StorageCraft Technology Corporation)
R2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4400204 2012-12-22] ()
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [95136 2012-12-22] (StorageCraft Technology Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16512 2007-02-06] (Adaptec)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [23816 2012-03-09] (CPUID)
R3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2007-03-28] (GretagMacbeth LLC)
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-09-26] (http://libusb-win32.sourceforge.net)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88432 2013-04-16] (ThreatTrack Security, Inc.)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2012-12-22] (StorageCraft Technology Corporation)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283552 2012-12-22] (StorageCraft Technology Corporation)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [176640 2011-05-21] (VIA Technologies, Inc.)
R3 WIMBLEMS; C:\Windows\System32\drivers\WIMBLEMS.sys [25600 2011-10-08] ( )
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [230400 2011-05-21] (VIA Technologies, Inc.)
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys FEF9DD9EA587F8886ADE43C1BEFBDAFE
C:\Windows\System32\DRIVERS\asmthub3.sys 8569AF4C73747671194EA9EBB2F2D6CF
C:\Windows\System32\DRIVERS\asmtxhci.sys 073716FBFFAC7057CD5FF00A1B558331
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys CBE61B4494165F458BD87E37181EE934
C:\Windows\System32\Drivers\AthDfu.sys 4119870B90E1B5E7797D6433D21F9216
C:\Windows\System32\DRIVERS\athrx.sys A5E770426D18F8EF332A593F3289DA91
C:\Windows\System32\drivers\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys 1A08AACAE705E427BD956794ACC74B66
C:\Windows\System32\DRIVERS\btath_bus.sys A9DF22429E8D69ED849B0BBBE16BD327
C:\Windows\System32\DRIVERS\btath_hcrp.sys C864FF85EE16D61C2BDD5EF76824625F
C:\Windows\System32\DRIVERS\btath_lwflt.sys 0DEA505EFB5D771826D177EF8B8A208F
C:\Windows\System32\DRIVERS\btath_rcp.sys 724C8088C96EFE7A3E63FEC21D4681C0
C:\Windows\System32\DRIVERS\btfilter.sys 64D4533DB7DE653560DDC511EA074AC8
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\cpuz135_x64.sys 75DBD5DB9892D7451D0429BEC1AABE1A
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1c62x64.sys 03F4C5C12FC1C69F838DA723475EF650
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\i1display_x64.sys A33E0921D0C256E348E0F6D66C77B7F7
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\gfiark.sys 4EA5458FCA8518344686C543749365B1
C:\Windows\System32\drivers\gfiutil.sys 16A23FF8621929ADC5B18DCCD5E206EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorA.sys BC01732B88777BB2FE58E514A945D517
C:\Windows\System32\drivers\iaStorF.sys 3B78A47E2FCA2FD161A7D65428DAE5FC
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ICCWDT.sys C1010ADD3DDAE1196ED21057AF7B2AAE
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 150AC23F21DBDBF8488408BA944B0D65
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\libusb0.sys C7D21310EA0A644AA6394DE1E46E3D31
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 86614752D2FAE34CCD9E7B2AABA5FBEC
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\drivers\mv91cons.sys E9B77A93F5D905E4482BD75A27F05A30
C:\Windows\System32\DRIVERS\mv91xx.sys D72CFFB7AF56CBB37FD8D6686A33E6C7
C:\Windows\System32\drivers\mvs91xx.sys 1AF5922003B6801BFCE2478BC8F5C014
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys B227E75AD10A142DD326B4CC8D73A6D9
C:\Windows\system32\drivers\nusb3xhc.sys 55959DB860E4E484681586824D09E52C
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nvstusb.sys FEC00F728DF306E07CEC14FED79871FE
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sbapifs.sys 71C46CD8788E533A0DF942F3AD958D7E
C:\Windows\System32\drivers\SbFw.sys 0C7C36B6EADB5D61F3E18C46E72CD418
C:\Windows\System32\DRIVERS\sbfwim.sys 9AEF0F267553FD9C900E9449B61586B7
C:\Windows\System32\DRIVERS\SBFWIM.sys 9AEF0F267553FD9C900E9449B61586B7
C:\Windows\System32\drivers\sbhips.sys B4B77B3C4DBD45527ED10C29B2614923
C:\Windows\System32\Drivers\sbmount.sys 64D6C87848B4697EB382C04411E71A03
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sbwtis.sys 97ECCE37DBAA0A871B4504CEF53EE76B
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stcvsm.sys 2E5750C29BC851D95D259AD48230B355
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\ViaHub3.sys 5BE34BFADE20FF6C154B4663605B6212
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\WIMBLEMS.sys A8DD94CB385BBA9FE76A5A16842E95EB
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\drivers\xhcdrv.sys 109B6F1888845661D19B7A458776D5D1

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-16 11:50 - 2013-11-16 11:50 - 00031141 _____ C:\Users\Administrator\Desktop\FRST.txt
2013-11-16 11:50 - 2013-11-16 11:50 - 00000000 ____D C:\FRST
2013-11-16 11:46 - 2013-11-16 10:25 - 00368554 _____ C:\Users\Administrator\Desktop\gmer.zip
2013-11-16 11:46 - 2013-11-16 10:24 - 04722680 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-11-16 11:46 - 2013-11-16 10:24 - 00368256 _____ (RegNow.com) C:\Users\Administrator\Desktop\Download_MaxSDDMnew.exe
2013-11-16 11:46 - 2013-11-16 10:22 - 00712216 _____ (Reimage®) C:\Users\Administrator\Desktop\reimagerepair.exe
2013-11-16 11:46 - 2013-11-16 10:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.07.0.1007.exe
2013-11-16 11:46 - 2013-11-16 10:18 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-11-16 11:46 - 2013-11-16 10:16 - 01957794 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-11-16 11:46 - 2013-11-16 09:49 - 00860176 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\mssstool64.exe
2013-11-16 11:46 - 2013-11-16 09:46 - 93652240 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\msert.exe
2013-11-16 08:18 - 2013-11-16 08:18 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2013-11-16 08:18 - 2013-11-16 08:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-15 22:45 - 2013-11-15 22:45 - 00000000 ___RD C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-15 21:36 - 2013-11-15 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:30 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-15 21:29 - 2013-11-15 21:29 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-15 21:28 - 2013-11-15 21:30 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-12 22:35 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 22:35 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 22:35 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 22:35 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 22:35 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 22:35 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 22:34 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 22:34 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 22:34 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 22:34 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 22:34 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 22:34 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 22:34 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 22:34 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 22:34 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 22:34 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 22:34 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 22:34 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 22:34 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 22:34 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 22:34 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 22:34 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 22:34 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 22:34 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 22:34 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 22:34 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 22:34 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 22:34 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 22:34 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 22:34 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iPod
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-10 12:17 - 2013-11-10 12:17 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\JGoodies
2013-11-10 12:13 - 2013-11-10 12:17 - 00002269 _____ C:\Users\MikeD\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\UpdatusUser\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\Administrator\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Program Files (x86)\JGoodies

==================== One Month Modified Files and Folders =======

2013-11-16 11:50 - 2013-11-16 11:50 - 00031141 _____ C:\Users\Administrator\Desktop\FRST.txt
2013-11-16 11:50 - 2013-11-16 11:50 - 00000000 ____D C:\FRST
2013-11-16 10:56 - 2012-06-10 14:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 10:25 - 2013-11-16 11:46 - 00368554 _____ C:\Users\Administrator\Desktop\gmer.zip
2013-11-16 10:24 - 2013-11-16 11:46 - 04722680 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-11-16 10:24 - 2013-11-16 11:46 - 00368256 _____ (RegNow.com) C:\Users\Administrator\Desktop\Download_MaxSDDMnew.exe
2013-11-16 10:22 - 2013-11-16 11:46 - 00712216 _____ (Reimage®) C:\Users\Administrator\Desktop\reimagerepair.exe
2013-11-16 10:19 - 2013-11-16 11:46 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.07.0.1007.exe
2013-11-16 10:18 - 2013-11-16 11:46 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-11-16 10:16 - 2013-11-16 11:46 - 01957794 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-11-16 09:49 - 2013-11-16 11:46 - 00860176 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\mssstool64.exe
2013-11-16 09:46 - 2013-11-16 11:46 - 93652240 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\msert.exe
2013-11-16 08:25 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-16 08:25 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 08:25 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 08:20 - 2012-05-16 04:26 - 01389547 _____ C:\Windows\WindowsUpdate.log
2013-11-16 08:18 - 2013-11-16 08:18 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2013-11-16 08:18 - 2013-11-16 08:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-16 08:18 - 2012-06-02 18:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-11-16 08:18 - 2012-05-21 15:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-11-16 08:18 - 2012-05-16 17:05 - 00112920 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-16 08:18 - 2012-05-16 04:29 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-16 08:18 - 2012-05-16 04:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-16 08:18 - 2012-05-16 04:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-16 08:18 - 2012-05-16 04:26 - 00000000 ____D C:\Users\Administrator
2013-11-16 08:17 - 2012-05-16 04:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-16 08:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 08:17 - 2009-07-13 20:51 - 00072121 _____ C:\Windows\setupact.log
2013-11-16 04:48 - 2013-01-11 19:37 - 00000000 ____D C:\Windows\rescache
2013-11-16 02:00 - 2012-06-03 06:39 - 00000000 ____D C:\Users\MikeD\AppData\Local\Adobe
2013-11-15 22:45 - 2013-11-15 22:45 - 00000000 ___RD C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-15 22:45 - 2012-07-08 17:32 - 00000000 ___RD C:\Users\MikeD\Dropbox
2013-11-15 22:45 - 2012-07-08 17:30 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Dropbox
2013-11-15 22:45 - 2012-06-03 09:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-15 22:45 - 2012-06-03 06:39 - 00001413 _____ C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-15 22:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-15 21:36 - 2013-11-15 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:30 - 2013-11-15 21:28 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-15 21:29 - 2013-11-15 21:29 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 22:37 - 2012-06-03 05:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-12 22:36 - 2013-08-11 12:20 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 22:35 - 2012-06-03 06:04 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iPod
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-12 22:29 - 2013-03-22 17:46 - 00000000 ____D C:\Windows\Patches
2013-11-12 22:29 - 2012-10-13 14:59 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-12 22:28 - 2012-06-10 14:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-12 22:28 - 2012-06-03 09:16 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-11-12 22:28 - 2012-06-02 17:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-12 22:28 - 2012-05-21 15:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-12 22:28 - 2012-05-21 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-10 15:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-10 12:36 - 2012-06-23 11:05 - 00000000 ____D C:\Users\MikeD\AppData\Local\CrashDumps
2013-11-10 12:17 - 2013-11-10 12:17 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\JGoodies
2013-11-10 12:17 - 2013-11-10 12:13 - 00002269 _____ C:\Users\MikeD\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\UpdatusUser\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\Administrator\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Program Files (x86)\JGoodies
2013-11-08 22:45 - 2012-06-07 21:16 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NEC Display Solutions
2013-11-08 22:45 - 2012-06-03 06:39 - 00000000 ___RD C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 21:42 - 2013-08-28 21:41 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-11-03 22:30 - 2012-06-03 09:10 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-02 15:56 - 2012-06-03 07:03 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Adobe
2013-10-24 20:28 - 2012-06-03 07:00 - 00000000 ____D C:\Users\MikeD\AppData\Local\Microsoft Help

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\MikeD\AppData\Local\Temp\AAMHelper.exe
C:\Users\MikeD\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\MikeD\AppData\Local\Temp\AskSLib.dll
C:\Users\MikeD\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\MikeD\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\nvStInst.exe
C:\Users\MikeD\AppData\Local\Temp\ose00000.exe
C:\Users\MikeD\AppData\Local\Temp\_is1035.exe
C:\Users\MikeD\AppData\Local\Temp\_isA80A.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {048443db-9f5a-11e1-98b1-c8600005ce90}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {048443dd-9f5a-11e1-98b1-c8600005ce90}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {048443db-9f5a-11e1-98b1-c8600005ce90}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {048443dd-9f5a-11e1-98b1-c8600005ce90}
device                  ramdisk=[C:]\Recovery\048443dd-9f5a-11e1-98b1-c8600005ce90\Winre.wim,{048443de-9f5a-11e1-98b1-c8600005ce90}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\048443dd-9f5a-11e1-98b1-c8600005ce90\Winre.wim,{048443de-9f5a-11e1-98b1-c8600005ce90}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {048443db-9f5a-11e1-98b1-c8600005ce90}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {048443de-9f5a-11e1-98b1-c8600005ce90}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\048443dd-9f5a-11e1-98b1-c8600005ce90\boot.sdi

LastRegBack: 2013-11-10 09:26

==================== End Of Log ============================

md252 · November 17, 2013

It wouldn't let me post everything in one shot. Here's the Farbar Additional log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Administrator at 2013-11-16 11:54:11
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: GFI Software VIPRE (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: GFI Software VIPRE (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE (Enabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1210)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Creative Cloud (x32 Version: 2.2.1.260)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1)
Adobe Photoshop Lightroom 5.2 64-bit (Version: 5.2.1)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Premiere Elements 9 (x32 Version: 9.0.1)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Advanced X Video Converter (x32)
AI Suite II (x32 Version: 1.02.16)
AoA Audio Extractor Platinum (x32)
AoA DVD Ripper (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS PC Diagnostics (x32 Version: 1.1.5)
Bluetooth Win7 Suite (64) (Version: 7.2.0.85)
Bonjour (Version: 3.0.0.10)
Corsair M60 Gaming Mouse Driver V1.0 (x32 Version: 1.00.00.01)
CPUID CPU-Z 1.60.1
CPUID HWMonitor Pro 1.13
dBpoweramp DSP Effects (x32 Version: Release 7)
dBpoweramp Music Converter (x32 Version: Release 14.2)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Distortion Control Data (x32 Version: 1.00.0000)
DOFMaster (x32)
DOFMaster Hyperfocal Chart (x32 Version: 0.7)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
EPSON Printer Software
EPSON Scan (x32)
Epson SPR 4880 Network Guide (x32)
EPSON SPR4880 User's Guide (x32)
EPSON TWAIN 5 (x32 Version: 5.71.0000)
Garmin Training Center (x32 Version: 3.6.5)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Google Earth (x32 Version: 7.1.2.2041)
Intel® Watchdog Timer Driver (Intel® WDT) (x32)
iSofter DVD Ripper Platinum 3.0.2007.228 (x32)
iTunes (Version: 11.1.3.8)
Java 7 Update 21 (x32 Version: 7.0.210)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jawbone Updater (x32 Version: 0.1)
JDiskReport 1.4.0 (x32 Version: 1.4.0 (2012-01-20 11:38:43))
Lightroom 5.2 (x32 Version: 5.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NEC DISPLAY SOLUTIONS: Monitor Installer (x32 Version: 0.10.05.03)
NEC SpectraView II 1.1.16.00 (x32 Version: 1.1.16.00)
Nikon Message Center 2 (x32 Version: 2.1.0)
Nikon Movie Editor (x32 Version: 2.3.0)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Olympus Digital Wave Player (x32)
Opanda IExif 2.3 (x32 Version: 2.3)
PDF Settings CC (x32 Version: 12.0)
PDF Settings CS6 (x32 Version: 11.0)
PhotoKit Sharpener 2 Plug-in Module (x32)
Photomatix Pro version 4.2.7 (Version: 4.2.7)
Picture Control Utility x64 (Version: 1.4.2)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Silver Efex Pro 2 (x32 Version: 2.0.0.4)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090)
StorageCraft ShadowProtect (x32 Version: 5.0.0.22464)
SyncBackSE (x32 Version: 6.5.4.0)
TurboTax 2012 (x32 Version: 2012.0)
TurboTax 2012 wcaiper (x32 Version: 012.000.1508)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2243)
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0473)
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0184)
TurboTax 2012 wrapper (x32 Version: 012.000.0127)
TurboV EVO (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
ViewNX 2 (Version: 2.3.0)
VIPRE Internet Security (x32 Version: 6.2.4.7)
Windows 7 Codec Pack 4.0.3 (x32 Version: 4.0.3)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows XP Mode (Version: 1.3.7600.16423)
Xvid 1.2.2 final uninstall (x32 Version: 1.2)

==================== Restore Points =========================

27-10-2013 18:46:09 Scheduled Checkpoint
10-11-2013 05:06:42 Scheduled Checkpoint
10-11-2013 20:12:22 Sunday_temp
13-11-2013 06:35:17 Windows Update
16-11-2013 05:28:32 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F52DF3A-89FE-43AA-9B2B-02B8EF3C5A11} - System32\Tasks\ASUS\ASUS Mobilink Execute => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\ASUS Mobilink.exe [2010-11-25] (ASUSTeK Computer Inc.)
Task: {16870C91-9D4B-4A47-A8B2-6ABC6872A9F0} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2011-09-19] (ASUSTeK Computer Inc.)
Task: {5330C78B-2278-484C-A708-6515177A2B48} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {76B48175-1281-40C7-ADB4-53E274D33047} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {84255FE1-4F40-4921-83D6-F9E1EC7B30EC} - System32\Tasks\AdobeAAMUpdater-1.0-MICHAEL-PC-MikeD => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {8D131163-5911-455E-BDCC-2705B54AB170} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A29342D6-4795-4241-A1C8-3DCCE80543C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-17 06:09 - 2013-11-16 08:18 - 00025088 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2012-06-17 06:09 - 2010-06-28 18:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2012-10-24 13:50 - 2012-10-24 13:50 - 00296960 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\apistrings.dll
2012-10-24 13:50 - 2012-01-06 10:39 - 00199680 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\patchautodownload.dll
2012-10-24 13:50 - 2012-10-24 13:50 - 00143360 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\modlop.dll
2009-07-13 13:03 - 2009-07-13 17:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-10-24 13:50 - 2012-10-24 13:50 - 01844736 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\crmimodule.dll
2012-10-24 13:50 - 2012-04-09 13:48 - 00310640 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\dbprocessorop.dll
2012-10-24 13:50 - 2011-12-02 10:48 - 00152064 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\scanmngsys.dll
2012-10-24 13:50 - 2012-10-24 13:50 - 00040448 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\schedcompactdb.dll
2012-10-24 13:38 - 2012-10-24 13:38 - 00160768 _____ () C:\Program Files (x86)\GFI Software\VIPRE\unrar.dll
2013-11-16 08:18 - 2013-11-16 08:18 - 00098816 _____ () C:\Windows\TEMP\_MEI277210\win32api.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00110080 _____ () C:\Windows\TEMP\_MEI277210\pywintypes27.dll
2013-11-16 08:18 - 2013-11-16 08:18 - 00358912 _____ () C:\Windows\TEMP\_MEI277210\pythoncom27.dll
2013-11-16 08:18 - 2013-11-16 08:18 - 00042496 _____ () C:\Windows\TEMP\_MEI277210\win32service.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00027648 _____ () C:\Windows\TEMP\_MEI277210\servicemanager.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00018432 _____ () C:\Windows\TEMP\_MEI277210\win32event.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00040960 _____ () C:\Windows\TEMP\_MEI277210\_socket.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00721920 _____ () C:\Windows\TEMP\_MEI277210\_ssl.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00009728 _____ () C:\Windows\TEMP\_MEI277210\select.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00074240 _____ () C:\Windows\TEMP\_MEI277210\_ctypes.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00285184 _____ () C:\Windows\TEMP\_MEI277210\_hashlib.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00031232 _____ () C:\Windows\TEMP\_MEI277210\_psutil_mswindows.pyd
2013-11-16 08:18 - 2013-11-16 08:18 - 00103424 _____ () C:\Windows\TEMP\_MEI277210\pyexpat.pyd
2012-06-05 21:54 - 2009-10-19 15:50 - 00042496 _____ () C:\Program Files (x86)\Corsair\M60 Mouse\hidGetKey.dll
2013-10-17 16:45 - 2013-10-17 16:45 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 12:42 - 2013-06-05 13:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2012-06-02 17:05 - 2013-10-01 14:16 - 00190752 _____ () C:\Program Files (x86)\GFI Software\VIPRE\Definitions\libBase64.dll
2012-06-02 17:05 - 2013-10-01 14:16 - 00178464 _____ () C:\Program Files (x86)\GFI Software\VIPRE\Definitions\libMachoUniv.dll
2012-06-17 06:11 - 2010-11-25 14:12 - 00086016 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll
2012-06-17 06:11 - 2010-11-25 14:12 - 00661504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll
2012-06-17 06:11 - 2010-11-25 14:12 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll
2012-06-17 06:11 - 2010-11-25 14:12 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll
2012-06-17 06:11 - 2010-11-25 14:12 - 00061440 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll
2012-06-17 06:11 - 2010-11-25 14:12 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll
2012-06-17 06:11 - 2010-02-08 16:19 - 00179712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsusService.dll
2012-06-17 06:11 - 2011-03-01 08:04 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\BFNHelp.dll
2012-06-17 06:11 - 2011-02-24 17:54 - 00970752 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\BFNStatsAPI.dll
2012-06-17 06:11 - 2010-11-25 14:12 - 00661504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll
2012-06-17 06:11 - 2011-06-20 15:02 - 00707072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll
2012-06-17 06:11 - 2011-07-12 18:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-06-17 06:11 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-06-17 06:12 - 2011-10-13 14:57 - 01077248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2012-06-17 06:11 - 2011-09-20 17:11 - 00985600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2012-06-17 06:12 - 2011-10-19 21:49 - 01652736 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll
2012-06-17 06:13 - 2011-10-25 09:25 - 01296384 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-06-17 06:13 - 2011-10-07 14:30 - 01047552 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2012-06-17 06:11 - 2011-09-29 14:12 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-06-17 06:11 - 2011-09-26 17:37 - 01616384 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-06-17 06:11 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-06-17 06:11 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-06-17 06:11 - 2011-10-14 19:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-06-17 06:09 - 2010-08-22 18:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMLib.dll
2012-06-17 06:11 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-06-17 06:11 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:30FD0CBD
AlternateDataStreams: C:\ProgramData\TEMP:3B71D0B4
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2013 09:00:02 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 9:00:00 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 09:00:00 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 9:00:00 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

Error: (11/16/2013 08:19:06 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 8:19:04 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 08:19:04 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 8:19:04 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

Error: (11/16/2013 08:18:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 06:00:02 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 6:00:00 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 06:00:00 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 6:00:00 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

Error: (11/16/2013 04:41:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2013 03:00:02 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 3:00:00 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 03:00:00 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 3:00:00 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

System errors:
=============
Error: (11/16/2013 08:20:05 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/16/2013 08:20:05 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/16/2013 08:18:03 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32

Error: (11/16/2013 08:17:55 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/15/2013 10:47:09 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/15/2013 10:47:09 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/15/2013 10:45:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32

Error: (11/15/2013 10:44:59 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/15/2013 10:18:56 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MDPHOTO-HP2
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E3B2D91E-763B-48C7-BDCE-F69D65793A23}.
The master browser is stopping or an election is being forced.

Error: (11/15/2013 10:06:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MDPHOTO-HP2
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E3B2D91E-763B-48C7-BDCE-F69D65793A23}.
The master browser is stopping or an election is being forced.

Microsoft Office Sessions:
=========================
Error: (11/16/2013 09:00:02 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 9:00:00 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 09:00:00 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 9:00:00 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

Error: (11/16/2013 08:19:06 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 8:19:04 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 08:19:04 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 8:19:04 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

Error: (11/16/2013 08:18:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 06:00:02 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 6:00:00 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 06:00:00 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 6:00:00 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

Error: (11/16/2013 04:41:54 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe

Error: (11/16/2013 03:00:02 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 3:00:00 AM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 03:00:00 AM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 3:00:00 AM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

CodeIntegrity Errors:
===================================
Date: 2013-11-16 11:50:10.350
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 11:43:53.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 08:18:02.945
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 08:05:45.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 01:05:52.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 22:45:07.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 22:19:17.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 21:27:11.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 21:19:47.805
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 23:06:58.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 32744.35 MB
Available physical RAM: 26457.5 MB
Total Pagefile: 65486.88 MB
Available Pagefile: 59150.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:84 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:3725.9 GB) (Free:1659.16 GB) NTFS
Drive f: (Photo_bkup) (Fixed) (Total:1863.01 GB) (Free:159.21 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:1863.01 GB) (Free:918.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C341A011)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 94D90180)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3192629C)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================

md252 · November 17, 2013

The tdsskiller log is too long to post so it's attached.

tdss_log.txt.txt

md252 · November 17, 2013

Malwarebytes Rootkit logs:

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Administrator :: MICHAEL-PC [administrator]

11/16/2013 12:05:14 PM
mbar-log-2013-11-16 (12-05-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 347683
Time elapsed: 19 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

and

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.199000 GHz
Memory total: 34334941184, free: 27897368576

=======================================
Initializing...
------------ Kernel report ------------
     11/16/2013 12:05:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\mv91cons.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\iaStorA.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\mv91xx.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\mvs91xx.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\stcvsm.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\AtiPcie64.sys
\SystemRoot\System32\Drivers\dump_mvxxmm.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\sbmount.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsUpIO.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ICCWDT.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\SysWow64\drivers\ASUSFILTER.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_mv91xx.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\drivers\WIMBLEMS.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\System32\Drivers\i1display_x64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\sbwtis.sys
\SystemRoot\system32\drivers\gfiark.sys
\SystemRoot\system32\drivers\gfiutil.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8020e84790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a2\
Lower Device Object: 0xfffffa802058db60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8020e81790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a1\
Lower Device Object: 0xfffffa80204aab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80195ca060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\mv91xx1Port1Path0Target1Lun0\
Lower Device Object: 0xfffffa8019594050
Lower Device Driver Name: \Driver\mv91xx\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80195b4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\mv91xx1Port1Path0Target0Lun0\
Lower Device Object: 0xfffffa8019592050
Lower Device Driver Name: \Driver\mv91xx\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8019590060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xfffffa8018b8a9c0
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80195c0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80193e29c0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80195b4060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80195b4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80195b4060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80195c1860, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8019592050, DeviceName: \Device\Scsi\mv91xx1Port1Path0Target0Lun0\, DriverName: \Driver\mv91xx\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80195c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80195c0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80195c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80195c35f0, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80193e27a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80193e29c0, DeviceName: \Device\00000078\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4066144234
    GPT Header CurrentLba = 1 BackupLba 7814037167
    GPT Header FirstUsableLba 34 LastUsableLba 7814037134
    GPT Header Guid 60d37129-d6ab-44d4-8d69-701358824d4c
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4066144234
    Backup GPT header CurrentLba = 7814037167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 7814037134
    Backup GPT header Guid 60d37129-d6ab-44d4-8d69-701358824d4c
    Backup GPT header Contains 128 partition entries starting at LBA 7814037135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 19adcbde-5bf2-41a2-bf70-6334d541c860
    FirstLBA 34 Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 474c07ac-5198-4091-b6b5-7a2d0673f2
    FirstLBA 264192 Last LBA 7814035455
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 4000787030016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8019590060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8019590b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8019590060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80195c1c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8018b8a9c0, DeviceName: \Device\0000007a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C341A011

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3907024896

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 94D90180

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 468652032

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 240057409536 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa80195ca060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80195cab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80195ca060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80195c1470, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8019594050, DeviceName: \Device\Scsi\mv91xx1Port1Path0Target1Lun0\, DriverName: \Driver\mv91xx\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3192629C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3907024896

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8020e81790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801ec2f920, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8020e81790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8020514c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80204aab60, DeviceName: \Device\000000a1\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8020e84790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801eb55b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8020e84790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80205a7850, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa802058db60, DeviceName: \Device\000000a2\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_2_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_3_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_3_r.mbam...
Removal finished

md252 · November 17, 2013

I'm not sure if this will make a difference or not but I rerun FRST64 today but I booted up in Safe Mode With Networking and I logged into my account.

The log file is:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by MikeD (administrator) on MICHAEL-PC on 17-11-2013 11:22:17
Running from C:\Users\MikeD\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [EPSON Stylus Photo 2200] - C:\Windows\System32\spool\drivers\x64\3\E_S10IC2.EXE [99840 2003-05-27] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [gStart] - C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\MikeD\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {5e4e217c-7960-11e2-a813-c8600005c9cb} - J:\VZW_Software_upgrade_assistant.exe
MountPoints2: {688c6116-17ac-11e2-8086-c8600005c9cb} - H:\setup.exe -a
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair M60 Mouse] - C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe [1712640 2012-01-06] (Corsair Components Inc)
HKLM-x32\...\Run: [ASUS ShellProcess Execute] - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-11-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [sBAMTray] - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe [3155776 2013-04-18] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Startup: C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MikeD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpectraView II Gamma Loader.lnk
ShortcutTarget: SpectraView II Gamma Loader.lnk -> C:\Program Files (x86)\NEC DISPLAY SOLUTIONS\SpectraView II\SpectraView.exe (NEC Display Solutions, Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93FBB80B9A41CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 24.205.224.36 24.205.192.61 68.116.46.115

FireFox:
========
FF ProfilePath: C:\Users\MikeD\AppData\Roaming\Mozilla\Firefox\Profiles\fiqz8opy.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: color_management - C:\Users\MikeD\AppData\Roaming\Mozilla\Firefox\Profiles\fiqz8opy.default\Extensions\color_management@seanhayes.name.xpi

==================== Services (Whitelisted) =================

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2011-08-08] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [1430144 2011-10-05] (ASUSTeK Computer Inc.)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-06] (DTS, Inc)
S2 gfi_lanss10_attservice; C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [115568 2012-10-24] (GFI Software Development Ltd.)
R2 SBAMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [3680512 2013-04-18] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [175936 2013-04-18] (ThreatTrack Security, Inc.)
S2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4545952 2012-12-22] (StorageCraft Technology Corporation)
S2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4400204 2012-12-22] ()
S2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [95136 2012-12-22] (StorageCraft Technology Corporation)

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16512 2007-02-06] (Adaptec)
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2007-03-28] (GretagMacbeth LLC)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-09-26] (http://libusb-win32.sourceforge.net)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88432 2013-04-16] (ThreatTrack Security, Inc.)
S1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2012-12-22] (StorageCraft Technology Corporation)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283552 2012-12-22] (StorageCraft Technology Corporation)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [176640 2011-05-21] (VIA Technologies, Inc.)
R3 WIMBLEMS; C:\Windows\System32\drivers\WIMBLEMS.sys [25600 2011-10-08] ( )
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [230400 2011-05-21] (VIA Technologies, Inc.)
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys FEF9DD9EA587F8886ADE43C1BEFBDAFE
C:\Windows\System32\DRIVERS\asmthub3.sys 8569AF4C73747671194EA9EBB2F2D6CF
C:\Windows\System32\DRIVERS\asmtxhci.sys 073716FBFFAC7057CD5FF00A1B558331
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys CBE61B4494165F458BD87E37181EE934
C:\Windows\System32\Drivers\AthDfu.sys 4119870B90E1B5E7797D6433D21F9216
C:\Windows\System32\DRIVERS\athrx.sys A5E770426D18F8EF332A593F3289DA91
C:\Windows\System32\drivers\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys 1A08AACAE705E427BD956794ACC74B66
C:\Windows\System32\DRIVERS\btath_bus.sys A9DF22429E8D69ED849B0BBBE16BD327
C:\Windows\System32\DRIVERS\btath_hcrp.sys C864FF85EE16D61C2BDD5EF76824625F
C:\Windows\System32\DRIVERS\btath_lwflt.sys 0DEA505EFB5D771826D177EF8B8A208F
C:\Windows\System32\DRIVERS\btath_rcp.sys 724C8088C96EFE7A3E63FEC21D4681C0
C:\Windows\System32\DRIVERS\btfilter.sys 64D4533DB7DE653560DDC511EA074AC8
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\cpuz135_x64.sys 75DBD5DB9892D7451D0429BEC1AABE1A
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1c62x64.sys 03F4C5C12FC1C69F838DA723475EF650
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\i1display_x64.sys A33E0921D0C256E348E0F6D66C77B7F7
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\gfiark.sys 4EA5458FCA8518344686C543749365B1
C:\Windows\System32\drivers\gfiutil.sys 16A23FF8621929ADC5B18DCCD5E206EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorA.sys BC01732B88777BB2FE58E514A945D517
C:\Windows\System32\drivers\iaStorF.sys 3B78A47E2FCA2FD161A7D65428DAE5FC
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ICCWDT.sys C1010ADD3DDAE1196ED21057AF7B2AAE
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 150AC23F21DBDBF8488408BA944B0D65
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\libusb0.sys C7D21310EA0A644AA6394DE1E46E3D31
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 86614752D2FAE34CCD9E7B2AABA5FBEC
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\drivers\mv91cons.sys E9B77A93F5D905E4482BD75A27F05A30
C:\Windows\System32\DRIVERS\mv91xx.sys D72CFFB7AF56CBB37FD8D6686A33E6C7
C:\Windows\System32\drivers\mvs91xx.sys 1AF5922003B6801BFCE2478BC8F5C014
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys B227E75AD10A142DD326B4CC8D73A6D9
C:\Windows\system32\drivers\nusb3xhc.sys 55959DB860E4E484681586824D09E52C
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nvstusb.sys FEC00F728DF306E07CEC14FED79871FE
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sbapifs.sys 71C46CD8788E533A0DF942F3AD958D7E
C:\Windows\System32\drivers\SbFw.sys 0C7C36B6EADB5D61F3E18C46E72CD418
C:\Windows\System32\DRIVERS\sbfwim.sys 9AEF0F267553FD9C900E9449B61586B7
C:\Windows\System32\DRIVERS\SBFWIM.sys 9AEF0F267553FD9C900E9449B61586B7
C:\Windows\System32\drivers\sbhips.sys B4B77B3C4DBD45527ED10C29B2614923
C:\Windows\System32\Drivers\sbmount.sys 64D6C87848B4697EB382C04411E71A03
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sbwtis.sys 97ECCE37DBAA0A871B4504CEF53EE76B
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stcvsm.sys 2E5750C29BC851D95D259AD48230B355
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\ViaHub3.sys 5BE34BFADE20FF6C154B4663605B6212
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\WIMBLEMS.sys A8DD94CB385BBA9FE76A5A16842E95EB
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\drivers\xhcdrv.sys 109B6F1888845661D19B7A458776D5D1

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-17 11:07 - 2013-11-17 11:22 - 00029854 _____ C:\Users\MikeD\Desktop\FRST.txt
2013-11-17 11:07 - 2013-11-17 11:06 - 05146587 _____ (Swearware) C:\Users\MikeD\Desktop\ComboFix.exe
2013-11-17 11:07 - 2013-11-17 11:06 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\MikeD\Desktop\tdsskiller.exe
2013-11-17 11:07 - 2013-11-17 11:06 - 01085542 _____ C:\Users\MikeD\Desktop\AdwCleaner.exe
2013-11-17 11:07 - 2013-11-17 11:05 - 01958026 _____ (Farbar) C:\Users\MikeD\Desktop\FRST64.exe
2013-11-17 11:06 - 2013-11-17 11:06 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\MikeD\Downloads\tdsskiller.exe
2013-11-17 11:06 - 2013-11-17 11:06 - 01085542 _____ C:\Users\MikeD\Downloads\AdwCleaner.exe
2013-11-17 11:05 - 2013-11-17 11:06 - 05146587 _____ (Swearware) C:\Users\MikeD\Downloads\ComboFix.exe
2013-11-17 11:05 - 2013-11-17 11:05 - 01958026 _____ (Farbar) C:\Users\MikeD\Downloads\FRST64.exe
2013-11-17 11:02 - 2013-11-17 11:02 - 02290984 _____ (Fusion Install        ) C:\Users\MikeD\Downloads\Setup.exe
2013-11-16 16:46 - 2013-11-16 16:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRightToGo
2013-11-16 16:22 - 2013-11-16 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2013-11-16 16:08 - 2013-11-16 16:08 - 00474928 _____ C:\Windows\Minidump\111613-10576-01.dmp
2013-11-16 12:39 - 2013-11-16 12:39 - 00004647 _____ C:\Users\Administrator\Desktop\gmer_quick.log
2013-11-16 12:33 - 2013-11-16 12:33 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-16 12:05 - 2013-11-16 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 12:05 - 2013-11-16 12:05 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-16 12:04 - 2013-11-16 12:30 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2013-11-16 12:04 - 2013-11-16 12:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-16 11:54 - 2013-11-16 11:54 - 00033485 _____ C:\Users\Administrator\Desktop\Addition.txt
2013-11-16 11:50 - 2013-11-16 11:54 - 00074028 _____ C:\Users\Administrator\Desktop\FRST.txt
2013-11-16 11:50 - 2013-11-16 11:50 - 00000000 ____D C:\FRST
2013-11-16 11:46 - 2013-11-16 10:25 - 00368554 _____ C:\Users\Administrator\Desktop\gmer.zip
2013-11-16 11:46 - 2013-11-16 10:24 - 04722680 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-11-16 11:46 - 2013-11-16 10:24 - 00368256 _____ (RegNow.com) C:\Users\Administrator\Desktop\Download_MaxSDDMnew.exe
2013-11-16 11:46 - 2013-11-16 10:22 - 00712216 _____ (Reimage®) C:\Users\Administrator\Desktop\reimagerepair.exe
2013-11-16 11:46 - 2013-11-16 10:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.07.0.1007.exe
2013-11-16 11:46 - 2013-11-16 10:18 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-11-16 11:46 - 2013-11-16 10:16 - 01957794 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-11-16 11:46 - 2013-11-16 09:49 - 00860176 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\mssstool64.exe
2013-11-16 11:46 - 2013-11-16 09:46 - 93652240 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\msert.exe
2013-11-16 08:18 - 2013-11-16 08:18 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2013-11-15 22:45 - 2013-11-15 22:45 - 00000000 ___RD C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-15 21:36 - 2013-11-15 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:30 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-15 21:29 - 2013-11-15 21:29 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-15 21:28 - 2013-11-15 21:30 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-12 22:35 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 22:35 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 22:35 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 22:35 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 22:35 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 22:35 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 22:34 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 22:34 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 22:34 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 22:34 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 22:34 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 22:34 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 22:34 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 22:34 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 22:34 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 22:34 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 22:34 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 22:34 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 22:34 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 22:34 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 22:34 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 22:34 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 22:34 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 22:34 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 22:34 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 22:34 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 22:34 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 22:34 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 22:34 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 22:34 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iPod
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-10 12:17 - 2013-11-10 12:17 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\JGoodies
2013-11-10 12:13 - 2013-11-10 12:17 - 00002269 _____ C:\Users\MikeD\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\UpdatusUser\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\Administrator\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Program Files (x86)\JGoodies

==================== One Month Modified Files and Folders =======

2013-11-17 11:22 - 2013-11-17 11:07 - 00029854 _____ C:\Users\MikeD\Desktop\FRST.txt
2013-11-17 11:06 - 2013-11-17 11:07 - 05146587 _____ (Swearware) C:\Users\MikeD\Desktop\ComboFix.exe
2013-11-17 11:06 - 2013-11-17 11:07 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\MikeD\Desktop\tdsskiller.exe
2013-11-17 11:06 - 2013-11-17 11:07 - 01085542 _____ C:\Users\MikeD\Desktop\AdwCleaner.exe
2013-11-17 11:06 - 2013-11-17 11:06 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\MikeD\Downloads\tdsskiller.exe
2013-11-17 11:06 - 2013-11-17 11:06 - 01085542 _____ C:\Users\MikeD\Downloads\AdwCleaner.exe
2013-11-17 11:06 - 2013-11-17 11:05 - 05146587 _____ (Swearware) C:\Users\MikeD\Downloads\ComboFix.exe
2013-11-17 11:05 - 2013-11-17 11:07 - 01958026 _____ (Farbar) C:\Users\MikeD\Desktop\FRST64.exe
2013-11-17 11:05 - 2013-11-17 11:05 - 01958026 _____ (Farbar) C:\Users\MikeD\Downloads\FRST64.exe
2013-11-17 11:05 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 11:02 - 2013-11-17 11:02 - 02290984 _____ (Fusion Install        ) C:\Users\MikeD\Downloads\Setup.exe
2013-11-16 16:46 - 2013-11-16 16:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRightToGo
2013-11-16 16:30 - 2012-06-02 18:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-11-16 16:30 - 2012-05-21 15:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-11-16 16:22 - 2013-11-16 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2013-11-16 16:08 - 2013-11-16 16:08 - 00474928 _____ C:\Windows\Minidump\111613-10576-01.dmp
2013-11-16 16:08 - 2013-01-12 21:33 - 3990329213 _____ C:\Windows\MEMORY.DMP
2013-11-16 16:08 - 2012-09-14 16:50 - 00000000 ____D C:\Windows\Minidump
2013-11-16 14:13 - 2012-05-16 04:26 - 01393829 _____ C:\Windows\WindowsUpdate.log
2013-11-16 13:56 - 2012-06-10 14:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 12:39 - 2013-11-16 12:39 - 00004647 _____ C:\Users\Administrator\Desktop\gmer_quick.log
2013-11-16 12:39 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 12:39 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 12:33 - 2013-11-16 12:33 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-16 12:32 - 2012-05-16 04:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-16 12:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 12:32 - 2009-07-13 20:51 - 00072177 _____ C:\Windows\setupact.log
2013-11-16 12:30 - 2013-11-16 12:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 12:30 - 2013-11-16 12:04 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2013-11-16 12:05 - 2013-11-16 12:05 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-16 12:04 - 2013-11-16 12:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-16 11:54 - 2013-11-16 11:54 - 00033485 _____ C:\Users\Administrator\Desktop\Addition.txt
2013-11-16 11:54 - 2013-11-16 11:50 - 00074028 _____ C:\Users\Administrator\Desktop\FRST.txt
2013-11-16 11:50 - 2013-11-16 11:50 - 00000000 ____D C:\FRST
2013-11-16 10:25 - 2013-11-16 11:46 - 00368554 _____ C:\Users\Administrator\Desktop\gmer.zip
2013-11-16 10:24 - 2013-11-16 11:46 - 04722680 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-11-16 10:24 - 2013-11-16 11:46 - 00368256 _____ (RegNow.com) C:\Users\Administrator\Desktop\Download_MaxSDDMnew.exe
2013-11-16 10:22 - 2013-11-16 11:46 - 00712216 _____ (Reimage®) C:\Users\Administrator\Desktop\reimagerepair.exe
2013-11-16 10:19 - 2013-11-16 11:46 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.07.0.1007.exe
2013-11-16 10:18 - 2013-11-16 11:46 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-11-16 10:16 - 2013-11-16 11:46 - 01957794 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-11-16 09:49 - 2013-11-16 11:46 - 00860176 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\mssstool64.exe
2013-11-16 09:46 - 2013-11-16 11:46 - 93652240 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\msert.exe
2013-11-16 08:18 - 2013-11-16 08:18 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2013-11-16 08:18 - 2012-05-16 17:05 - 00112920 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-16 08:18 - 2012-05-16 04:29 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-16 08:18 - 2012-05-16 04:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-16 08:18 - 2012-05-16 04:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-16 08:18 - 2012-05-16 04:26 - 00000000 ____D C:\Users\Administrator
2013-11-16 04:48 - 2013-01-11 19:37 - 00000000 ____D C:\Windows\rescache
2013-11-16 02:00 - 2012-06-03 06:39 - 00000000 ____D C:\Users\MikeD\AppData\Local\Adobe
2013-11-15 22:45 - 2013-11-15 22:45 - 00000000 ___RD C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-15 22:45 - 2012-07-08 17:32 - 00000000 ___RD C:\Users\MikeD\Dropbox
2013-11-15 22:45 - 2012-07-08 17:30 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Dropbox
2013-11-15 22:45 - 2012-06-03 09:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-15 22:45 - 2012-06-03 06:39 - 00001413 _____ C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-15 22:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-15 21:36 - 2013-11-15 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:30 - 2013-11-15 21:28 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-15 21:29 - 2013-11-15 21:29 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 21:29 - 2013-11-15 21:29 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 21:29 - 2013-11-15 21:29 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 21:29 - 2013-11-15 21:29 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 21:29 - 2013-11-15 21:29 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 21:29 - 2013-11-15 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 21:29 - 2013-11-15 21:29 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 21:29 - 2013-11-15 21:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 22:37 - 2012-06-03 05:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-12 22:36 - 2013-08-11 12:20 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 22:35 - 2012-06-03 06:04 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files\iPod
2013-11-12 22:29 - 2013-11-12 22:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-12 22:29 - 2013-03-22 17:46 - 00000000 ____D C:\Windows\Patches
2013-11-12 22:29 - 2012-10-13 14:59 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-12 22:28 - 2012-06-10 14:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-12 22:28 - 2012-06-03 09:16 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-11-12 22:28 - 2012-06-02 17:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-12 22:28 - 2012-05-21 15:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-12 22:28 - 2012-05-21 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-10 15:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-10 12:36 - 2012-06-23 11:05 - 00000000 ____D C:\Users\MikeD\AppData\Local\CrashDumps
2013-11-10 12:17 - 2013-11-10 12:17 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\JGoodies
2013-11-10 12:17 - 2013-11-10 12:13 - 00002269 _____ C:\Users\MikeD\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\UpdatusUser\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00001470 _____ C:\Users\Administrator\Desktop\JDiskReport.lnk
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
2013-11-10 12:13 - 2013-11-10 12:13 - 00000000 ____D C:\Program Files (x86)\JGoodies
2013-11-08 22:45 - 2012-06-07 21:16 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NEC Display Solutions
2013-11-08 22:45 - 2012-06-03 06:39 - 00000000 ___RD C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 21:42 - 2013-08-28 21:41 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-11-03 22:30 - 2012-06-03 09:10 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-02 15:56 - 2012-06-03 07:03 - 00000000 ____D C:\Users\MikeD\AppData\Roaming\Adobe
2013-10-24 20:28 - 2012-06-03 07:00 - 00000000 ____D C:\Users\MikeD\AppData\Local\Microsoft Help

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\MikeD\AppData\Local\Temp\AAMHelper.exe
C:\Users\MikeD\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\MikeD\AppData\Local\Temp\AskSLib.dll
C:\Users\MikeD\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\MikeD\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\MikeD\AppData\Local\Temp\nvStInst.exe
C:\Users\MikeD\AppData\Local\Temp\ose00000.exe
C:\Users\MikeD\AppData\Local\Temp\_is1035.exe
C:\Users\MikeD\AppData\Local\Temp\_isA80A.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {048443db-9f5a-11e1-98b1-c8600005ce90}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {048443dd-9f5a-11e1-98b1-c8600005ce90}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {048443db-9f5a-11e1-98b1-c8600005ce90}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {048443dd-9f5a-11e1-98b1-c8600005ce90}
device                  ramdisk=[C:]\Recovery\048443dd-9f5a-11e1-98b1-c8600005ce90\Winre.wim,{048443de-9f5a-11e1-98b1-c8600005ce90}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\048443dd-9f5a-11e1-98b1-c8600005ce90\Winre.wim,{048443de-9f5a-11e1-98b1-c8600005ce90}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {048443db-9f5a-11e1-98b1-c8600005ce90}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {048443de-9f5a-11e1-98b1-c8600005ce90}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\048443dd-9f5a-11e1-98b1-c8600005ce90\boot.sdi

LastRegBack: 2013-11-10 09:26

==================== End Of Log ============================

md252 · November 17, 2013

Ths updated Additional file is:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013 02
Ran by MikeD at 2013-11-17 11:25:39
Running from C:\Users\MikeD\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: GFI Software VIPRE (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: GFI Software VIPRE (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE (Enabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1210)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Creative Cloud (x32 Version: 2.2.1.260)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1)
Adobe Photoshop Lightroom 5.2 64-bit (Version: 5.2.1)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Premiere Elements 9 (x32 Version: 9.0.1)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Advanced X Video Converter (x32)
AI Suite II (x32 Version: 1.02.16)
Akamai NetSession Interface (HKCU)
AoA Audio Extractor Platinum (x32)
AoA DVD Ripper (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS PC Diagnostics (x32 Version: 1.1.5)
Bluetooth Win7 Suite (64) (Version: 7.2.0.85)
Bonjour (Version: 3.0.0.10)
Corsair M60 Gaming Mouse Driver V1.0 (x32 Version: 1.00.00.01)
CPUID CPU-Z 1.60.1
CPUID HWMonitor Pro 1.13
dBpoweramp DSP Effects (x32 Version: Release 7)
dBpoweramp Music Converter (x32 Version: Release 14.2)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Distortion Control Data (x32 Version: 1.00.0000)
DOFMaster (x32)
DOFMaster Hyperfocal Chart (x32 Version: 0.7)
Dropbox (HKCU Version: 2.0.22)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
EPSON Printer Software
EPSON Scan (x32)
Epson SPR 4880 Network Guide (x32)
EPSON SPR4880 User's Guide (x32)
EPSON TWAIN 5 (x32 Version: 5.71.0000)
Garmin Training Center (x32 Version: 3.6.5)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Google Earth (x32 Version: 7.1.2.2041)
Intel® Watchdog Timer Driver (Intel® WDT) (x32)
iSofter DVD Ripper Platinum 3.0.2007.228 (x32)
iTunes (Version: 11.1.3.8)
Java 7 Update 21 (x32 Version: 7.0.210)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jawbone Updater (x32 Version: 0.1)
JDiskReport 1.4.0 (x32 Version: 1.4.0 (2012-01-20 11:38:43))
Lightroom 5.2 (x32 Version: 5.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NEC DISPLAY SOLUTIONS: Monitor Installer (x32 Version: 0.10.05.03)
NEC SpectraView II 1.1.16.00 (x32 Version: 1.1.16.00)
Nikon Message Center 2 (x32 Version: 2.1.0)
Nikon Movie Editor (x32 Version: 2.3.0)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Olympus Digital Wave Player (x32)
Opanda IExif 2.3 (x32 Version: 2.3)
PDF Settings CC (x32 Version: 12.0)
PDF Settings CS6 (x32 Version: 11.0)
PhotoKit Sharpener 2 Plug-in Module (x32)
Photomatix Pro version 4.2.7 (Version: 4.2.7)
Picture Control Utility x64 (Version: 1.4.2)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Silver Efex Pro 2 (x32 Version: 2.0.0.4)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090)
StorageCraft ShadowProtect (x32 Version: 5.0.0.22464)
SyncBackSE (x32 Version: 6.5.4.0)
TurboTax 2012 (x32 Version: 2012.0)
TurboTax 2012 wcaiper (x32 Version: 012.000.1508)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2243)
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0473)
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0184)
TurboTax 2012 wrapper (x32 Version: 012.000.0127)
TurboV EVO (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
ViewNX 2 (Version: 2.3.0)
VIPRE Internet Security (x32 Version: 6.2.4.7)
Windows 7 Codec Pack 4.0.3 (x32 Version: 4.0.3)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows XP Mode (Version: 1.3.7600.16423)
Xvid 1.2.2 final uninstall (x32 Version: 1.2)

==================== Restore Points =========================

27-10-2013 18:46:09 Scheduled Checkpoint
10-11-2013 05:06:42 Scheduled Checkpoint
10-11-2013 20:12:22 Sunday_temp
13-11-2013 06:35:17 Windows Update
16-11-2013 05:28:32 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F52DF3A-89FE-43AA-9B2B-02B8EF3C5A11} - System32\Tasks\ASUS\ASUS Mobilink Execute => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\ASUS Mobilink.exe [2010-11-25] (ASUSTeK Computer Inc.)
Task: {16870C91-9D4B-4A47-A8B2-6ABC6872A9F0} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2011-09-19] (ASUSTeK Computer Inc.)
Task: {5330C78B-2278-484C-A708-6515177A2B48} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {76B48175-1281-40C7-ADB4-53E274D33047} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {84255FE1-4F40-4921-83D6-F9E1EC7B30EC} - System32\Tasks\AdobeAAMUpdater-1.0-MICHAEL-PC-MikeD => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {8D131163-5911-455E-BDCC-2705B54AB170} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A29342D6-4795-4241-A1C8-3DCCE80543C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-10-24 13:38 - 2012-10-24 13:38 - 00160768 _____ () C:\Program Files (x86)\GFI Software\VIPRE\unrar.dll
2012-06-02 17:05 - 2013-10-01 14:16 - 00190752 _____ () C:\Program Files (x86)\GFI Software\VIPRE\Definitions\libBase64.dll
2012-06-02 17:05 - 2013-10-01 14:16 - 00178464 _____ () C:\Program Files (x86)\GFI Software\VIPRE\Definitions\libMachoUniv.dll
2012-10-24 13:50 - 2012-10-24 13:50 - 00296960 _____ () C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\apistrings.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:30FD0CBD
AlternateDataStreams: C:\ProgramData\TEMP:3B71D0B4
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2013 11:03:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 10:52:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 04:27:37 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional 2010; Error = 0x8007043c).

Error: (11/16/2013 04:27:30 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional 2010; Error = 0x8007043c).

Error: (11/16/2013 04:10:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 02:13:08 PM) (Source: Application Hang) (User: )
Description: The program gmer.exe version 2.1.19163.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1654

Start Time: 01cee31549bd3d73

Termination Time: 0

Application Path: C:\Users\Administrator\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe

Report Id: 43fa5f24-4f0c-11e3-b850-c8600005c9cb

Error: (11/16/2013 01:46:15 PM) (Source: Application Hang) (User: )
Description: The program gmer.exe version 2.1.19163.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1218

Start Time: 01cee310988a61fd

Termination Time: 0

Application Path: C:\Users\Administrator\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe

Report Id: 8308a034-4f08-11e3-b850-c8600005c9cb

Error: (11/16/2013 01:12:41 PM) (Source: Application Hang) (User: )
Description: The program gmer.exe version 2.1.19163.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 177c

Start Time: 01cee30b190dcd1b

Termination Time: 0

Application Path: C:\Users\Administrator\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe

Report Id: d037954e-4f03-11e3-b850-c8600005c9cb

Error: (11/16/2013 00:33:31 PM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 12:33:29 PM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 00:33:29 PM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 12:33:29 PM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

System errors:
=============
Error: (11/17/2013 11:07:17 AM) (Source: DCOM) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (11/17/2013 11:03:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:47 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:47 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:47 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:47 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:47 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2013 11:03:47 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (11/17/2013 11:03:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 10:52:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 04:27:37 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional 20100x8007043c

Error: (11/16/2013 04:27:30 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional 20100x8007043c

Error: (11/16/2013 04:10:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 02:13:08 PM) (Source: Application Hang)(User: )
Description: gmer.exe2.1.19163.0165401cee31549bd3d730C:\Users\Administrator\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe43fa5f24-4f0c-11e3-b850-c8600005c9cb

Error: (11/16/2013 01:46:15 PM) (Source: Application Hang)(User: )
Description: gmer.exe2.1.19163.0121801cee310988a61fd0C:\Users\Administrator\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe8308a034-4f08-11e3-b850-c8600005c9cb

Error: (11/16/2013 01:12:41 PM) (Source: Application Hang)(User: )
Description: gmer.exe2.1.19163.0177c01cee30b190dcd1b0C:\Users\Administrator\AppData\Local\Temp\Temp1_gmer.zip\gmer.exed037954e-4f03-11e3-b850-c8600005c9cb

Error: (11/16/2013 00:33:31 PM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 12:33:29 PM
Module: service
Code: 511
Message: The backup image file may not be stored on the volume which is the source of the backup

Error: (11/16/2013 00:33:29 PM) (Source: ShadowProtectSvc)(User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{F0E40920-AAB2-4B4D-807E-402E6DAB898D}.txt
Start time: 11/16/2013 12:33:29 PM
Module: service
Code: 104
Message: backup volume G:\ (NTFS)

CodeIntegrity Errors:
===================================
Date: 2013-11-16 14:13:19.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 13:51:42.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 13:17:18.820
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 12:32:20.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 12:30:35.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 12:03:36.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 11:57:38.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 11:50:10.350
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 11:43:53.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-16 08:18:02.945
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 32744.35 MB
Available physical RAM: 30143.92 MB
Total Pagefile: 65486.88 MB
Available Pagefile: 62954.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:81.78 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:3725.9 GB) (Free:1659.16 GB) NTFS
Drive f: (Photo_bkup) (Fixed) (Total:1863.01 GB) (Free:159.21 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:1863.01 GB) (Free:918.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C341A011)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 94D90180)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3192629C)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================

md252 · November 18, 2013

I ran HitManPro yesterday and it found two trojans, both similarly named, jac_ follow by a long string of characters. This doesn't give me good feeling that they're related to the FBI virus. Can anyone help me?

md252 · November 19, 2013

As I posted this past weekend, I picked up the FBI Moneypack virus last Friday. Everything that I initially ran came up clean - Malwarebytes, Malwarebytes rootkiller, FSRT, tdsskiller. Finally HitmanPro found 2 trojans which were removed. Hitman Pro now runs clean. Last night I ran emsisoft antimalware and it was clean. Since everything initially came up clean, how can I tell if my system really is clean? I'm really trying to avoid a re-install.

Thanks for any help!

Mike

AdvancedSetup · December 10, 2013

Sorry for the delay. It looks like your post was somehow overlooked. If you still need assistance with this please let me know.

AdvancedSetup · December 28, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

FBI Virus - how to remove?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information