Jump to content

Recommended Posts

As I was helping my sister setup her new internet service I noticed that her Trend Micro Titanium was disabled and her homepage had been changed to conduit. I removed Protect Search from add remove programs and ran MBAM. It found 18 items all having to do with Conduit. Restarted the pc and Titanium started coming up, but then closed down again and will not open. Below are the requested logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by PurpleKat at 13:48:26 on 2014-01-03
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.7650.6405 [GMT -7:00]
.
AV: Trend Micro Titanium *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
C:\Windows\system32\CorelCreatorMessages.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\syswow64\wwahost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mURLSearchHooks: Begin-download FLV Toolbar: {84452a8c-bc09-4187-ad3b-b275b98eb939} - C:\Program Files (x86)\Begin-download_FLV\prxtbBegi.dll
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Begin-download FLV Toolbar: {84452a8c-bc09-4187-ad3b-b275b98eb939} - C:\Program Files (x86)\Begin-download_FLV\prxtbBegi.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Begin-download FLV Toolbar: {84452A8C-BC09-4187-AD3B-B275B98EB939} - C:\Program Files (x86)\Begin-download_FLV\prxtbBegi.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Begin-download FLV Toolbar: {84452a8c-bc09-4187-ad3b-b275b98eb939} - C:\Program Files (x86)\Begin-download_FLV\prxtbBegi.dll
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\PURPLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{19C50513-CDCB-4D82-A0C8-C40F6D5EF2A0} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B26C0031-58F9-4415-8B0F-C34DD0452AC0} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [CorelCreatorClient] C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-2-18 56336]
R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2013-2-18 46392]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-11-19 92536]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2012-12-5 98888]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2013-2-18 76672]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-8 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-11-19 199008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-19 2451456]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2013-2-18 77112]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 CorelCreatorMessages;CorelCreatorMessages;C:\Windows\System32\CorelCreatorMessages.exe [2011-12-13 105984]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-11-19 269968]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-19 690832]
R3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2013-2-18 98104]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-11-19 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2013-2-18 34224]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-2-18 310952]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-11-19 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-19 43832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-01-03 20:25:14 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-03 20:25:13 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-03 20:10:15 -------- d-----w- C:\Users\PurpleKat\AppData\Roaming\Malwarebytes
2014-01-03 20:10:09 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-03 20:10:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-03 20:10:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 20:09:26 -------- d-----w- C:\Users\PurpleKat\AppData\Local\Programs
2014-01-01 18:09:06 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2014-01-01 18:09:06 0 ----a-w- C:\Windows\SysWow64\RuntimeBroker.exe
2014-01-01 18:09:06 0 ----a-w- C:\Windows\SysWow64\dwm.exe
2014-01-01 18:09:06 0 ----a-w- C:\Windows\SysWow64\conhost.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\wininit.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\taskhostex.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\taskhost.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\spoolsv.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\smss.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\services.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\hpservice.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\CorelCreatorMessages.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\atiesrxx.exe
2014-01-01 18:08:45 0 ----a-w- C:\Windows\SysWow64\atieclxx.exe
2013-12-30 02:16:17 -------- d-----w- C:\Windows\System32\MRT
2013-12-30 01:29:06 566784 ----a-w- C:\Windows\System32\wvc.dll
2013-12-30 01:29:06 462336 ----a-w- C:\Windows\System32\sysmon.ocx
2013-12-30 01:29:06 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
2013-12-30 01:29:06 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
2013-12-30 01:29:06 1374208 ----a-w- C:\Windows\System32\wdc.dll
2013-12-30 01:29:06 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
2013-12-30 01:29:00 2233688 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-30 01:28:57 893952 ----a-w- C:\Windows\SysWow64\msctf.dll
2013-12-30 01:28:57 1125888 ----a-w- C:\Windows\System32\msctf.dll
2013-12-30 01:28:56 1107968 ----a-w- C:\Program Files\Common Files\System\Ole DB\oledb32.dll
2013-12-30 01:28:55 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-12-30 01:28:54 941056 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
2013-12-30 01:28:54 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-12-30 01:28:54 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll
2013-12-30 01:28:54 158208 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll
2013-12-30 01:28:53 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll
2013-12-30 01:17:51 4917760 ----a-w- C:\Windows\System32\sppsvc.exe
2013-12-30 01:15:58 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-12-30 01:15:58 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-12-30 00:56:48 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-29 21:17:04 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{074568F3-440E-4DB7-8B45-BE14F066994A}\mpengine.dll
2013-12-29 21:08:27 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin
2013-12-29 20:52:11 -------- d-----w- C:\Program Files\iPod
2013-12-29 20:52:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-29 20:52:10 -------- d-----w- C:\Program Files\iTunes
2013-12-29 20:52:10 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-29 20:49:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-29 20:49:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-29 20:49:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-29 20:49:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-29 20:49:14 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-12-29 20:46:52 -------- d-----w- C:\Windows\SysWow64\SearchProtect
.
==================== Find3M  ====================
.
2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-19 05:45:45 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 04:04:07 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\Windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\Windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
.
============= FINISH: 13:48:46.25 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 1/14/2013 4:10:24 AM
System Uptime: 1/3/2014 1:25:57 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 184B
Processor: AMD A6-4400M APU with Radeon HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 905 GiB total, 840.227 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 3.016 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP37: 7/6/2013 7:08:59 PM - HPSF Applying updates
RP38: 12/29/2013 7:04:10 PM - Windows Update
RP39: 1/3/2014 11:45:38 AM - Windows Update
.
==== Installed Programs ======================
.
4 Elements II
Adobe Photoshop Elements 11
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Begin-download FLV Toolbar
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Corel PDF Fusion
Corel PDF Fusion Addins
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Elements 11 Organizer
Energy Star
Family Tree Heritage
Family Tree Heritage Collaboration Support
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
iCloud
IDT Audio
iSEEK AnswerWorks English Runtime
iTunes
Jewel Match 3
John Deere Drive Green
Laplink SafeErase
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
Online Plug-in
PCHealthBoost 2.3.0
PCmover
PDF-XChange 3
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
PSE11 STI Installer
Qualcomm Atheros Driver Installation Program
Quicken 2013
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Self-service Plug-in
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Trend Micro Titanium
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/29/2013 6:33:46 PM, Error: Service Control Manager [7034]  - The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 5 time(s).
12/29/2013 6:14:11 PM, Error: Service Control Manager [7034]  - The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 4 time(s).
12/29/2013 5:55:00 PM, Error: Service Control Manager [7034]  - The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 3 time(s).
12/29/2013 1:50:33 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2014 11:45:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 8 for x64-based Systems (KB2871690).
1/3/2014 11:45:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8 for x64-based Systems (KB2871777).
1/3/2014 1:47:16 PM, Error: Service Control Manager [7034]  - The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 2 time(s).
1/3/2014 1:33:59 PM, Error: Service Control Manager [7034]  - The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 1 time(s).
1/1/2014 8:02:57 AM, Error: Service Control Manager [7034]  - The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 6 time(s).
.
==== End Of File ===========================
 

 

 

 

 

 

 

 

Link to post
Share on other sites

  • Replies 67
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello and :welcome:


General P2P/Piracy Warning:
 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)



STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.



Link 1
Link 2


  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.



  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit



  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to post
Share on other sites

Thanks for the reply. Erunt didn't give the option not to create a start up folder, so I didn't do the backup. Here's the Rogue killer log.

 

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : PurpleKat [Admin rights]
Mode : Scan -- Date : 01/05/2014 03:01:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541010A9E680 SATA Disk Device +++++
--- User ---
[MBR] e1bd296116942a1d7a508b02ed7afa60
[bSP] b9621a1731f68c7309981b1a637aefb2 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01052014_030131.txt >>

 

 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Here are the logs for steps 3-5. Currently running ESET online scan. Will post the ESET & the two FRST logs when complete.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.05.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
PurpleKat :: PURPLEKATPC [administrator]

1/5/2014 9:26:16 AM
mbar-log-2014-01-05 (09-26-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 239783
Time elapsed: 38 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16750

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.695000 GHz
Memory total: 8021876736, free: 6663860224

Downloaded database version: v2014.01.05.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/05/2014 09:26:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\TMEBC64.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\wd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\appexDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tmusa.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tmeevw.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007cb1060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000034\
Lower Device Object: 0xfffffa80079167f0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007cb1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007cb1a30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007cb1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007cb2610, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8007934990, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80079167f0, DeviceName: \Device\00000034\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1EFAD293

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 1953525167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 351713411
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 803b6cbd-45d6-4547-82c4-604382675cac
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 351713411
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 803b6cbd-45d6-4547-82c4-604382675cac
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ee39b00b-51a-486b-acd0-65d661613be5
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 8a45d5bf-5408-4d6a-bede-ed7990d3cfd4
    FirstLBA 821248  Last LBA 1353727
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID da05223a-ce56-4ee7-adce-798d2868117
    FirstLBA 1353728  Last LBA 1615871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8bf25b1b-72fb-4037-8523-62c9dcae670
    FirstLBA 1615872  Last LBA 1900453887
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b6659ab1-1e3d-4c92-92ca-cbb489ddf3b9
    FirstLBA 1900453888  Last LBA 1953523711
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8 x64
Ran by PurpleKat on Sun 01/05/2014 at 10:08:36.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\boostsoftware
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3291853
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{255ED0A8-934B-4B44-A2C0-89675AB53DA0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84452a8c-bc09-4187-ad3b-b275b98eb939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{84452a8c-bc09-4187-ad3b-b275b98eb939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pchealthboost"
Successfully deleted: [Folder] "C:\Users\PurpleKat\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\PurpleKat\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\PurpleKat\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc healthboost"
Successfully deleted: [Folder] "C:\Users\PurpleKat\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/05/2014 at 10:13:32.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.016 - Report created 05/01/2014 at 10:29:04
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : PurpleKat - PURPLEKATPC
# Running from : C:\Users\PurpleKat\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\Program Files (x86)\Begin-download_FLV
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\PURPLE~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\PurpleKat\AppData\LocalLow\Begin-download_FLV
Folder Deleted : C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90411930-787D-4D61-8E42-123CDFFFF663}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84452A8C-BC09-4187-AD3B-B275B98EB939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84452A8C-BC09-4187-AD3B-B275B98EB939}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90411930-787D-4D61-8E42-123CDFFFF663}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A956989B-81FD-417F-825D-C012A4C52B47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57E41F3F-8F79-44F0-A5BC-1DF9D079062E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{84452A8C-BC09-4187-AD3B-B275B98EB939}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{84452A8C-BC09-4187-AD3B-B275B98EB939}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{84452A8C-BC09-4187-AD3B-B275B98EB939}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\AppDataLow\Software\Begin-download_FLV
Key Deleted : HKLM\Software\Begin-download_FLV
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Begin-download_FLV Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3655 octets] - [05/01/2014 10:17:35]
AdwCleaner[R1].txt - [3715 octets] - [05/01/2014 10:18:16]
AdwCleaner[s0].txt - [3690 octets] - [05/01/2014 10:29:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3750 octets] ##########
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.03.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
PurpleKat :: PURPLEKATPC [administrator]

1/5/2014 10:38:27 AM
mbam-log-2014-01-05 (10-38-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210517
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

ESET Log

 

C:\$Recycle.Bin\S-1-5-21-67557626-105811724-1848385916-1002\$RKRBIZC.exe    a variant of Win32/Toolbar.MyWebSearch.R application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Begin-download_FLV\ldrtbBegi.dll.vir    a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Begin-download_FLV\tbBegi.dll.vir    a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\PurpleKat\AppData\LocalLow\Begin-download_FLV\ldrtbBeg0.dll.vir    a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\PurpleKat\AppData\LocalLow\Begin-download_FLV\ldrtbBegi.dll.vir    a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\PurpleKat\AppData\LocalLow\Begin-download_FLV\tbBeg0.dll.vir    a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\PurpleKat\AppData\LocalLow\Begin-download_FLV\tbBegi.dll.vir    a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\PurpleKat\AppData\LocalLow\Begin-download_FLV\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A application
C:\Program Files (x86)\Laplink\PCmover\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Laplink\PCmover\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\PurpleKat\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application

Link to post
Share on other sites

Had to post this log in two parts because it's too long.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by PurpleKat (administrator) on PURPLEKATPC on 05-01-2014 13:00:23
Running from C:\Users\PurpleKat\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Global Graphics Software Ltd.) C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
(Global Graphics Software Ltd) C:\Windows\System32\CorelCreatorMessages.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [CorelCreatorClient] - C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe [779776 2011-12-13] (Global Graphics Software Ltd.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [213856 2012-07-25] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1374864 2012-07-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
MountPoints2: {4ad38477-3278-11e2-be71-806e6f6e6963} - "E:\mblaunchpad.exe"
Startup: C:\Users\PurpleKat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {255ED0A8-934B-4B44-A2C0-89675AB53DA0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Browser Exploit Prevention) - C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1107_0\nptmbep.dll No File
CHR Plugin: (Trend Micro Titanium) - C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.0.0.1215_0\npToolbarChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (TrendMicro BEP Extension) - C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1125_0
CHR Extension: (Google Search) - C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\PurpleKat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\chrome_tmbep.crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\chrome_tmbep.crx

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AMD External Events Utility; C:\Windows\SysWow64\atiesrxx.exe [0 2014-01-01] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2011-12-13] (Global Graphics Software Ltd)
R3 CorelCreatorMessages; C:\Windows\SysWow64\CorelCreatorMessages.exe [0 2014-01-01] ()
R2 hpsrv; C:\Windows\SysWow64\Hpservice.exe [0 2014-01-01] ()
R2 Spooler; C:\Windows\SysWow64\spoolsv.exe [0 2014-01-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [106000 2012-07-12] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-07-12] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [98104 2012-08-25] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-26] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [76672 2012-07-12] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [77112 2012-09-11] (Trend Micro Inc.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 13:00 - 2014-01-05 13:00 - 00020538 _____ C:\Users\PurpleKat\Desktop\FRST.txt
2014-01-05 12:59 - 2014-01-05 12:59 - 00000000 ____D C:\FRST
2014-01-05 12:57 - 2014-01-05 10:57 - 01931368 _____ (Farbar) C:\Users\PurpleKat\Desktop\FRST64.exe
2014-01-05 10:56 - 2014-01-05 10:56 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-05 10:55 - 2014-01-05 10:55 - 02347384 _____ (ESET) C:\Users\PurpleKat\Downloads\esetsmartinstaller_enu.exe
2014-01-05 10:29 - 2014-01-05 10:29 - 00003850 _____ C:\Users\PurpleKat\Desktop\AdwCleaner[s0].txt
2014-01-05 10:17 - 2014-01-05 10:48 - 00000000 ____D C:\AdwCleaner
2014-01-05 10:13 - 2014-01-05 10:13 - 00005639 _____ C:\Users\PurpleKat\Desktop\JRT.txt
2014-01-05 10:08 - 2014-01-05 10:08 - 00000000 ____D C:\Windows\ERUNT
2014-01-05 10:08 - 2014-01-04 10:59 - 01036305 _____ (Thisisu) C:\Users\PurpleKat\Desktop\JRT.exe
2014-01-05 09:26 - 2014-01-05 09:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-05 09:25 - 2014-01-05 10:05 - 00000000 ____D C:\Users\PurpleKat\Desktop\mbar
2014-01-05 09:25 - 2014-01-05 09:25 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-05 09:21 - 2014-01-05 12:57 - 00000000 ____D C:\Users\PurpleKat\Desktop\Malware Removal Tools
2014-01-05 09:21 - 2014-01-05 09:21 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\PurpleKat\Desktop\rkill(1)64.exe
2014-01-05 09:21 - 2014-01-03 13:41 - 01233962 _____ C:\Users\PurpleKat\Desktop\adwcleaner.exe
2014-01-05 03:01 - 2014-01-05 03:01 - 00001470 _____ C:\Users\PurpleKat\Desktop\RKreport[0]_S_01052014_030131.txt
2014-01-05 02:46 - 2014-01-05 02:51 - 00000000 ____D C:\Users\PurpleKat\Desktop\RK_Quarantine
2014-01-05 02:38 - 2014-01-05 09:22 - 00001726 _____ C:\Users\PurpleKat\Desktop\Rkill.txt
2014-01-05 02:38 - 2014-01-05 02:37 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\PurpleKat\Desktop\rkill(1).exe
2014-01-05 02:34 - 2014-01-05 02:34 - 00000000 ____D C:\Users\PurpleKat\Desktop\rkill
2014-01-05 02:33 - 2014-01-05 02:29 - 04406784 _____ C:\Users\PurpleKat\Desktop\RogueKillerX64.exe
2014-01-05 02:32 - 2014-01-05 02:28 - 00791393 _____ (Lars Hederer                                                ) C:\Users\PurpleKat\Desktop\erunt-setup.exe
2014-01-04 08:37 - 2014-01-05 03:01 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00378608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00322800 _____ (VIA Corporation) C:\Windows\system32\Drivers\VSTXRAID.SYS.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00164080 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00137832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00106224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00086632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00083184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00067824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00066800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00062568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00057000 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00045160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00036080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00033520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00033024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00023792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00023280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WppRecorder.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00022144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00020288 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\Drivers\WirelessButtonDriver64.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUpFltr.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00019184 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00017648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmgencounter.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-04 08:37 - 2014-01-05 03:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-01-04 08:37 - 2014-01-05 03:00 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00690832 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt630x64.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00540160 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00448312 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00441576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00390896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00277736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00269968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00237808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00234224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00217328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00173504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00172784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00168176 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00150256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00125168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00123632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00107760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00106000 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00098104 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00097008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uaspstor.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00091880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00083696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00081648 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00077112 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00076672 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mslldp.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00065776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00064240 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvumis.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SpbCx.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00056552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00056336 _____ (Corel Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00052464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00052464 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00049904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00046392 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00044784 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00043832 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00041272 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00037992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00037616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00036592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00034224 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmel.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00030960 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npsvctrig.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00020720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tbs.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00017136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00014064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00013680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00011008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidumdf.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00006912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-04 08:36 - 2014-01-05 03:00 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 10627744 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00645952 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00411888 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00353008 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00172264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00116976 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00108784 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00100072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00093936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00092400 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00081136 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sss.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00051952 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00048368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00045808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00045296 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00028904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00022256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00021376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00018672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kdnic.sys.bak
2014-01-04 08:36 - 2014-01-05 02:59 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 03265256 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00562392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00533224 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00374512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00361200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00303848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00210672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00113904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\EhStorTcgDrv.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00102640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00098888 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\ctxusbm.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00092536 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualDrive.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00081136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\EhStorClass.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00071920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00066800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00064752 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00062488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00057584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidi2c.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00036592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00034032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\condrv.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dmvsc.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00029952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthhfHid.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00029600 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00025328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00024816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HyperVideo.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fxppm.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dmpusbstor.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hyperkbd.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00011376 _____ (Corel Corporation) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00010864 _____ (Corel Corporation) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-04 08:35 - 2014-01-05 02:59 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 10283520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 03618304 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw8x.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 02935808 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00492272 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00425192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00340720 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00258288 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00199008 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00190704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00184048 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00108272 _____ (PMC-Sierra, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00106736 _____ (LSI) C:\Windows\system32\Drivers\3ware.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00104688 _____ (PMC-Sierra, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00098472 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW86.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00079528 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00077040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpiex.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00076016 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00063216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicDisplay.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00042400 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00033512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00026352 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00026280 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00025840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpitime.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipagr.sys.bak
2014-01-04 08:35 - 2014-01-05 02:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-03 15:48 - 2014-01-03 15:48 - 00024456 _____ C:\Users\PurpleKat\Desktop\dds.txt
2014-01-03 15:48 - 2014-01-03 15:48 - 00009203 _____ C:\Users\PurpleKat\Desktop\attach.txt
2014-01-03 15:26 - 2014-01-03 15:27 - 02072536 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 15:25 - 2013-12-03 19:53 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 15:25 - 2013-12-03 19:53 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 15:10 - 2014-01-03 15:10 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-03 15:10 - 2014-01-03 15:10 - 00000000 ____D C:\Users\PurpleKat\AppData\Roaming\Malwarebytes
2014-01-03 15:10 - 2014-01-03 15:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-03 15:10 - 2014-01-03 15:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 15:10 - 2013-04-04 16:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-01 13:28 - 2014-01-01 13:28 - 00816692 _____ C:\Users\PurpleKat\AppData\Local\census.cache
2014-01-01 13:28 - 2014-01-01 13:28 - 00087938 _____ C:\Users\PurpleKat\AppData\Local\ars.cache
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\RuntimeBroker.exe
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\wininit.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\taskhostex.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\hpservice.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\CorelCreatorMessages.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\atiesrxx.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\atieclxx.exe
2014-01-01 10:05 - 2014-01-01 10:05 - 00000000 ____D C:\Users\PurpleKat\Desktop\gmer
2014-01-01 10:04 - 2014-01-01 11:51 - 00368554 _____ C:\Users\PurpleKat\Desktop\gmer.zip
2014-01-01 10:03 - 2014-01-01 11:51 - 00688992 ____R (Swearware) C:\Users\PurpleKat\Desktop\dds.scr
2013-12-29 21:16 - 2013-12-29 21:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-29 20:34 - 2013-06-16 17:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-29 20:34 - 2013-06-01 06:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-12-29 20:34 - 2013-06-01 06:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-29 20:34 - 2013-06-01 06:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-12-29 20:34 - 2013-06-01 05:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-12-29 20:34 - 2013-06-01 04:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-29 20:34 - 2013-06-01 04:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-12-29 20:34 - 2013-06-01 04:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-12-29 20:34 - 2013-06-01 04:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-12-29 20:34 - 2013-06-01 04:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-12-29 20:34 - 2013-06-01 04:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-12-29 20:34 - 2013-06-01 04:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-12-29 20:34 - 2013-06-01 04:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-29 20:34 - 2013-06-01 04:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-12-29 20:34 - 2013-06-01 04:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-12-29 20:34 - 2013-06-01 04:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-12-29 20:34 - 2013-06-01 04:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-12-29 20:34 - 2013-06-01 04:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-12-29 20:34 - 2013-06-01 04:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-12-29 20:34 - 2013-06-01 04:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-12-29 20:34 - 2013-06-01 04:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-12-29 20:34 - 2013-06-01 04:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-12-29 20:34 - 2013-06-01 04:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-12-29 20:34 - 2013-05-31 22:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-12-29 20:34 - 2013-05-24 17:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-12-29 20:34 - 2013-05-24 17:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-12-29 20:34 - 2013-05-24 17:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-12-29 20:34 - 2013-05-24 17:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-12-29 20:29 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-12-29 20:29 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-12-29 20:29 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-12-29 20:29 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-12-29 20:29 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-12-29 20:29 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-12-29 20:29 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-29 20:29 - 2013-08-01 05:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-29 20:28 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-12-29 20:28 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-12-29 20:28 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-12-29 20:28 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-29 20:28 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-12-29 20:28 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-12-29 20:28 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-12-29 20:28 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-12-29 20:28 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-12-29 20:28 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-12-29 20:20 - 2013-07-01 19:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-12-29 20:20 - 2013-07-01 17:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-12-29 20:19 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-29 20:19 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-29 20:18 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-29 20:18 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-29 20:18 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-29 20:18 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-29 20:18 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-29 20:18 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-29 20:18 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-29 20:18 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-29 20:18 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-29 20:18 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-29 20:18 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-29 20:18 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-29 20:18 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-29 20:18 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-29 20:18 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-29 20:18 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-29 20:18 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-29 20:18 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-29 20:18 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-12-29 20:18 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-29 20:18 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-12-29 20:18 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-12-29 20:18 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-12-29 20:18 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-12-29 20:18 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-12-29 20:18 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-12-29 20:18 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-29 20:18 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-12-29 20:18 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-12-29 20:18 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-12-29 20:18 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-12-29 20:18 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-29 20:18 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-12-29 20:18 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-12-29 20:18 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-12-29 20:18 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-12-29 20:18 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-12-29 20:18 - 2013-07-05 19:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-29 20:18 - 2013-07-03 21:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-12-29 20:17 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-29 20:17 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-29 20:17 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-29 20:17 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-29 20:17 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-29 20:17 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-29 20:17 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-29 20:17 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-29 20:17 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-29 20:17 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-29 20:17 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-29 20:17 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-29 20:17 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-29 20:17 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-29 20:17 - 2013-10-03 17:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-29 20:17 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-29 20:17 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-29 20:17 - 2013-10-01 18:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-29 20:17 - 2013-10-01 18:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-29 20:17 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-29 20:17 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-29 20:17 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-29 20:17 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-29 20:17 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-29 20:17 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-29 20:17 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-29 20:17 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-29 20:17 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-29 20:17 - 2013-08-16 00:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-12-29 20:17 - 2013-08-16 00:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-12-29 20:17 - 2013-08-16 00:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-12-29 20:17 - 2013-08-16 00:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-12-29 20:17 - 2013-08-16 00:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-12-29 20:17 - 2013-08-16 00:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-12-29 20:17 - 2013-08-16 00:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-12-29 20:17 - 2013-08-15 17:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-12-29 20:17 - 2013-08-15 17:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-12-29 20:17 - 2013-08-15 17:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-12-29 20:17 - 2013-08-15 17:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-12-29 20:17 - 2013-08-15 17:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-29 20:17 - 2013-08-15 17:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-12-29 20:17 - 2013-08-15 17:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-12-29 20:17 - 2013-08-15 17:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-12-29 20:17 - 2013-07-05 17:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-29 20:17 - 2013-07-05 17:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-29 20:17 - 2013-07-02 19:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-12-29 20:17 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-12-29 20:17 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-29 20:17 - 2013-06-28 22:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-29 20:17 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-29 20:17 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-29 20:17 - 2013-05-23 18:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-29 20:17 - 2013-05-23 17:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-12-29 20:16 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-29 20:16 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-29 20:16 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-29 20:16 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-29 20:16 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-29 20:16 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-29 20:16 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-29 20:16 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-29 20:16 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-29 20:16 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-29 20:16 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-29 20:16 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-29 20:16 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-29 20:16 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-29 20:16 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-29 20:16 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-29 20:16 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-29 20:16 - 2013-08-07 00:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-12-29 20:16 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-12-29 20:16 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-12-29 20:16 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-29 20:16 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-29 20:16 - 2013-07-13 01:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-29 20:16 - 2013-07-13 01:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-29 20:16 - 2013-07-13 01:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-12-29 20:16 - 2013-07-13 01:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-12-29 20:16 - 2013-07-12 23:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-12-29 20:16 - 2013-07-12 23:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-12-29 20:16 - 2013-07-12 23:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-12-29 20:16 - 2013-07-09 03:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-12-29 20:16 - 2013-07-09 01:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-12-29 20:16 - 2013-07-08 23:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-12-29 20:16 - 2013-07-08 22:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-12-29 20:16 - 2013-07-08 17:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-12-29 20:16 - 2013-07-08 17:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-12-29 20:16 - 2013-07-08 17:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-12-29 20:16 - 2013-07-08 17:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-12-29 20:16 - 2013-07-05 19:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-29 20:16 - 2013-07-02 19:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-12-29 20:16 - 2013-07-02 19:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-12-29 20:16 - 2013-07-02 19:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-12-29 20:16 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-12-29 20:16 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-12-29 20:16 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-29 20:16 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-29 20:16 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-29 20:16 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-29 20:16 - 2013-06-30 17:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-12-29 20:16 - 2013-06-30 17:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-12-29 20:16 - 2013-06-29 01:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-12-29 20:16 - 2013-06-29 01:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-12-29 20:16 - 2013-06-29 00:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-12-29 20:16 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-29 20:16 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-29 20:16 - 2013-06-25 22:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-12-29 20:16 - 2013-06-25 21:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-12-29 20:16 - 2013-06-24 17:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-29 20:16 - 2013-06-24 17:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-12-29 20:16 - 2013-06-24 17:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-12-29 20:16 - 2013-06-19 00:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-12-29 20:16 - 2013-06-19 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-12-29 20:16 - 2013-06-18 17:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-12-29 20:16 - 2013-06-18 17:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-12-29 20:16 - 2013-06-11 18:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-12-29 20:16 - 2013-06-11 18:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-12-29 20:16 - 2013-06-10 14:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-29 20:16 - 2013-06-10 14:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-29 20:16 - 2013-06-10 14:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-29 20:16 - 2013-06-10 14:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-29 20:16 - 2013-06-06 03:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-12-29 20:16 - 2013-06-01 04:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-12-29 20:16 - 2013-06-01 04:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-29 20:16 - 2013-05-26 18:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-12-29 20:16 - 2013-05-26 17:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-29 20:16 - 2013-05-24 22:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-29 20:16 - 2013-05-24 21:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-12-29 20:16 - 2013-05-04 01:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-29 20:16 - 2013-05-03 23:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-12-29 20:16 - 2013-04-11 17:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-29 20:16 - 2013-04-11 17:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-29 20:15 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-29 20:15 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-29 19:56 - 2013-11-19 05:21 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-12-29 15:52 - 2013-12-29 15:52 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\Program Files\iTunes
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\Program Files\iPod
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-29 15:49 - 2013-12-29 15:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-29 15:49 - 2013-12-29 15:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
 

Link to post
Share on other sites

==================== One Month Modified Files and Folders =======

2014-01-05 13:00 - 2014-01-05 13:00 - 00020538 _____ C:\Users\PurpleKat\Desktop\FRST.txt
2014-01-05 13:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-05 12:59 - 2014-01-05 12:59 - 00000000 ____D C:\FRST
2014-01-05 12:57 - 2014-01-05 09:21 - 00000000 ____D C:\Users\PurpleKat\Desktop\Malware Removal Tools
2014-01-05 12:52 - 2013-02-18 22:34 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 11:52 - 2012-07-26 02:28 - 00941050 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 10:57 - 2014-01-05 12:57 - 01931368 _____ (Farbar) C:\Users\PurpleKat\Desktop\FRST64.exe
2014-01-05 10:56 - 2014-01-05 10:56 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-05 10:55 - 2014-01-05 10:55 - 02347384 _____ (ESET) C:\Users\PurpleKat\Downloads\esetsmartinstaller_enu.exe
2014-01-05 10:48 - 2014-01-05 10:17 - 00000000 ____D C:\AdwCleaner
2014-01-05 10:32 - 2013-02-18 22:34 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 10:31 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 10:29 - 2014-01-05 10:29 - 00003850 _____ C:\Users\PurpleKat\Desktop\AdwCleaner[s0].txt
2014-01-05 10:13 - 2014-01-05 10:13 - 00005639 _____ C:\Users\PurpleKat\Desktop\JRT.txt
2014-01-05 10:08 - 2014-01-05 10:08 - 00000000 ____D C:\Windows\ERUNT
2014-01-05 10:05 - 2014-01-05 09:25 - 00000000 ____D C:\Users\PurpleKat\Desktop\mbar
2014-01-05 09:35 - 2014-01-05 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-05 09:25 - 2014-01-05 09:25 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-05 09:22 - 2014-01-05 02:38 - 00001726 _____ C:\Users\PurpleKat\Desktop\Rkill.txt
2014-01-05 09:21 - 2014-01-05 09:21 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\PurpleKat\Desktop\rkill(1)64.exe
2014-01-05 08:16 - 2013-01-14 06:10 - 01938989 _____ C:\Windows\WindowsUpdate.log
2014-01-05 03:09 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2014-01-05 03:01 - 2014-01-05 03:01 - 00001470 _____ C:\Users\PurpleKat\Desktop\RKreport[0]_S_01052014_030131.txt
2014-01-05 03:01 - 2014-01-04 08:37 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00378608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00322800 _____ (VIA Corporation) C:\Windows\system32\Drivers\VSTXRAID.SYS.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00164080 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00137832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00106224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00086632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00083184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00067824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00066800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00062568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00057000 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00045160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00036080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00033520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00033024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00023792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00023280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WppRecorder.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00022144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00020288 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\Drivers\WirelessButtonDriver64.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUpFltr.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00019184 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00017648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmgencounter.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-05 03:01 - 2014-01-04 08:37 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-01-05 03:00 - 2014-01-04 08:37 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00690832 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt630x64.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00540160 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00448312 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00441576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00390896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00277736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00269968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00237808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00234224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00217328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00173504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00172784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00168176 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00150256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00125168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00123632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00107760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00106000 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00098104 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00097008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uaspstor.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00091880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00083696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00081648 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00077112 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00076672 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mslldp.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00065776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00064240 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvumis.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SpbCx.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00056552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00056336 _____ (Corel Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00052464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00052464 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00049904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00046392 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00044784 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00043832 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00041272 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00037992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00037616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00036592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00034224 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmel.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00030960 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npsvctrig.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00020720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tbs.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00017136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00014064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00013680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00011008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidumdf.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00006912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-05 03:00 - 2014-01-04 08:36 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 10627744 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00645952 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00411888 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00353008 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00172264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00116976 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00108784 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00100072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00093936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00092400 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00081136 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sss.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00051952 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00048368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00045808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00045296 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00028904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00022256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00021376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00018672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kdnic.sys.bak
2014-01-05 02:59 - 2014-01-04 08:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 03265256 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00562392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00533224 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00374512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00361200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00303848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00210672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00113904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\EhStorTcgDrv.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00102640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00098888 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\ctxusbm.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00092536 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualDrive.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00081136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\EhStorClass.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00071920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00066800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00064752 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00062488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00057584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidi2c.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00036592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00034032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\condrv.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dmvsc.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00029952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthhfHid.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00029600 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00025328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00024816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HyperVideo.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fxppm.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dmpusbstor.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hyperkbd.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00011376 _____ (Corel Corporation) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00010864 _____ (Corel Corporation) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-05 02:59 - 2014-01-04 08:35 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 10283520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 03618304 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw8x.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 02935808 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00492272 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00425192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00340720 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00258288 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00199008 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00190704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00184048 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00108272 _____ (PMC-Sierra, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00106736 _____ (LSI) C:\Windows\system32\Drivers\3ware.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00104688 _____ (PMC-Sierra, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00098472 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW86.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00079528 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00077040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpiex.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00076016 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00063216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicDisplay.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00042400 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00033512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00026352 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00026280 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00025840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpitime.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipagr.sys.bak
2014-01-05 02:58 - 2014-01-04 08:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-05 02:51 - 2014-01-05 02:46 - 00000000 ____D C:\Users\PurpleKat\Desktop\RK_Quarantine
2014-01-05 02:37 - 2014-01-05 02:38 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\PurpleKat\Desktop\rkill(1).exe
2014-01-05 02:34 - 2014-01-05 02:34 - 00000000 ____D C:\Users\PurpleKat\Desktop\rkill
2014-01-05 02:29 - 2014-01-05 02:33 - 04406784 _____ C:\Users\PurpleKat\Desktop\RogueKillerX64.exe
2014-01-05 02:28 - 2014-01-05 02:32 - 00791393 _____ (Lars Hederer                                                ) C:\Users\PurpleKat\Desktop\erunt-setup.exe
2014-01-04 10:59 - 2014-01-05 10:08 - 01036305 _____ (Thisisu) C:\Users\PurpleKat\Desktop\JRT.exe
2014-01-03 16:53 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2014-01-03 15:48 - 2014-01-03 15:48 - 00024456 _____ C:\Users\PurpleKat\Desktop\dds.txt
2014-01-03 15:48 - 2014-01-03 15:48 - 00009203 _____ C:\Users\PurpleKat\Desktop\attach.txt
2014-01-03 15:31 - 2013-01-14 06:17 - 00000000 ___RD C:\Users\PurpleKat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-03 15:31 - 2013-01-14 06:17 - 00000000 ___RD C:\Users\PurpleKat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-03 15:27 - 2014-01-03 15:26 - 02072536 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 15:25 - 2012-07-26 00:37 - 00000000 ____D C:\Windows\servicing
2014-01-03 15:23 - 2012-08-03 17:23 - 00715994 _____ C:\Windows\PFRO.log
2014-01-03 15:19 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-03 15:19 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-03 15:19 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2014-01-03 15:19 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-03 15:19 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2014-01-03 15:19 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2014-01-03 15:19 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2014-01-03 15:19 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\oobe
2014-01-03 15:18 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2014-01-03 15:10 - 2014-01-03 15:10 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-03 15:10 - 2014-01-03 15:10 - 00000000 ____D C:\Users\PurpleKat\AppData\Roaming\Malwarebytes
2014-01-03 15:10 - 2014-01-03 15:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-03 15:10 - 2014-01-03 15:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 13:41 - 2014-01-05 09:21 - 01233962 _____ C:\Users\PurpleKat\Desktop\adwcleaner.exe
2014-01-03 13:37 - 2013-01-14 06:17 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{11A136DF-8B57-4EF1-9E77-424AFA024EB7}
2014-01-01 13:35 - 2013-02-18 21:19 - 00000036 _____ C:\Users\PurpleKat\AppData\Local\housecall.guid.cache
2014-01-01 13:28 - 2014-01-01 13:28 - 00816692 _____ C:\Users\PurpleKat\AppData\Local\census.cache
2014-01-01 13:28 - 2014-01-01 13:28 - 00087938 _____ C:\Users\PurpleKat\AppData\Local\ars.cache
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\RuntimeBroker.exe
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe
2014-01-01 13:09 - 2014-01-01 13:09 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\wininit.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\taskhostex.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\hpservice.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\CorelCreatorMessages.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\atiesrxx.exe
2014-01-01 13:08 - 2014-01-01 13:08 - 00000000 _____ C:\Windows\SysWOW64\atieclxx.exe
2014-01-01 11:51 - 2014-01-01 10:04 - 00368554 _____ C:\Users\PurpleKat\Desktop\gmer.zip
2014-01-01 11:51 - 2014-01-01 10:03 - 00688992 ____R (Swearware) C:\Users\PurpleKat\Desktop\dds.scr
2014-01-01 10:05 - 2014-01-01 10:05 - 00000000 ____D C:\Users\PurpleKat\Desktop\gmer
2014-01-01 10:01 - 2013-02-18 19:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-01 09:58 - 2012-07-26 02:21 - 00036533 _____ C:\Windows\setupact.log
2013-12-29 21:24 - 2012-07-26 00:26 - 00000167 _____ C:\Windows\win.ini
2013-12-29 21:17 - 2013-12-29 21:16 - 00000000 ____D C:\Windows\system32\MRT
2013-12-29 21:03 - 2013-01-14 06:24 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-67557626-105811724-1848385916-1002
2013-12-29 20:50 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-29 20:27 - 2013-02-18 21:21 - 00000000 ____D C:\ProgramData\Trend Micro
2013-12-29 15:54 - 2013-02-18 22:34 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-29 15:54 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-29 15:52 - 2013-12-29 15:52 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\Program Files\iTunes
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\Program Files\iPod
2013-12-29 15:52 - 2013-12-29 15:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-29 15:52 - 2013-04-06 21:22 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-29 15:49 - 2013-12-29 15:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-29 15:49 - 2013-12-29 15:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-29 15:47 - 2013-02-18 22:34 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-29 15:47 - 2013-02-18 22:34 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-29 15:47 - 2013-01-22 05:11 - 00000000 ____D C:\Users\PurpleKat\AppData\Local\CrashDumps

Some content of TEMP:
====================
C:\Users\PurpleKat\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\PurpleKat\AppData\Local\Temp\AskSLib.dll
C:\Users\PurpleKat\AppData\Local\Temp\ddscue9p.dll
C:\Users\PurpleKat\AppData\Local\Temp\Extract.exe
C:\Users\PurpleKat\AppData\Local\Temp\Microsoft.Win32.TaskScheduler.dll
C:\Users\PurpleKat\AppData\Local\Temp\ntdll_dump.dll
C:\Users\PurpleKat\AppData\Local\Temp\Quarantine.exe
C:\Users\PurpleKat\AppData\Local\Temp\readSTILog.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe
[2014-01-01 13:08] - [2014-01-01 13:08] - 0000000 ____A ()

C:\Windows\SysWOW64\wininit.exe IS INFECTED. <===== ATTENTION!

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-29 21:03

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by PurpleKat at 2014-01-06 18:09:35 Run:1
Running from C:\Users\PurpleKat\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\SysWOW64\wininit.exe IS INFECTED. <===== ATTENTION!

*****************

"C:\Windows\SysWOW64\wininit.exe IS INFECTED. <===== ATTENTION!" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

OK, I've ran SFC Scannow 7 or 8 times with the result "could not fix all errors". Followed the link for the Win7 readiness tool and followed the instructions for Win8 (DISM.exe/online....) Got an error saying that was not a recognized option (Error 87). If I try to open CBS logs I get access denied. Also tried running it from boot with a repair disc with no success. Where do I go from here? I don't have a windows 8 install disc, as this is a HP laptop.

Link to post
Share on other sites

  • Root Admin

Okay, let's try another method.

 

 

Please download the correct version of SystemLook for your computer and save it to your desktop.
You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.
    :filefindwininit.ex?
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt
Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 19:55 on 07/01/2014 by PurpleKat
Administrator - Elevation successful

========== filefind ==========

Searching for "wininit.ex?"
C:\Windows\System32\wininit.exe --a---- 132608 bytes [00:03 26/07/2012] [03:08 26/07/2012] FE9AB232B56A12224E8A3F3F9878C9A3
C:\Windows\SysWOW64\wininit.exe --a---- 0 bytes [18:08 01/01/2014] [18:08 01/01/2014] D41D8CD98F00B204E9800998ECF8427E
C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.2.9200.16384_none_89bc60338e14dc99\wininit.exe --a---- 132608 bytes [00:03 26/07/2012] [03:08 26/07/2012] FE9AB232B56A12224E8A3F3F9878C9A3

-= EOF =-

Link to post
Share on other sites

  • Root Admin

Please try the following.

 

See if you can delete this file or not and let me know.  If it gives an error trying to remove it let me know.

 

C:\Windows\SysWOW64\wininit.exe

 

If you can delete it without any issues then see if you can copy this one C:\Windows\System32\wininit.exe to this folder C:\Windows\SysWOW64\

 

Thanks

Link to post
Share on other sites

  • Root Admin

So is Trend Micro your purchased antivirus or is this a 6 month or similar trial for a new computer?

 

I see you also have the Citrix ICA Client installed.  Is this a business computer that connects to a remote server for work?

 

 

What I'd like to do (at least temporarily) is uninstall the Trend Micro antivirus and install something like avast antivirus.

Then have avast scan the computer for any infections.  Then once we've decided the computer is safe/clean you can look at reinstalling Trend Micro if you like.

 

Avast! Free Antivirus 9.0.2011

Link to post
Share on other sites

Those are 2 questions I can't answer tonight. This is my sister's laptop. I'm 99% sure she bought the retail version of TM Titanium...have no idea on connecting to a work server. Will post back tomorrow between 6 & 7pm. I can say that Trend Micro AV still doesn't start on boot, although it at least seems to make an attempt since you started the cleansing.

 

Again, will followup tomorrow. Good Night Mr. Lewis.

Link to post
Share on other sites

  • Root Admin

Well unlikely that I'll be able to assist you as I'm leaving for vacation tomorrow night.  I can ask someone to take over the topic if you like, otherwise you may need to wait until I'm back around the 15th

It's possible I may have an Internet connection but I can't promise that.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.