Check up - Was infected and still is.

[Lucan01]

I believe I was infected with ValutCrypto virus.

However, I may already caught it in time, but it does leave very few destruction behind it and I have already started cleaning up my computers.

Malware Apps that I have used last night to clean up.

Please accept my DDS and a scanlog from MBAM.

In conjunction to the current's provisions about UTorrent and pirated files, I have removed it all off my hard drives, but however they serves no responsibility of this virus.

I may have picked it up from unpatched Outlook 2003 or while surfing the internet.

I DO NOT think this would be THAT easy to get infected. I am smart computer user myself for being self taught over 15 years, but this is way out of something.

I have now already patched up my system and I just need to finish cleaning.

I don't use IE8, I uses Firefox 25.0.1 with few addons on it if that would be helpful with my situation.


I have already backed up one of my computers already, and checked the viruses on that back up drive just to make sure it is totally clean.


If the cleaning is not the option, I am willing to wipe this disk and start all over again and makes an image of it afterward.




I have scanned with:

Eset Smart Security 4.0.437.0 - Definition 9232 (20131230) - Nothing found. What the fudge?

MBAM v1.75.0.1300 - Log attached, found numberous of results.

HitManPro v3.7.8 - Build 208 - Found several... I really like this scanner because It seemed to find the same things and more things than MBAM.

Sophos Virus Removal v2.4 - Found a few.

HiJackthis 2.0.5 - I remember I needed to rename it to Crusty.exe but I renamed to &$(@.exe anyway and ran the log. I have it here when you requested for it.

Adwcleaner v3.0.1.6 - Mostly about registry being infected with PUP, removed it.

RogueKiller.exe v8.8.0.0 - Severals

Kaspersky TDSS Rootkit Removing Tool v3.0.0.19 - Found several more after Hitman Pro. I had to re-ran the Hitman Pro to make sure. I end up clear it out in safe mode via command prompt.

TrendMicro HouseCall v1.50.0.1154 - Nothing. This is crappiest scanner I came across to.

I prefer to clean it all up with freeware programs before I secure the computers with new antivirus. * Maybe bitdefender and keeping MBAM as pro as dual protections. *


Anyway thanks! Looking forward to get some helps.

p.s. This file caught my attention via ProcessExplorer. This file kept calling regsvr32 and svchosts. I immediately killed the whole processes via Task Managers, located the file, unregister the file and renamed it to YhxdPack_DISABLED(VIRUS)\DynamicLinkFE.dllDISABLED. it was YhxdPack containing DynamicLinkFE.dll and DynamicLinkFE.luk

 

p.s.s. just used XP SysPad to look at the features of Windows... e.g. Event Viewer; and I just learned that I still have the infected machine.

This machine is not being used for online shopping or bank uses. (Thanks god, I knew this is not safe machine anyway)

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 2/20/2013 6:58:37 PMSystem Uptime: 12/31/2013 10:25:55 AM (1 hours ago).Motherboard: ASUSTeK Computer INC. |  | P4VP-MXProcessor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2797/133mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 75 GiB total, 62.323 GiB free.D: is CDROM ()E: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.32 Bit HP CIO Components Installer7-Zip 9.20Adobe Flash Player 11 PluginAIO_ScanAMD Catalyst Install ManagerCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utilityCCC Help EnglishCloudReadingCompatibility Pack for the 2007 Office systemESET Smart SecurityFoxit ReaderGPU Temp version 1.0HitmanPro 3.7Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Windows XP (KB954550-v5)HP Photosmart All-In-One Software 9.0Java 7 Update 45Java Auto UpdaterLG United Mobile DriverMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Office 2003 Resource KitMicrosoft Office Converter PackMicrosoft Office File Validation Add-InMicrosoft Office FrontPage 2003Microsoft Office OneNote 2003Microsoft Office Professional Edition 2003Microsoft Office Project Professional 2003Microsoft Office Visio Professional 2003Microsoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft WinUsb 1.0Microsoft WinUsb 2.0Microsoft Works 6-9 ConverterMozilla Firefox 25.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserMSXML 6.0 Parser (KB925673)Nero 2014Nero Audio Pack 1Nero Blu-ray PlayerNero Blu-ray Player Help (CHM)Nero Burning CoreNero Burning ROMNero Burning ROM Help (CHM)Nero ControlCenterNero ControlCenter Help (CHM)Nero Core ComponentsNero Disc Menus BasicNero Disc to DeviceNero Effects BasicNero ExpressNero Express Help (CHM)Nero InfoNero Kwik Themes BasicNero LauncherNero MediaHomeNero MediaHome Help (CHM)Nero PiP Effects BasicNero RecodeNero Recode Help (CHM)Nero RescueAgentNero RescueAgent Help (CHM)Nero SharedVideoCodecsNero UpdateNero VideoNero Video Help (CHM)ODF Add-in for Microsoft OfficePowerISOPrerequisite installerPS_AIO_Software_minRevo Uninstaller Pro 2.4.3ScanShared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)Sophos Virus Removal ToolswMSMToolboxVIA Bus Master Ultra ATA Driver (Remove)VIA Rhine-Family Fast-Ethernet AdapterWebFldrs XPWhatPulse 1.7.1Windows Media Format 11 runtimeWindows Presentation FoundationXML Paper Specification Shared Components Pack 1.0.==== Event Viewer Messages From Past Week ========.12/30/2013 6:36:12 PM, error: Service Control Manager [7038]  - The Pml Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).12/30/2013 6:36:12 PM, error: Service Control Manager [7000]  - The Pml Driver HPZ12 service failed to start due to the following error:  The service did not start due to a logon failure.12/30/2013 5:13:17 PM, error: Service Control Manager [7023]  - The System Restore Service service terminated with the following error:  The system cannot find the file specified.12/30/2013 5:13:08 PM, error: SRService [104]  - The System Restore initialization process failed.12/30/2013 4:06:54 PM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).12/30/2013 4:06:53 PM, error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).12/30/2013 4:06:53 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).12/30/2013 3:20:19 PM, error: Service Control Manager [7038]  - The Net Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).12/30/2013 3:20:19 PM, error: Service Control Manager [7000]  - The Net Driver HPZ12 service failed to start due to the following error:  The service did not start due to a logon failure.12/30/2013 10:48:02 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}12/30/2013 10:46:18 AM, error: WPDMTPDriver [15300]  - MTP WPD Driver has failed to start. Error 0x8007048f.12/30/2013 10:44:39 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  viadsk12/30/2013 10:43:57 AM, error: viadsk [4]  - 12/30/2013 1:56:33 PM, error: Service Control Manager [7031]  - The Help and Support service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.12/30/2013 1:54:40 PM, error: Service Control Manager [7023]  - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error:  A device attached to the system is not functioning.12/30/2013 1:49:37 PM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).12/28/2013 10:30:35 AM, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period..==== End Of File ===========================

[Lucan01]

******DID NOT ATTACHED MBAM LOG YET, PLEASE ASK SO I WILL DO SO.

[Lucan01]

Bump. I noticed my topic has fell behind into two pages with no supports from Malwarebytes.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin

[Lucan01]

Firstly, I want to make it clearly.

First post,
 

    In conjunction to the current's provisions about UTorrent and pirated files, I have removed it all off my hard drives, but however they serves no responsibility of this virus.

So if you happens to find more or anything else, they are probably orphaned (left behind) so please point it to me so I can clean it out.

Okay to the next step:

My MBAM is clean:

-----------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: EXPERIEN-A333A8 [administrator]

Protection: Enabled

1/1/2014 11:44:06 AM
mbam-log-2014-01-01 (11-44-06).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 236215
Time elapsed: 4 hour(s), 23 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------

[Lucan01]

FARBAR Recovery Scan Tool

FRST.TXt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014 01
Ran by Administrator (administrator) on EXPERIEN-A333A8 on 01-01-2014 16:31:18
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(gputemp.com) C:\Program Files\GPU Temp\GPUTemp.exe
(WhatPulse.org) C:\Program Files\WhatPulse\WhatPulse.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [2029640 2009-05-14] (ESET)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-07-03] (Advanced Micro Devices, Inc.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [OpenHardwareMonitor] - C:\Program Files\GPU Temp\GPUTemp.exe [1032192 2011-10-01] (gputemp.com)
HKCU\...\Run: [WhatPulse] - C:\Program Files\WhatPulse\WhatPulse.exe [3990528 2011-11-15] (WhatPulse.org)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.75.232.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glwrt30b.default

FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: NoScript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glwrt30b.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glwrt30b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: DownThemAll! - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glwrt30b.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

========================== Services (Whitelisted) =================

S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-05-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [731840 2009-05-14] (ESET)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-12-31] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [403968 2003-07-24] (Sensaura Ltd)
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [461312 2003-07-24] (Realtek Semiconductor Corp.)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31312 2009-12-01] (Google Inc)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [114472 2009-05-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [133000 2009-05-14] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33096 2009-05-14] (ESET)
R1 epfwtdi; C:\Windows\System32\DRIVERS\epfwtdi.sys [55768 2009-05-14] (ESET)
S3 EverestDriver; C:\Documents and Settings\Administrator\My Documents\Downloads\EVEREST Ultimate 5.50.2242 Portable\kerneld.wnt [28272 2010-07-30] ()
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-12-30] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 mv61xxmm; C:\Windows\System32\Drivers\mv61xxmm.sys [13616 2011-10-02] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\Windows\System32\Drivers\mv64xxmm.sys [5632 2011-10-02] (Marvell Semiconductor Inc.)
R0 mvxxmm; C:\Windows\System32\Drivers\mvxxmm.sys [13616 2011-10-02] (Marvell Semiconductor Inc.)
S3 S3SavageNB; C:\Windows\System32\DRIVERS\s3gnbm.sys [166912 2008-04-13] (S3 Graphics, Inc.)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
S0 viadsk; C:\Windows\System32\DRIVERS\viadsk.sys [56576 2003-06-19] (VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [x]
S4 IntelIde; No ImagePath
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [x]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [x]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [x]
U3 TrueSight; \??\ [x]
R3 WinRing0_1_2_0; \??\C:\Documents and Settings\Administrator\Local Settings\Temp\tmp1.tmp [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 16:31 - 2014-01-01 16:31 - 00010496 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-01 16:31 - 2014-01-01 16:31 - 00000000 ____D C:\FRST
2014-01-01 16:29 - 2014-01-01 16:29 - 00000000 ___HD C:\WINDOWS\PIF
2014-01-01 16:24 - 2014-01-01 16:25 - 01064481 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-01-01 12:00 - 2014-01-01 12:23 - 00000250 _____ C:\Documents and Settings\Administrator\Desktop\Lucan's Android Stuffs.txt
2014-01-01 11:10 - 2014-01-01 11:10 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Mozilla
2014-01-01 11:00 - 2014-01-01 11:00 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2014-01-01 10:29 - 2014-01-01 10:29 - 00000782 _____ C:\WINDOWS\system32\.crusader
2013-12-31 20:43 - 2013-12-31 20:43 - 00000112 _____ C:\WINDOWS\system32\everest_cpl.ini
2013-12-31 20:43 - 2006-01-15 01:38 - 00162304 _____ C:\WINDOWS\system32\everest_cpl.cpl
2013-12-31 14:20 - 2013-12-31 14:22 - 00001592 _____ C:\WINDOWS\netfxocm.log
2013-12-31 14:20 - 2013-12-31 14:22 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2013-12-31 14:20 - 2013-12-31 14:22 - 00000430 _____ C:\WINDOWS\msgsocm.log
2013-12-31 14:20 - 2013-12-31 14:22 - 00000425 _____ C:\WINDOWS\ocmsn.log
2013-12-31 14:20 - 2013-12-31 14:22 - 00000311 _____ C:\WINDOWS\tabletoc.log
2013-12-31 14:19 - 2013-12-31 14:22 - 00007560 _____ C:\WINDOWS\ocgen.log
2013-12-31 14:19 - 2013-12-31 14:22 - 00006807 _____ C:\WINDOWS\iis6.log
2013-12-31 14:19 - 2013-12-31 14:22 - 00006790 _____ C:\WINDOWS\FaxSetup.log
2013-12-31 14:19 - 2013-12-31 14:22 - 00004591 _____ C:\WINDOWS\tsoc.log
2013-12-31 14:19 - 2013-12-31 14:22 - 00002492 _____ C:\WINDOWS\comsetup.log
2013-12-31 14:19 - 2013-12-31 14:22 - 00001943 _____ C:\WINDOWS\imsins.log
2013-12-31 14:19 - 2013-12-31 14:22 - 00001799 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-31 14:19 - 2013-12-31 14:19 - 00001920 _____ C:\WINDOWS\msmqinst.log
2013-12-31 14:19 - 2013-12-31 14:19 - 00000068 _____ C:\WINDOWS\xpsyspad.ini
2013-12-31 14:18 - 2013-12-31 14:18 - 00000000 ____D C:\WINDOWS\pss
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 __RSH C:\MSDOS.SYS
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 __RSH C:\IO.SYS
2013-12-31 12:54 - 2014-01-01 10:39 - 00000400 __RSH C:\Documents and Settings\All Users\ntuser.pol
2013-12-31 11:37 - 2014-01-01 11:50 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\20131231 - Malware Report
2013-12-31 11:26 - 2014-01-01 10:03 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-12-31 11:26 - 2013-12-31 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-12-31 11:00 - 2013-12-31 11:00 - 00003806 _____ C:\Documents and Settings\Administrator\My Documents\hijackthis_After cleaning.log
2013-12-30 19:53 - 2013-12-30 19:53 - 00035144 _____ C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-30 19:03 - 2013-12-30 19:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-30 18:32 - 2013-11-18 00:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
2013-12-30 17:27 - 2013-12-31 11:26 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-30 17:27 - 2013-12-30 17:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-12-30 17:07 - 2013-12-30 17:19 - 00000000 ____D C:\AdwCleaner
2013-12-30 16:47 - 2013-12-30 16:53 - 01897408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nv4_mini.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00444136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00226880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RMCast.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00195712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00181432 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00174848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00166912 _____ (S3 Graphics, Inc.) C:\WINDOWS\system32\Drivers\s3gnbm.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00163584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwrdr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00144128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00139656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00120192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00114376 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00096384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00088320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkipx.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfRd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00081664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00079232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00077624 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00077568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfPf.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00073472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00070272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\psched.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00068224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnknb.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rspndr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00058112 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\vdmindvd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00056576 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\viadsk.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00055936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkspx.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tosdvd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stream.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00048384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00042752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\p3.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00042240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VIAAGP.SYS.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00040320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nmnt.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00038528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpdusb.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00037608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00034944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00034560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00034432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rawwan.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00032512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkfwd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00030848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00030464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccid.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbstor.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd2.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00025344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sonydcam.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00024960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00022024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00021376 _____ (Toshiba Corporation) C:\WINDOWS\system32\Drivers\tsbvcap.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00019712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00017792 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00016512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbintel.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00015744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tape.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smclib.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00013976 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\videX32.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00013976 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\viaide.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkflt.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunmp.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\riodrv.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\rio8drv.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00011904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffdisk.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00011008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_sd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_mmc.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parvdm.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00004736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oprghdlr.sys.bak
2013-12-30 16:47 - 2013-12-30 16:53 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak
2013-12-30 16:47 - 2013-12-30 16:47 - 00033096 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\sct_skmscan.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 07874560 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00799744 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmboot.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00461312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\ALCXWDM.SYS.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00403968 _____ (Sensaura Ltd) C:\WINDOWS\system32\Drivers\ALCXSENS.SYS.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmuni.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00272128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00262528 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\cinemst2.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00187776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00182656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00153344 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmio.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00152832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00144384 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\system32\Drivers\hdaudbus.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00138496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00133000 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00129792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00125056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00114472 _____ (ESET) C:\WINDOWS\system32\Drivers\eamon.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00107256 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00092928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00092544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00091520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mf.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nic1394.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arp1394.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmlane.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00055768 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwtdi.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00049920 _____ (HP) C:\WINDOWS\system32\Drivers\HPZid412.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00048128 _____ (VIA Technologies, Inc.              ) C:\WINDOWS\system32\Drivers\fetnd5bv.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00042752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00042112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00037760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk7.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk6.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00037248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00036736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crusoe.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00035072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00034688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00033792 _____ (Belcarra Technologies) C:\WINDOWS\system32\Drivers\btblan.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00033096 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwndis.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00032896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmepvc.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00031312 _____ (Google Inc) C:\WINDOWS\system32\Drivers\androidusb.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00030080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00027392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00027165 _____ (VIA Technologies, Inc.              ) C:\WINDOWS\system32\Drivers\fetnd5.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00025088 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandmodem.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00024960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00021568 _____ (HP) C:\WINDOWS\system32\Drivers\HPZius12.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00020864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipinip.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00020736 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lganddiag.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00020096 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandgps.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdaudio.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00016496 _____ (HP) C:\WINDOWS\system32\Drivers\HPZipr12.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00014336 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandbus.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\diskdump.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cbidf2k.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00013616 _____ (Marvell Semiconductor Inc.) C:\WINDOWS\system32\Drivers\mvxxmm.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00013616 _____ (Marvell Semiconductor Inc.) C:\WINDOWS\system32\Drivers\mv61xxmm.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsvga.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\nikedrv.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00011776 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\Drivers\cpqdap01.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00011648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpiec.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00009472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpdrv.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcd.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00005888 _____ (Microsoft Corp., Veritas Software.) C:\WINDOWS\system32\Drivers\dmload.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00005632 _____ (Marvell Semiconductor Inc.) C:\WINDOWS\system32\Drivers\mv64xxmm.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00003328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak
2013-12-30 16:46 - 2013-12-30 16:53 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys.bak
2013-12-30 16:42 - 2013-12-30 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-12-30 13:56 - 2013-12-30 13:56 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\ProcessExplorer
2013-12-30 13:02 - 2013-12-30 13:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-30 13:01 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-30 13:00 - 2013-12-30 13:00 - 00000443 _____ C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
2013-12-30 12:42 - 2014-01-01 12:21 - 00000967 _____ C:\Documents and Settings\Administrator\Desktop\taskkill.cmd
2013-12-30 12:41 - 2013-12-30 12:41 - 00000003 _____ C:\Documents and Settings\Administrator\My Documents\hijackthis.log
2013-12-30 12:18 - 2013-12-30 12:18 - 00000000 ____D C:\!TRANSFERRED
2013-12-30 10:45 - 2013-12-31 14:19 - 00000374 _____ C:\WINDOWS\setupact.log
2013-12-30 10:45 - 2013-12-30 10:45 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-24 20:28 - 2014-01-01 10:35 - 00071960 _____ C:\WINDOWS\setupapi.log
2013-12-24 20:27 - 2013-12-24 20:27 - 00068648 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-24 20:26 - 2013-12-24 20:26 - 00264616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-24 11:22 - 2014-01-01 16:07 - 00107867 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-22 23:57 - 2013-12-22 23:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2013-12-18 11:03 - 2013-12-18 11:03 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Foxit Software
2013-12-18 11:02 - 2013-12-18 11:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
2013-12-18 11:01 - 2013-08-16 13:56 - 00216064 _____ C:\WINDOWS\system32\gcapi_dll.dll
2013-12-18 10:44 - 2013-12-24 11:01 - 00000000 ____D C:\Program Files\WinHTTrack
2013-12-06 18:18 - 2003-06-19 18:00 - 00281676 _____ (Compuware NuMega) C:\WINDOWS\system32\PCIENUM.SYS
2013-12-06 17:49 - 2013-12-06 17:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Nero
2013-12-06 17:39 - 2013-12-06 17:45 - 00000000 ____D C:\Program Files\Nero
2013-12-06 17:39 - 2013-12-06 17:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2013-12-06 17:39 - 2013-12-06 17:41 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-12-06 17:39 - 2013-12-06 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
2013-12-06 17:35 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-12-06 17:34 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-12-06 17:34 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-12-06 17:34 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-12-06 17:34 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-12-06 11:31 - 2013-12-06 11:31 - 00000000 ____D C:\Program Files\IDETOOL
2013-12-06 11:31 - 2013-12-06 11:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\IDETOOL
2013-12-06 11:31 - 2003-06-19 18:00 - 00016896 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\viaideco.dll
2013-12-06 11:30 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2013-12-06 11:21 - 2011-04-01 15:37 - 00048128 _____ (VIA Technologies, Inc.              ) C:\WINDOWS\system32\Drivers\fetnd5bv.sys
2013-12-06 11:21 - 2006-10-27 16:26 - 00069632 _____ () C:\WINDOWS\system32\vuins32.dll
2013-12-05 10:40 - 2013-12-05 10:40 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-12-05 06:36 - 2013-12-05 06:36 - 00239822 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2013-12-05 06:35 - 2013-12-05 06:35 - 00171120 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2013-12-04 14:28 - 2013-12-04 14:28 - 00000036 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2013-12-02 11:41 - 2013-12-02 11:41 - 00000019 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\llftool.license

==================== One Month Modified Files and Folders =======

2014-01-01 16:31 - 2014-01-01 16:31 - 00010496 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-01 16:31 - 2014-01-01 16:31 - 00000000 ____D C:\FRST
2014-01-01 16:29 - 2014-01-01 16:29 - 00000000 ___HD C:\WINDOWS\PIF
2014-01-01 16:25 - 2014-01-01 16:24 - 01064481 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-01-01 16:07 - 2013-12-24 11:22 - 00107867 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-01 12:23 - 2014-01-01 12:00 - 00000250 _____ C:\Documents and Settings\Administrator\Desktop\Lucan's Android Stuffs.txt
2014-01-01 12:21 - 2013-12-30 12:42 - 00000967 _____ C:\Documents and Settings\Administrator\Desktop\taskkill.cmd
2014-01-01 11:50 - 2013-12-31 11:37 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\20131231 - Malware Report
2014-01-01 11:38 - 2013-02-20 20:03 - 00000000 ____D C:\Program Files\ESET
2014-01-01 11:10 - 2014-01-01 11:10 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Mozilla
2014-01-01 11:00 - 2014-01-01 11:00 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2014-01-01 11:00 - 2013-02-20 18:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-01 10:39 - 2013-12-31 12:54 - 00000400 __RSH C:\Documents and Settings\All Users\ntuser.pol
2014-01-01 10:38 - 2013-02-20 18:47 - 00605910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-01 10:35 - 2013-12-24 20:28 - 00071960 _____ C:\WINDOWS\setupapi.log
2014-01-01 10:34 - 2013-11-17 23:34 - 00196608 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-01 10:33 - 2013-02-20 18:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 10:33 - 2013-02-20 18:51 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-01 10:33 - 2013-02-20 18:51 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-01 10:30 - 2013-02-20 19:00 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2014-01-01 10:30 - 2013-02-20 18:59 - 00032470 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-01 10:29 - 2014-01-01 10:29 - 00000782 _____ C:\WINDOWS\system32\.crusader
2014-01-01 10:03 - 2013-12-31 11:26 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-12-31 20:43 - 2013-12-31 20:43 - 00000112 _____ C:\WINDOWS\system32\everest_cpl.ini
2013-12-31 14:32 - 2002-01-01 02:58 - 00003172 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-31 14:28 - 2013-02-20 18:59 - 00000178 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2013-12-31 14:28 - 2013-02-20 18:59 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2013-12-31 14:22 - 2013-12-31 14:20 - 00001592 _____ C:\WINDOWS\netfxocm.log
2013-12-31 14:22 - 2013-12-31 14:20 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2013-12-31 14:22 - 2013-12-31 14:20 - 00000430 _____ C:\WINDOWS\msgsocm.log
2013-12-31 14:22 - 2013-12-31 14:20 - 00000425 _____ C:\WINDOWS\ocmsn.log
2013-12-31 14:22 - 2013-12-31 14:20 - 00000311 _____ C:\WINDOWS\tabletoc.log
2013-12-31 14:22 - 2013-12-31 14:19 - 00007560 _____ C:\WINDOWS\ocgen.log
2013-12-31 14:22 - 2013-12-31 14:19 - 00006807 _____ C:\WINDOWS\iis6.log
2013-12-31 14:22 - 2013-12-31 14:19 - 00006790 _____ C:\WINDOWS\FaxSetup.log
2013-12-31 14:22 - 2013-12-31 14:19 - 00004591 _____ C:\WINDOWS\tsoc.log
2013-12-31 14:22 - 2013-12-31 14:19 - 00002492 _____ C:\WINDOWS\comsetup.log
2013-12-31 14:22 - 2013-12-31 14:19 - 00001943 _____ C:\WINDOWS\imsins.log
2013-12-31 14:22 - 2013-12-31 14:19 - 00001799 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-31 14:19 - 2013-12-31 14:19 - 00001920 _____ C:\WINDOWS\msmqinst.log
2013-12-31 14:19 - 2013-12-31 14:19 - 00000068 _____ C:\WINDOWS\xpsyspad.ini
2013-12-31 14:19 - 2013-12-30 10:45 - 00000374 _____ C:\WINDOWS\setupact.log
2013-12-31 14:18 - 2013-12-31 14:18 - 00000000 ____D C:\WINDOWS\pss
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 __RSH C:\MSDOS.SYS
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 __RSH C:\IO.SYS
2013-12-31 11:26 - 2013-12-31 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-12-31 11:26 - 2013-12-30 17:27 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-31 11:00 - 2013-12-31 11:00 - 00003806 _____ C:\Documents and Settings\Administrator\My Documents\hijackthis_After cleaning.log
2013-12-30 20:08 - 2013-02-20 19:00 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-30 19:53 - 2013-12-30 19:53 - 00035144 _____ C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-30 19:03 - 2013-12-30 19:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-30 17:27 - 2013-12-30 17:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-12-30 17:19 - 2013-12-30 17:07 - 00000000 ____D C:\AdwCleaner
2013-12-30 16:53 - 2013-12-30 16:47 - 01897408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nv4_mini.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00444136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00226880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RMCast.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00195712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00181432 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00174848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00166912 _____ (S3 Graphics, Inc.) C:\WINDOWS\system32\Drivers\s3gnbm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00163584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwrdr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00144128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00139656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00120192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00114376 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00096384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00088320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkipx.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfRd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00081664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00079232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00077624 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00077568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfPf.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00073472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00070272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\psched.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00068224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnknb.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rspndr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00058112 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\vdmindvd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00056576 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\viadsk.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00055936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkspx.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tosdvd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stream.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00048384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00042752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\p3.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00042240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VIAAGP.SYS.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00040320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nmnt.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00038528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpdusb.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00037608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00034944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00034560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00034432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rawwan.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00032512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkfwd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00030848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00030464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccid.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbstor.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd2.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00025344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sonydcam.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00024960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00022024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00021376 _____ (Toshiba Corporation) C:\WINDOWS\system32\Drivers\tsbvcap.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00019712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00017792 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00016512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbintel.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00015744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tape.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smclib.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00013976 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\videX32.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00013976 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\viaide.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkflt.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunmp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\riodrv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\rio8drv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00011904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffdisk.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00011008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_sd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_mmc.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parvdm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00004736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oprghdlr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:47 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 07874560 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00799744 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmboot.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00461312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\ALCXWDM.SYS.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00403968 _____ (Sensaura Ltd) C:\WINDOWS\system32\Drivers\ALCXSENS.SYS.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmuni.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00272128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00262528 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\cinemst2.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00187776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00182656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00153344 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmio.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00152832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00144384 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\system32\Drivers\hdaudbus.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00138496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00133000 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00129792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00125056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00114472 _____ (ESET) C:\WINDOWS\system32\Drivers\eamon.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00107256 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00092928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00092544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00091520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mf.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nic1394.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arp1394.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmlane.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00055768 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwtdi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00049920 _____ (HP) C:\WINDOWS\system32\Drivers\HPZid412.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00048128 _____ (VIA Technologies, Inc.              ) C:\WINDOWS\system32\Drivers\fetnd5bv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00042752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00042112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00037760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk7.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk6.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00037248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00036736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crusoe.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00035072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00034688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00033792 _____ (Belcarra Technologies) C:\WINDOWS\system32\Drivers\btblan.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00033096 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwndis.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00032896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmepvc.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00031312 _____ (Google Inc) C:\WINDOWS\system32\Drivers\androidusb.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00030080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00027392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00027165 _____ (VIA Technologies, Inc.              ) C:\WINDOWS\system32\Drivers\fetnd5.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00025088 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandmodem.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00024960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00021568 _____ (HP) C:\WINDOWS\system32\Drivers\HPZius12.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00020864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipinip.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00020736 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lganddiag.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00020096 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandgps.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdaudio.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00016496 _____ (HP) C:\WINDOWS\system32\Drivers\HPZipr12.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00014336 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandbus.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\diskdump.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cbidf2k.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00013616 _____ (Marvell Semiconductor Inc.) C:\WINDOWS\system32\Drivers\mvxxmm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00013616 _____ (Marvell Semiconductor Inc.) C:\WINDOWS\system32\Drivers\mv61xxmm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsvga.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\nikedrv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00011776 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\Drivers\cpqdap01.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00011648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpiec.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00009472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpdrv.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00005888 _____ (Microsoft Corp., Veritas Software.) C:\WINDOWS\system32\Drivers\dmload.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00005632 _____ (Marvell Semiconductor Inc.) C:\WINDOWS\system32\Drivers\mv64xxmm.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00003328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak
2013-12-30 16:53 - 2013-12-30 16:46 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys.bak
2013-12-30 16:47 - 2013-12-30 16:47 - 00033096 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\sct_skmscan.sys.bak
2013-12-30 16:42 - 2013-12-30 16:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-12-30 16:30 - 2013-02-20 19:00 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-30 15:19 - 2013-02-20 18:42 - 00000000 ____D C:\WINDOWS\Provisioning
2013-12-30 13:56 - 2013-12-30 13:56 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\ProcessExplorer
2013-12-30 13:40 - 2013-11-18 09:09 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2013-12-30 13:02 - 2013-12-30 13:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-30 13:00 - 2013-12-30 13:00 - 00000443 _____ C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
2013-12-30 12:41 - 2013-12-30 12:41 - 00000003 _____ C:\Documents and Settings\Administrator\My Documents\hijackthis.log
2013-12-30 12:18 - 2013-12-30 12:18 - 00000000 ____D C:\!TRANSFERRED
2013-12-30 12:05 - 2013-03-14 19:26 - 00009728 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-30 10:45 - 2013-12-30 10:45 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-30 10:43 - 2011-10-02 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-24 20:27 - 2013-12-24 20:27 - 00068648 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-24 20:26 - 2013-12-24 20:26 - 00264616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-24 11:23 - 2002-01-06 20:37 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2013-12-24 11:09 - 2013-02-21 08:41 - 00000000 __SHD C:\Documents and Settings\Administrator\UserData
2013-12-24 11:04 - 2013-11-23 16:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\LG Electronics
2013-12-24 11:04 - 2013-11-23 16:34 - 00000000 ____D C:\Program Files\LG Electronics
2013-12-24 11:03 - 2013-11-27 15:44 - 00000000 ____D C:\Program Files\LeapFrog
2013-12-24 11:02 - 2013-04-04 15:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-24 11:02 - 2013-04-04 15:49 - 00000000 ____D C:\Program Files\QPST
2013-12-24 11:02 - 2013-04-04 15:45 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-24 11:01 - 2013-12-18 10:44 - 00000000 ____D C:\Program Files\WinHTTrack
2013-12-24 11:00 - 2013-11-18 12:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Bob
2013-12-24 11:00 - 2013-05-20 11:56 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-24 11:00 - 2013-04-27 09:13 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-12-24 11:00 - 2013-04-03 14:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Android SDK Tools
2013-12-22 23:57 - 2013-12-22 23:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2013-12-22 23:42 - 2013-11-03 08:46 - 00175273 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
2013-12-18 11:03 - 2013-12-18 11:03 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Foxit Software
2013-12-18 11:03 - 2013-04-11 09:20 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Foxit Software
2013-12-18 11:02 - 2013-12-18 11:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
2013-12-06 17:49 - 2013-12-06 17:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Nero
2013-12-06 17:47 - 2013-02-20 18:42 - 00000000 ____D C:\WINDOWS\Cursors
2013-12-06 17:45 - 2013-12-06 17:39 - 00000000 ____D C:\Program Files\Nero
2013-12-06 17:42 - 2013-12-06 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2013-12-06 17:41 - 2013-12-06 17:39 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-12-06 17:39 - 2013-12-06 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
2013-12-06 17:37 - 2013-11-23 16:41 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-06 17:35 - 2013-02-20 18:55 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-12-06 11:31 - 2013-12-06 11:31 - 00000000 ____D C:\Program Files\IDETOOL
2013-12-06 11:31 - 2013-12-06 11:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\IDETOOL
2013-12-05 10:40 - 2013-12-05 10:40 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-12-05 06:36 - 2013-12-05 06:36 - 00239822 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2013-12-05 06:35 - 2013-12-05 06:35 - 00171120 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2013-12-04 14:28 - 2013-12-04 14:28 - 00000036 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2013-12-02 11:41 - 2013-12-02 11:41 - 00000019 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\llftool.license

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\HitmanPro_x64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Kickstarter.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-10-02 07:00] - [2011-10-02 07:00] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2011-10-02 07:00] - [2011-10-02 07:00] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2011-10-02 07:00] - [2011-10-02 07:00] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

[Lucan01]

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2014 01
Ran by Administrator at 2014-01-01 16:32:33
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 4.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152 - Adobe Systems Incorporated)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0703.2356.41139 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0703.2356.41139 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0703.2356.41139 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0703.2356.41139 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0703.2355.41139 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0703.2356.41139 - Advanced Micro Devices, Inc.) Hidden
CloudReading (Version: 1.0.31.1111 - Foxit Corporation)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001 - Microsoft Corporation)
ESET Smart Security (Version: 4.0.437.0 - ESET, spol s r. o.)
Foxit Reader (Version: 6.1.1.1031 - Foxit Corporation)
GPU Temp version 1.0 (Version: 1.0 - gputemp.com)
HitmanPro 3.7 (Version: 3.7.8.208 - SurfRight B.V.)
HP Photosmart All-In-One Software 9.0 (Version: 9.0 - HP)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LG United Mobile Driver (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Resource Kit (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Converter Pack (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office OneNote 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WinUsb 1.0 (Version:  - Microsoft Corporation)
Microsoft WinUsb 2.0 (Version:  - Microsoft Corporation)
Microsoft Works 6-9 Converter (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 25.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0 - Microsoft Corporation)
Nero 2014 (Version: 15.0.02200 - Nero AG)
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (Version: 12.0.20031 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM (Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (Version: 15.0.00018 - Nero AG) Hidden
Nero ControlCenter (Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (Version: 11.0.22500 - Nero AG) Hidden
Nero Disc Menus Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (Version: 15.0.10010 - Nero AG) Hidden
Nero Express (Version: 15.0.19000 - Nero AG) Hidden
Nero Express Help (CHM) (Version: 15.0.00018 - Nero AG) Hidden
Nero Info (Version: 15.1.0023 - Nero AG) Hidden
Nero Kwik Themes Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (Version: 15.0.8000 - Nero AG) Hidden
Nero MediaHome (Version: 1.20.8200 - Nero AG) Hidden
Nero MediaHome Help (CHM) (Version: 15.0.00018 - Nero AG) Hidden
Nero PiP Effects Basic (Version: 15.0.10008 - Nero AG) Hidden
Nero Recode (Version: 15.0.14000 - Nero AG) Hidden
Nero Recode Help (CHM) (Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent (Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (Version: 15.0.00015 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.15003 - Nero AG) Hidden
Nero Update (Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (Version: 15.0.12000 - Nero AG) Hidden
Nero Video Help (CHM) (Version: 15.0.00015 - Nero AG) Hidden
ODF Add-in for Microsoft Office (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
PowerISO (Version: 5.8 - Power Software Ltd)
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
PS_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Revo Uninstaller Pro 2.4.3 (Version: 2.4.3 - VS Revo Group, Ltd.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0 - Microsoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VIA Bus Master Ultra ATA Driver (Remove) (Version:  - )
VIA Rhine-Family Fast-Ethernet Adapter (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WhatPulse 1.7.1 (Version: 1.7.1 - WhatPulse)
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2011-10-02 07:00 - 2013-12-30 13:44 - 00000798 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 mpa.one.microsoft.com


==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2010-03-16 12:22 - 2010-03-16 12:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2012-07-03 23:55 - 2012-07-03 23:55 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20869493.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20869493.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2013 02:29:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (12/31/2013 02:29:14 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (12/30/2013 04:39:46 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module unknown, version 0.0.0.0, fault address 0x1001ab20.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/30/2013 01:55:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (12/30/2013 01:55:52 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (12/30/2013 01:53:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (12/30/2013 01:53:39 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (12/30/2013 00:11:37 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/30/2013 00:11:22 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/30/2013 00:11:02 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]


System errors:
=============
Error: (01/01/2014 10:34:36 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).

Error: (01/01/2014 10:34:24 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
viadsk

Error: (01/01/2014 10:34:06 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (01/01/2014 10:33:57 AM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (01/01/2014 10:33:31 AM) (Source: 0) (User: )
Description:

Error: (01/01/2014 10:00:16 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
viadsk

Error: (01/01/2014 09:59:55 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (01/01/2014 09:59:55 AM) (Source: Service Control Manager) (User: )
Description: The Remote Registry service failed to start due to the following error:
%%1069

Error: (01/01/2014 09:59:55 AM) (Source: Service Control Manager) (User: )
Description: The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured
password due to the following error:
%%5

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (01/01/2014 09:59:46 AM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.


Microsoft Office Sessions:
=========================
Error: (12/31/2013 02:29:14 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/31/2013 02:29:14 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA

Error: (12/30/2013 04:39:46 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5634unknown0.0.0.01001ab20

Error: (12/30/2013 01:55:52 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/30/2013 01:55:52 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA

Error: (12/30/2013 01:53:39 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/30/2013 01:53:39 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA

Error: (12/30/2013 00:11:37 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000000

Error: (12/30/2013 00:11:22 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000000

Error: (12/30/2013 00:11:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 2046.73 MB
Available physical RAM: 1371.86 MB
Total Pagefile: 3944.65 MB
Available Pagefile: 3401.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:60.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (HITMANPRO) (Removable) (Total:1.91 GB) (Free:1.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 0ACA8594)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: B67752A5)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================

[Lucan01]

This is old MBAM log before I have started consulting this thread.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.30.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: EXPERIEN-A333A8 [administrator]

Protection: Enabled

12/30/2013 1:36:18 PM
mbam-log-2013-12-30 (13-36-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 234407
Time elapsed: 57 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Documents and Settings\Administrator\Application Data\verison.dll (Trojan.Agent.ED) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TNOD UP (Trojan.Agent.CK) -> Data: "C:\Program Files\ESET\TNod\TNODUP.exe" /i -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 13
C:\Program Files\ESET\TNod\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\verison.dll (Trojan.Agent.ED) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Thinstall\Microsoft Office Professional Edition 2003\1000000b00002i\verclsid.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Thinstall\Microsoft Office Professional Edition 2003\300000001700002i\OSE.EXE (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Thinstall\Microsoft Office Professional Edition 2003\30000000baa00002i\WINWORD.EXE (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\YhxdPack_DISABLED(VIRUS)\DynamicLinkFE.dllDISABLED (VirTool.Vbcrypt) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\bwjdyddv.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HpM3Util.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\BingDesktop\BingCore\temp\tmp4.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.
C:\Program Files\ESET\TNod\TNod-1.4.2.1-final-setup.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Program Files\ESET\TNod\TNod-1[1].4.2.1-final-setup-.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Program Files\ESET\TNod\TNODUP.exe_ (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


The latest MBAM post you have seen in above is clean and latest.

[kevinf80]

Can you explain to me why your hosts file appears as follows:

 

2011-10-02 07:00 - 2013-12-30 13:44 - 00000798 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 mpa.one.microsoft.com

[Lucan01]

Can you explain to me why your hosts file appears as follows:

 

2011-10-02 07:00 - 2013-12-30 13:44 - 00000798 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

127.0.0.1 mpa.one.microsoft.com

This is legit operating system and I have the cd key on this OS, exactly as label on the side of Dell Dimension 2300's case.

I wil go and empty HOSTS file. Till then, please let me know the next step as I am still here.

 

As for now, I have re-ran the programs:

MBAM remain empty but computer performance remain shady. I have looked into the quarantine of MBAM, and it looked like it has gotten quite numbers of same viruses, well not all, but many same kinds and filename in one day until Dec 30. It just stop there.

HitMan Pro is still clean.

Might well to start defragmenter and wait for you to write back.

 

Thanks

[AdvancedSetup]

I'm sorry but this is a sign of piracy and you were already asked to clean, remove any such evidence before you started.

 

 

Please download the Microsoft Genuine Advantage Diagnostic Tool

 

Double-click to run it and press the CONTINUE button and allow the program to check your system.  When completed cick the COPY button and post back the results.
 

[Lucan01]

I'm sorry but this is a sign of piracy and you were already asked to clean, remove any such evidence before you started.

 

 

Please download the Microsoft Genuine Advantage Diagnostic Tool

 

Double-click to run it and press the CONTINUE button and allow the program to check your system.  When completed cick the COPY button and post back the results.

 

 

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Validation Code: N/A

Windows Product Key: *****-*****-M6PX2-V96BF-8CKBJ

Windows Product Key Hash: n3MqC4LOVOQQgQUf4VrjJV6OaXI=

Windows Product ID: 76487-640-5536995-23376

Windows Product ID Type: 1

Windows License Type: Volume

Windows OS version: 5.1.2600.2.00010100.3.0.pro

ID: {C0C2D5CE-3D7A-49F6-98A5-7A0C618BB3E5}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: Registered, 1.9.42.0

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800d_E2AD56EA-766-2eff_E2AD56EA-148-80004005_16E0B333-89-80004005

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A

Version: N/A

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 100 Genuine

Microsoft Office Professional Edition 2003 - 100 Genuine

Microsoft Office Project Professional 2003 - 100 Genuine

Microsoft Office OneNote 2003 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800d_E2AD56EA-766-2eff_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{C0C2D5CE-3D7A-49F6-98A5-7A0C618BB3E5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8CKBJ</PKey><PID>76487-640-5536995-23376</PID><PIDType>1</PIDType><SID>S-1-5-21-1343024091-179605362-515967899</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1013.001</Version><SMBIOSVersion major="2" minor="3"/><Date>20050826000000.000000+000</Date></BIOS><HWID>B59C306701842073</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B64FC8439D9F500</Val><Hash>E4ZqnnSotA8tFZqSnL+iaRwMzG0=</Hash><Pid>73931-640-1889574-57265</Pid><PidType>14</PidType></Product><Product GUID="{903B0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2003</Name><Ver>11</Ver><Val>110331C60A60D00</Val><Hash>HkFnWgUnyM6Nkt8Ml8xTlms8Xu4=</Hash><Pid>72077-640-2406342-55510</Pid><PidType>14</PidType></Product><Product GUID="{90A10409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office OneNote 2003</Name><Ver>11</Ver><Val>110331C60A60D00</Val><Hash>HkFnWgUnyM6Nkt8Ml8xTlms8Xu4=</Hash><Pid>70172-640-2406342-55231</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="3B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/><App Id="A1" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>  

Licensing Data-->

N/A

Windows Activation Technologies-->

N/A

HWID Data-->

N/A

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 15523:GENUINE C&C INC

Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->

N/A

For some reason, I cannot run the Microsoft Windows Genuine Validation because I was able to go over to Microsoft's and download that tool, and generated 8 digits numbers. http://www.microsoft.com/en-us/download/exe-validation.aspx

 

http://www.microsoft.com/en-us/download/exe-validation.aspx

Once I pasted and hit enter, it just kept redirecting to " We are sorry, the page that you requested cannot be found"http://www.microsoft.com/library/errorpages/smarterror.aspx?aspxerrorpath=http%3a%2f%2fwww.microsoft.com%2fen-us%2fdownload%2fhandoff.aspx%3fid%3d0%26LegitCheckError%3d99

[Lucan01]

I am sorry, I haven't cleared HOSTS, please allow me to repost.

[Lucan01]

Cleared HOSTS file, only left 127.0.0.1 as localhost.

 

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-M6PX2-V96BF-8CKBJ
Windows Product Key Hash: n3MqC4LOVOQQgQUf4VrjJV6OaXI=
Windows Product ID: 76487-640-5536995-23376
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {C0C2D5CE-3D7A-49F6-98A5-7A0C618BB3E5}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
Microsoft Office Project Professional 2003 - 100 Genuine
Microsoft Office OneNote 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C0C2D5CE-3D7A-49F6-98A5-7A0C618BB3E5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8CKBJ</PKey><PID>76487-640-5536995-23376</PID><PIDType>1</PIDType><SID>S-1-5-21-1343024091-179605362-515967899</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1013.001</Version><SMBIOSVersion major="2" minor="3"/><Date>20050826000000.000000+000</Date></BIOS><HWID>B59C306701842073</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B64FC8439D9F500</Val><Hash>E4ZqnnSotA8tFZqSnL+iaRwMzG0=</Hash><Pid>73931-640-1889574-57265</Pid><PidType>14</PidType></Product><Product GUID="{903B0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2003</Name><Ver>11</Ver><Val>110331C60A60D00</Val><Hash>HkFnWgUnyM6Nkt8Ml8xTlms8Xu4=</Hash><Pid>72077-640-2406342-55510</Pid><PidType>14</PidType></Product><Product GUID="{90A10409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office OneNote 2003</Name><Ver>11</Ver><Val>110331C60A60D00</Val><Hash>HkFnWgUnyM6Nkt8Ml8xTlms8Xu4=</Hash><Pid>70172-640-2406342-55231</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="3B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/><App Id="A1" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>  

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 15523:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
 

 

 

 

Trying to validate my Windows are still redirected to page not found as I indicated in previous post.

[kevinf80]

There is still a problem with your license key, you have a Volume License Key installed - on what appears to be a retail system. If you are a member of the issuing organisation for the Volume License Key, then you should contact your System Admin for assistance, it is very likely that you won't have permission to fix that system.

 

If you are not a member then the installation can only be counterfeit, in that situation you need to reformat and reinstall using genuine media and License Key.

 

Thank you for your understanding....

[Lucan01]

There is still a problem with your license key, you have a Volume License Key installed - on what appears to be a retail system. If you are a member of the issuing organisation for the Volume License Key, then you should contact your System Admin for assistance, it is very likely that you won't have permission to fix that system..... in that situation you need to reformat and reinstall using genuine media and License Key.

Oh well, figure it might be time to do it anyway.

Thanks very much for your cooperation

[Lucan01]

Request to close the topic.