No program is running but something like radio is playing through my speakers

Solved
By Hoori
Dec 31, 2013
  1. When I started my laptop yesterday, some audio started to play without any program running on my computer. I looked to see if I can find a solution on the net and I ended up here. I downloaded the latest version of hijackthis and followed the instructions on this site to save a log. Attached is my HJT logfile. Would you guys please help me find out what's wrong?

    Thanks in advance.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Thank you. I ran MBAM and this is the log-file:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.01.02

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Fujitsu :: FUJITSU-PC [administrator]

    Protection: Disabled

    1/1/2014 2:14:36 AM
    mbam-log-2014-01-01 (02-14-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236997
    Time elapsed: 7 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 12
    HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EB4A4C0-6036-4D2E-B010-20707C4B62E8} (PUP.Optional.InstantSavings) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Search Protection (PUP.Optional.SearchProtection.A) -> Data: C:\ProgramData\Search Protection\SearchProtection.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

    Files Detected: 13
    C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\Users\Fujitsu\AppData\Local\Temp\Setup.exe (Adware.BetterSurf) -> Quarantined and deleted successfully.
    C:\Users\Fujitsu\Downloads\7zip_bimo.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
    C:\Windows\Installer\b8a174.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

    (end)
  4. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    This is the DDS.txt content:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16385
    Run by Fujitsu at 2:32:16 on 2014-01-01
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3952.1022 [GMT -8:00]
    .
    AV: ESET Smart Security 6.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 6.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
    C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Surf Canyon\scbhmon.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\ooVoo\ooVoo.exe
    C:\Users\Fujitsu\AppData\Roaming\SkypEmoticons\SE.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
    C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files (x86)\Surf Canyon\SurfCanyonDesktop.exe
    C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20131253,20029,0,85,6944
    mStart Page = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
    BHO: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
    uRun: [se] "C:\Users\Fujitsu\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
    mRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
    mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SurfCanyonDesktop] C:\Program Files (x86)\Surf Canyon\SurfCanyonDesktop.exe
    mRun: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
    StartupFolder: C:\Users\Fujitsu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: NameServer = 192.168.1.1 71.242.0.12
    TCP: Interfaces\{46CCE01D-EBBA-48C7-A6A0-64483FFB7990} : DHCPNameServer = 192.168.1.1 71.242.0.12
    TCP: Interfaces\{46CCE01D-EBBA-48C7-A6A0-64483FFB7990}\24D463332377D2334364836323 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{46CCE01D-EBBA-48C7-A6A0-64483FFB7990}\3597D60786F6E697 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{46CCE01D-EBBA-48C7-A6A0-64483FFB7990}\44D2C496E6B6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{46CCE01D-EBBA-48C7-A6A0-64483FFB7990}\8416464696A756C6 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{46CCE01D-EBBA-48C7-A6A0-64483FFB7990}\84838364A4 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{46CCE01D-EBBA-48C7-A6A0-64483FFB7990}\D616D616E6 : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~3\keepnb~1\keepnb~1.dll IESearchPlugin32.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Instant Savings App BHO: {6EB4A4C0-6036-4D2E-B010-20707C4B62E8} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P
    x64-Run: [LoadFUJ02E3] "C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe"
    x64-Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    x64-Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe"
    x64-Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe"
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 54.225.95.126 ckdjndgfgjaglgcnllemofeepjeeaofa
    Hosts: 54.225.95.126 achhmapmjlcjlomcbmbicbgkihghgnie
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20131253,20031,0,85,0
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20131253,20030,0,85,0
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
    FF - ExtSQL: 2013-11-14 00:30; xz123@ya456.com; C:\Program Files (x86)\BetterSurf\ff
    FF - ExtSQL: 2013-11-25 09:18; 12x3q@3244516.com; C:\Program Files (x86)\Better-Surf\ff
    FF - ExtSQL: 2013-12-09 19:42; ext@bettersurfplus.com; C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: extentions.webcake.installId - f67053c4-232a-46e4-a60f-0358aa501a27
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 1e6620db0000000000009c4e36a99a05
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15992
    FF - user.js: extensions.delta.vrsn - 1.8.24.6
    FF - user.js: extensions.delta.vrsni - 1.8.24.6
    FF - user.js: extensions.delta.vrsnTs - 1.8.24.618:40:25
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=122173&tsp=5035
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416]
    R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2009-6-24 21104]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-6 16152]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-8-3 28992]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440]
    R2 a6bb4a82;KeepnBrowse;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-20 76448]
    R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
    R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-8-3 225280]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-1 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-1 701512]
    R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-8-4 1922600]
    R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2011-12-22 2213376]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2013-8-3 63856]
    R2 scbhmon;Extension Security Monitor Service;C:\Program Files (x86)\Surf Canyon\scbhmon.exe [2013-10-7 25960]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-1-27 381248]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-31 363800]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-1-20 36000]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-3 134696]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-1-20 298144]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-1-20 28832]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-1-20 201376]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-1-20 154272]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-8-3 620584]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-8-3 39976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-5 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-6 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-6 787736]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-1 25928]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-10-31 215552]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-3 646248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 FUJ02E3Service;FUJ02E3Service;C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2011-11-23 76104]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-1-20 51872]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-1-20 55456]
    S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-1-20 279200]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2006-11-1 7296]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    .
    =============== Created Last 30 ================
    .
    2014-01-01 10:13:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-01-01 10:13:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-01 10:02:25 -------- d-----w- C:\Users\Fujitsu\AppData\Local\ElevatedDiagnostics
    2014-01-01 00:45:36 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\Fighters
    2014-01-01 00:45:07 -------- d-----w- C:\ProgramData\Fighters
    2014-01-01 00:45:07 -------- d-----w- C:\Program Files\Fighters
    2014-01-01 00:45:07 -------- d-----w- C:\Program Files (x86)\Fighters
    2014-01-01 00:44:28 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\FileAssociationManager
    2014-01-01 00:44:28 -------- d-----w- C:\Program Files (x86)\FileAssociationManager
    2014-01-01 00:44:22 835656 ----a-w- C:\Windows\SysWow64\WINCTL5.OCX
    2014-01-01 00:44:22 499785 ----a-w- C:\Windows\SysWow64\WINUTIL8.DLL
    2014-01-01 00:44:22 425984 ----a-w- C:\Windows\SysWow64\WinCMR.dll
    2014-01-01 00:44:22 393216 ----a-w- C:\Windows\SysWow64\WINLCTL6.DLL
    2014-01-01 00:44:20 -------- d-----w- C:\Program Files (x86)\Winferno
    2014-01-01 00:44:05 -------- d-----w- C:\Users\Fujitsu\AppData\Local\SurfCanyon
    2014-01-01 00:44:05 -------- d-----w- C:\Users\Fujitsu\AppData\Local\Surf_Canyon
    2014-01-01 00:44:05 -------- d-----w- C:\Program Files (x86)\Surf Canyon
    2014-01-01 00:43:39 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\modules
    2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\js
    2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\images
    2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\html
    2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\css
    2013-12-31 21:18:13 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\LavasoftStatistics
    2013-12-31 20:45:39 -------- d-----w- C:\ProgramData\BitDefender
    2013-12-31 20:29:34 -------- d-----w- C:\Program Files\Lavasoft
    2013-12-31 20:28:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2013-12-29 16:56:47 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\Malwarebytes
    2013-12-29 16:56:44 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-12-28 20:07:03 -------- d-----w- C:\ProgramData\KeepnBrowse
    2013-12-10 07:35:54 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA5F6B96-B861-4CDA-81BA-574814BF4546}\offreg.dll
    .
    ==================== Find3M ====================
    .
    2013-12-11 06:59:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-11 06:59:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 2:34:44.92 ===============
  5. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    And this is the attach.txt content:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/31/2012 9:52:50 PM
    System Uptime: 1/1/2014 2:26:55 AM (0 hours ago)
    .
    Motherboard: FUJITSU | | FJNBB2D
    Processor: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz | CPU Socket - U3E1 | 2300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 154.641 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Fujitsu FUJ02E3 Device Driver
    Device ID: ACPI\FUJ02E3\2&DABA3FF&1
    Manufacturer: Fujitsu Limited
    Name: Fujitsu FUJ02E3 Device Driver
    PNP Device ID: ACPI\FUJ02E3\2&DABA3FF&1
    Service: FUJ02E3
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.05)
    Atheros Client Installation Program
    Bluetooth Win7 Suite (64)
    CWA Reminder by We-Care.com v4.1.24.3
    CyberLink YouCam
    DeskUpdate 4.11
    Dropbox
    EasyLife Gadget
    ESET Smart Security
    File Association Manager
    FJ Camera
    Fujitsu Hotkey Utility
    Fujitsu MobilityCenter Extension Utility
    Fujitsu System Extension Utility
    Google Chrome
    Google Update Helper
    IBM SPSS Statistics 19
    Intel PROSet Wireless
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    KeepnBrowse
    KMP Service
    LIFEBOOK Application Panel
    Malwarebytes Anti-Malware version 1.75.0.1300
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    MyPC Backup
    NextVPN
    NVIDIA 3D Vision Driver 290.69
    NVIDIA Control Panel 290.69
    NVIDIA Graphics Driver 290.69
    NVIDIA Install Application
    NVIDIA Optimus 1.6.24
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.6.24
    NVIDIA Update Components
    ooVoo
    OptimizerPro Upd
    Plugfree NETWORK
    Power Saving Utility
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Search Manager Service
    Search Protection
    Skype Click to Call
    SkypEmoticons
    Skype™ 6.7
    SLOW-PCfighter
    Synaptics Pointing Device Driver
    SystemDiagnostics
    The KMPlayer (remove only)
    Web Cake 3.00
    WIDCOMM Bluetooth Software
    Windows Driver Package - Intel (NETw5s64) net (09/15/2009 13.0.0.107)
    Windows Driver Package - Intel (NETw5v64) net (09/15/2009 13.0.0.107)
    Winferno Registry Power Cleaner
    WinRAR archiver
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/31/2013 9:05:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
    12/31/2013 8:02:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
    12/31/2013 7:44:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BackupStack service.
    12/31/2013 5:55:59 PM, Error: Service Control Manager [7038] - The nsi service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/31/2013 5:55:59 PM, Error: Service Control Manager [7038] - The CryptSvc service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/31/2013 5:55:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not start due to a logon failure.
    12/31/2013 5:55:59 PM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not start due to a logon failure.
    12/31/2013 5:55:59 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not start due to a logon failure.
    12/31/2013 5:55:48 PM, Error: Service Control Manager [7038] - The eventlog service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/31/2013 5:55:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: Circular service dependency was specified.
    12/31/2013 5:55:48 PM, Error: Service Control Manager [7019] - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
    12/31/2013 5:55:48 PM, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio. Check the service dependency tree.
    12/31/2013 5:55:48 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: Circular service dependency was specified.
    12/31/2013 5:55:48 PM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not start due to a logon failure.
    12/31/2013 5:55:48 PM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: A system shutdown is in progress.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: Circular service dependency was specified.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Superfetch service to connect.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Program Compatibility Assistant Service service to connect.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Portable Device Enumerator Service service to connect.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Human Interface Device Access service to connect.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:55:31 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:55:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the COM+ Event System service to connect.
    12/31/2013 5:55:08 PM, Error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:55:07 PM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:55:01 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2013 5:55:01 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2013 5:55:01 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2013 5:54:59 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2013 5:54:59 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    12/31/2013 5:54:59 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2013 5:54:59 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2013 5:54:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Location Awareness service to connect.
    12/31/2013 5:54:59 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:54:48 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2013 5:54:48 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2013 5:54:48 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    12/31/2013 5:54:48 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2013 5:54:48 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2013 5:54:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
    12/31/2013 5:54:48 PM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2013 5:15:36 PM, Error: Service Control Manager [7023] - The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: %%-2147196306
    12/31/2013 11:33:47 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
    1/1/2014 2:28:26 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
    1/1/2014 2:06:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
    1/1/2014 2:06:44 AM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/1/2014 2:00:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/1/2014 12:57:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Extension Security Monitor Service service to connect.
    1/1/2014 12:57:48 AM, Error: Service Control Manager [7000] - The Extension Security Monitor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/1/2014 12:51:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
    1/1/2014 12:51:46 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    1/1/2014 12:51:46 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    1/1/2014 1:59:09 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2014 1:59:04 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    1/1/2014 1:59:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/1/2014 1:59:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/1/2014 1:58:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/1/2014 1:58:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/1/2014 1:58:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv spldr Wanarpv6
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  7. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Thanks. This is the results of RogueKiller (RKreport[0])

    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Fujitsu [Admin rights]
    Mode : Scan -- Date : 01/01/2014 17:39:48
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH][DLL] rundll32.exe -- c:\ProgramData\KeepnBrowse\KeepnBrowseSvc.dll [-] -> rundll32.exe KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- c:\ProgramData\KeepnBrowse\KeepnBrowseSvc.dll [-] -> rundll32.exe KILLED [TermThr]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll C:\PROGRA~3\KEEPNB~1\KEEPNB~2.DLL IESearchPlugin64.dll [x][x][-][x]) -> FOUND

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][ROGUE ST] bestLyrics-33-firefoxinstaller : C:\Program Files (x86)\bestLyrics-33\bestLyrics-33-firefoxinstaller.exe - /installxpi /agentregpath='bestLyrics-33' /extensionfilepath='C:\Program Files (x86)\bestLyrics-33\43872.xpi' /appid=43872 /srcid='000538' /subid='1060-5180' /zdata='d:eek:ex.findci.net' /bic=673DE91E4CB04540BED5F55872505FACIE /verifier=ee2ade236c60f4b34eeca3aa4d9c19aa /installerversion=1_28_153 /installerfullversion=1.28.153.5 /installationtime=1381714765 /statsdomain=hxxp://stats.srvmystats.com /errorsdomain=hxxp://errors.srvmystats.com /waitforbrowser=300 /extensionid=42f5b16b-37cc-4ffd-bfa9-806138eb827f@cc21cac3-775a-4f6f-8277-c3cac686f390.com /extensionversion=0.92 /prefsbranch=a42f5b16b37cc4ffdbfa9806138eb827fcc21cac3775a4f6f8277c3cac686f390com43872 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/43872.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    54.225.95.126 ckdjndgfgjaglgcnllemofeepjeeaofa
    54.225.95.126 achhmapmjlcjlomcbmbicbgkihghgnie


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD050 +++++
    --- User ---
    [MBR] 658bc9eb07103c21fddd198a23394651
    [BSP] 0d1264c9f5019cb1f77b81172ef07c12 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476939 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_01012014_173948.txt >>
  8. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Running Malwarebytes Anti-Rootkit, I'm surprisingly notified that there is no malware found thus there's no need for a clean-up. This is the system-log content:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x64

    Account is Administrative

    Internet Explorer version: 8.0.7600.16385

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.294000 GHz
    Memory total: 4144291840, free: 824119296

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x64

    Account is Administrative

    Internet Explorer version: 8.0.7600.16385

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.294000 GHz
    Memory total: 4144291840, free: 799293440

    Downloaded database version: v2014.01.01.05
    Downloaded database version: v2013.12.18.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/01/2014 17:42:37
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\ACPI.sys
    \SystemRoot\system32\DRIVERS\WMILIB.SYS
    \SystemRoot\system32\DRIVERS\msisadrv.sys
    \SystemRoot\system32\DRIVERS\pci.sys
    \SystemRoot\system32\DRIVERS\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\DRIVERS\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\DRIVERS\atapi.sys
    \SystemRoot\system32\DRIVERS\ataport.SYS
    \SystemRoot\system32\DRIVERS\msahci.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\Drivers\FBIOSDRV.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\epfwwfp.sys
    \SystemRoot\system32\DRIVERS\vmstorfl.sys
    \SystemRoot\system32\DRIVERS\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\eamonm.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\ehdrv.sys
    C:\Program Files\ESET\ESET Smart Security\em006_64.dat
    C:\Program Files\ESET\ESET Smart Security\em018_64.dat
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\EpfwLWF.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\NETwNs64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\FUJ02B1.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\FUJ02E3.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\btath_bus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\iusb3hub.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\bcbtums.sys
    \??\C:\Windows\system32\drivers\btwampfl.sys
    \??\C:\Windows\system32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\Drivers\RtsUStor.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\DRIVERS\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\btath_rcp.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\drivers\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\drivers\btath_a2dp.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\system32\DRIVERS\btath_hcrp.sys
    \SystemRoot\system32\DRIVERS\btath_flt.sys
    \SystemRoot\system32\DRIVERS\snp2uvc.sys
    \SystemRoot\system32\DRIVERS\STREAM.SYS
    \SystemRoot\system32\DRIVERS\sncduvc.SYS
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\epfw.sys
    C:\Program Files\ESET\ESET Smart Security\em008_64.dat
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\difxapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\wininet.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\shell32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\msctf.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\nsi.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\user32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004d3d060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004ae5050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004d3d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004d3db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004d3d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8003ce2c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004ae5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: AE56DA55

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976771072
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================
  9. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  10. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    This is my ComboFix.txt content:

    ComboFix 14-01-01.01 - Fujitsu 01/01/2014 21:06:59.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3952.440 [GMT -8:00]
    Running from: C:\Users\Fujitsu\Downloads\ComboFix.exe
    AV: ESET Smart Security 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\END
    C:\Install.exe
    C:\Program Files (x86)\SaveShare
    C:\ProgramData\Roaming
    C:\Windows\SysWow64\html
    C:\Windows\SysWow64\images
    C:\Windows\SysWow64\setting.ini


    ((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 )))))))))))))))))))))))))))))))


    2014-01-02 05:13:00 . 2014-01-02 05:13:00 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
    2014-01-02 05:13:00 . 2014-01-02 05:13:00 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2014-01-02 01:42:37 . 2014-01-02 01:58:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-01-02 01:42:37 . 2014-01-02 01:42:37 117464 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-02 01:41:57 . 2014-01-02 01:41:57 89304 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
    2014-01-02 01:38:56 . 2014-01-02 01:38:59 1898576 ----a-w- C:\Windows\system32\drivers\tcpip.sys.bak
    2014-01-02 01:37:58 . 2014-01-02 01:37:58 6144 ----a-w- C:\Windows\system32\drivers\null.sys.bak
    2014-01-02 01:36:59 . 2014-01-02 01:36:59 55456 ----a-w- C:\Windows\system32\drivers\btath_lwflt.sys.bak
    2014-01-02 01:25:46 . 2014-01-02 01:25:46 -------- d-----w- C:\found.000
    2014-01-01 10:13:31 . 2014-01-01 10:13:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-01 10:13:31 . 2013-04-04 22:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2014-01-01 10:02:25 . 2014-01-01 10:02:25 -------- d-----w- C:\Users\Fujitsu\AppData\Local\ElevatedDiagnostics
    2014-01-01 00:49:10 . 2014-01-01 00:49:10 -------- d-----w- C:\ProgramData\Winferno
    2014-01-01 00:45:36 . 2014-01-01 00:45:36 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\Fighters
    2014-01-01 00:45:07 . 2014-01-02 03:33:20 -------- d-----w- C:\ProgramData\Fighters
    2014-01-01 00:45:07 . 2014-01-01 00:45:07 -------- d-----w- C:\Program Files\Fighters
    2014-01-01 00:45:07 . 2014-01-01 00:45:07 -------- d-----w- C:\Program Files (x86)\Fighters
    2014-01-01 00:44:28 . 2014-01-01 00:44:59 -------- d-----w- C:\Program Files (x86)\FileAssociationManager
    2014-01-01 00:44:28 . 2014-01-01 00:44:28 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\FileAssociationManager
    2014-01-01 00:44:22 . 2010-10-26 19:07:18 499785 ----a-w- C:\Windows\SysWow64\WINUTIL8.DLL
    2014-01-01 00:44:22 . 2010-09-01 23:59:10 835656 ----a-w- C:\Windows\SysWow64\WINCTL5.OCX
    2014-01-01 00:44:22 . 2010-01-14 18:31:22 425984 ----a-w- C:\Windows\SysWow64\WinCMR.dll
    2014-01-01 00:44:22 . 2009-06-05 19:04:04 393216 ----a-w- C:\Windows\SysWow64\WINLCTL6.DLL
    2014-01-01 00:44:20 . 2014-01-01 00:44:20 -------- d-----w- C:\Program Files (x86)\Winferno
    2014-01-01 00:44:05 . 2014-01-01 00:44:45 -------- d-----w- C:\Users\Fujitsu\AppData\Local\Surf_Canyon
    2014-01-01 00:44:05 . 2014-01-01 00:44:39 -------- d-----w- C:\Program Files (x86)\Surf Canyon
    2014-01-01 00:44:05 . 2014-01-01 00:44:05 -------- d-----w- C:\Users\Fujitsu\AppData\Local\SurfCanyon
    2014-01-01 00:44:01 . 2014-01-01 00:44:01 -------- d-----w- C:\ProgramData\Yahoo! Companion
    2014-01-01 00:43:50 . 2014-01-01 00:43:50 -------- d-----w- C:\ProgramData\Yahoo!
    2014-01-01 00:43:48 . 2014-01-01 00:43:48 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\Yahoo!
    2014-01-01 00:43:39 . 2014-01-01 00:43:50 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2014-01-01 00:43:28 . 2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\modules
    2014-01-01 00:43:28 . 2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\js
    2014-01-01 00:43:28 . 2014-01-01 00:43:28 -------- d-----w- C:\Windows\SysWow64\css
    2013-12-31 21:18:13 . 2013-12-31 21:18:13 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\LavasoftStatistics
    2013-12-31 20:45:39 . 2013-12-31 20:45:39 -------- d-----w- C:\ProgramData\BitDefender
    2013-12-31 20:29:34 . 2013-12-31 20:29:34 -------- d-----w- C:\Program Files\Lavasoft
    2013-12-31 20:28:27 . 2013-12-31 20:28:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2013-12-31 20:26:43 . 2013-12-31 20:26:43 -------- d-----w- C:\ProgramData\Lavasoft
    2013-12-29 16:56:47 . 2013-12-29 16:56:47 -------- d-----w- C:\Users\Fujitsu\AppData\Roaming\Malwarebytes
    2013-12-29 16:56:44 . 2013-12-29 16:56:44 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-12-29 16:45:10 . 2013-12-29 16:45:56 -------- d-----w- C:\Program Files (x86)\Google
    2013-12-28 20:07:03 . 2013-12-28 20:07:04 -------- d-----w- C:\ProgramData\KeepnBrowse
    2013-12-10 07:35:54 . 2013-12-15 13:18:43 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA5F6B96-B861-4CDA-81BA-574814BF4546}\offreg.dll
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2013-12-11 06:59:29 . 2013-08-17 15:40:53 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-12-11 06:59:29 . 2013-08-04 21:50:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl


    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.

    [7] 2009-07-14 01:41:53 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [-] 2009-07-14 01:41:53 . 3C6018A5BFDA89FB3BE0BBB2E0DD234A . 509952 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\system32\rpcss.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 130736 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 130736 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 130736 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 130736 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-07-25 16:45:40 20686704]
    "ooVoo.exe"="C:\Program Files (x86)\ooVoo\ooVoo.exe" [2013-08-05 01:19:28 35253824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DeskUpdateNotifier"="C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 20:04:22 97560]
    "UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 22:55:34 222504]
    "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-06 09:18:28 291608]
    "IndicatorUtility"="C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 01:05:32 48752]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 14:03:58 958576]
    "SurfCanyonDesktop"="C:\Program Files (x86)\Surf Canyon\SurfCanyonDesktop.exe" [2013-10-07 21:27:48 86528]
    "CommonToolkitTray"="C:\Program Files (x86)\Fighters\Tray\FightersTray.exe" [2013-07-08 19:33:36 1497120]

    C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-11-22 1338656]
    McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    R2 a6bb4a82;KeepnBrowse;C:\Windows\system32\rundll32.exe;C:\Windows\SYSNATIVE\rundll32.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys;C:\Windows\SYSNATIVE\Drivers\AthDfu.sys [x]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    R3 mbamchameleon;mbamchameleon;C:\Windows\system32\drivers\mbamchameleon.sys;C:\Windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\MBAMSwissArmy.sys;C:\Windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys;C:\Windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
    S0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys;C:\Windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
    S0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\Drivers\FBIOSDRV.sys;C:\Windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys;C:\Windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys;C:\Windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys;C:\Windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys;C:\Windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
    S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe;C:\Program Files (x86)\MyPC Backup\BackupStack.exe [x]
    S2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
    S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [x]
    S2 FUJ02E3Service;FUJ02E3Service;C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe;C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
    S2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
    S2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [x]
    S2 scbhmon;Extension Security Monitor Service;C:\Program Files (x86)\Surf Canyon\scbhmon.exe;C:\Program Files (x86)\Surf Canyon\scbhmon.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys;C:\Windows\SYSNATIVE\drivers\bcbtums.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\system32\drivers\btwampfl.sys;C:\Windows\SYSNATIVE\drivers\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys;C:\Windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys;C:\Windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys;C:\Windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-29 16:45:56 1210320 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

    Contents of the 'Scheduled Tasks' folder

    2014-01-02 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-17 15:40:53 . 2013-12-11 06:59:29]

    2014-01-02 C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29 16:45:10 . 2013-12-29 16:45:06]

    2014-01-02 C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29 16:45:10 . 2013-12-29 16:45:06]

    2014-01-02 C:\Windows\Tasks\RegPowerClean.job
    - C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2014-01-01 00:44:21 . 2012-02-08 23:30:40]

    2014-01-02 C:\Windows\Tasks\RPCReminder.job
    - C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2014-01-01 00:44:22 . 2012-02-08 23:34:18]

    2014-01-02 C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Notification.job
    - C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe [2013-08-08 20:28:12 . 2013-08-08 20:28:12]

    2014-01-02 C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Startup.job
    - C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2013-08-08 20:28:16 . 2013-08-08 20:28:16]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 164016 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 164016 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 164016 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-05 17:17:30 164016 ----a-w- C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 15:58:20 13374568]
    "AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-21 01:23:36 615584]
    "AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-21 01:23:26 379552]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-03-25 22:44:34 170264]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-03-25 22:44:24 398616]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2012-03-25 22:44:30 439064]
    "RtHDVBg_DTS"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 18:18:26 2277992]
    "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe" [2011-11-23 23:38:10 76104]
    "PSUTility"="C:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [2011-10-03 17:50:36 205168]
    "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2011-09-30 23:09:02 158024]
    "LoadBtnHnd"="C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe" [2011-09-30 23:09:02 23368]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2013-03-21 22:19:42 6330568]
  11. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    AdwCleaner log content:

    # AdwCleaner v3.016 - Report created 01/01/2014 at 22:38:10
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Ultimate (64 bits)
    # Username : Fujitsu - FUJITSU-PC
    # Running from : C:\Users\Fujitsu\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : BackupStack

    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\apn
    [!] Folder Deleted : C:\ProgramData\Babylon
    [!] Folder Deleted : C:\ProgramData\BetterSoft
    [!] Folder Deleted : C:\ProgramData\DSearchLink
    [!] Folder Deleted : C:\ProgramData\Tarma Installer
    [!] Folder Deleted : C:\ProgramData\SavvEnSShare
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
    [!] Folder Deleted : C:\Program Files (x86)\Bench
    [!] Folder Deleted : C:\Program Files (x86)\Betcat
    [!] Folder Deleted : C:\Program Files (x86)\Conduit
    [!] Folder Deleted : C:\Program Files (x86)\EasyLife
    [!] Folder Deleted : C:\Program Files (x86)\Movdap
    [!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
    [!] Folder Deleted : C:\Program Files (x86)\Surf Canyon
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\Conduit
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\NativeMessaging
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\Surf_Canyon
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\SwvUpdater
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\WhiteListing
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\LocalLow\Conduit
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\LocalLow\Delta
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Movdap
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Search Protection
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\SkypEmoticons
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Web Cake
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\Extensions\wecarereminder@bryan
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\Extensions\aa.2li@ugoxikkiir.edu
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\Extensions\wecarereminder@bryan
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\Extensions\zpmgxkcj@zyuyoe.co.uk
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\Extensions\{2A39D365-6906-B62D-BB4C-E544F9440E50}
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    [!] Folder Deleted : C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    File Deleted : C:\Users\Fujitsu\Desktop\MyPC Backup.lnk
    File Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\invalidprefs.js
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
    File Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\searchplugins\EasyLife.xml
    File Deleted : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{75623D5D-4683-402A-B610-AC4BAB767C86}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Classes\.bdc
    Key Deleted : HKLM\SOFTWARE\Classes\.bgl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
    Key Deleted : HKCU\Software\5a53d8dfb63cb813
    Key Deleted : HKLM\SOFTWARE\5a53d8dfb63cb813
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6EB4A4C0-6036-4D2E-B010-20707C4B62E8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EB4A4C0-6036-4D2E-B010-20707C4B62E8}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\Surf Canyon
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Surf Canyon
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\BetterSurf
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\Software\installedbrowserextensions
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\Surf Canyon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.7600.16385


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default\prefs.js ]

    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Line Deleted : user_pref("extensions.crossrider.bic", "141b4d1e43af2477e4c51e0a8bcbc353");
    Line Deleted : user_pref("extensions.delta.admin", false);
    Line Deleted : user_pref("extensions.delta.aflt", "babsst");
    Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Line Deleted : user_pref("extensions.delta.dfltLng", "en");
    Line Deleted : user_pref("extensions.delta.excTlbr", false);
    Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    Line Deleted : user_pref("extensions.delta.id", "1e6620db0000000000009c4e36a99a05");
    Line Deleted : user_pref("extensions.delta.instlDay", "15992");
    Line Deleted : user_pref("extensions.delta.instlRef", "sst");
    Line Deleted : user_pref("extensions.delta.newTab", false);
    Line Deleted : user_pref("extensions.delta.prdct", "delta");
    Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Line Deleted : user_pref("extensions.delta.rvrt", "false");
    Line Deleted : user_pref("extensions.delta.smplGrp", "none");
    Line Deleted : user_pref("extensions.delta.tlbrId", "base");
    Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
    Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.618:40:25");
    Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
    Line Deleted : user_pref("extensions.delta_i.babExt", "");
    Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=122173&tsp=5035");
    Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
    Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
    Line Deleted : user_pref("extentions.webcake.installId", "f67053c4-232a-46e4-a60f-0358aa501a27");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://searchy.easylifeapp.com/?pid=1250&src=ff1&r=2013/09/06&hid=17327736777079737959&lg=EN&cc=US");
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://searchy.easylifeapp.com/?pid=1250&src=ff2&r=2013/09/06&hid=17327736777079737959&lg=EN&cc=US&l=1&q=");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [16195 octets] - [01/01/2014 22:35:30]
    AdwCleaner[S0].txt - [15954 octets] - [01/01/2014 22:38:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16015 octets] ##########
  13. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    JRT log content:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.9 (01.01.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Fujitsu on Wed 01/01/2014 at 22:45:43.51
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1756631343-4251923923-2478469469-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bestlyrics-33-bg_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bestlyrics-33-bg_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bestLyrics-33-chromeinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bestLyrics-33-chromeinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bestLyrics-33-codedownloader_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bestLyrics-33-codedownloader_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\bestlyrics-33-bg_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\bestlyrics-33-bg_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\bestLyrics-33-chromeinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\bestLyrics-33-chromeinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\bestLyrics-33-codedownloader_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\bestLyrics-33-codedownloader_RASMANCS



    ~~~ Files

    Successfully deleted: [File] C:\Windows\Tasks\regpowerclean.job
    Successfully deleted: [File] C:\Windows\Tasks\rpcreminder.job



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\fighters"
    Successfully deleted: [Folder] "C:\Users\Fujitsu\AppData\Roaming\fighters"
    Successfully deleted: [Folder] "C:\Users\Fujitsu\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\Fujitsu\appdata\local\surfcanyon"
    Successfully deleted: [Folder] "C:\Users\Fujitsu\appdata\locallow\surfcanyon"
    Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
    Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
    Successfully deleted: [Folder] "C:\Program Files (x86)\winferno\registrypowercleaner"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Fujitsu\AppData\Roaming\mozilla\firefox\profiles\d4gsali1.default\prefs.js

    user_pref("browser.startup.homepage", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20131253,20031,0,85,0");
    user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
    Emptied folder: C:\Users\Fujitsu\AppData\Roaming\mozilla\firefox\profiles\d4gsali1.default\minidumps [44 files]



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Fujitsu\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 01/01/2014 at 22:57:39.16
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  14. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    I'm running OTL at the moment. It scans through the system fast until it starts scanning firefox setting then it seems it's stuck and it stops responding. I redid the process but same thing happened.
  15. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  16. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Thank you. Addition.txt content:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
    Ran by Fujitsu at 2014-01-02 00:12:27
    Running from C:\Users\Fujitsu\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: ESET Smart Security 6.0 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AS: ESET Smart Security 6.0 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

    ==================== Installed Programs ======================

    Adobe Flash Player 10 (x32 Version: - Parand ® Software Group)
    Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
    Atheros Client Installation Program (x32 Version: 7.0 - Atheros)
    Bluetooth Win7 Suite (64) (Version: 7.2.0.56 - Atheros Communications)
    CWA Reminder by We-Care.com v4.1.24.3 (x32 Version: 4.1.24.3 - We-Care.com)
    CyberLink YouCam (x32 Version: 2.0.1707 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 2.0.1707 - CyberLink Corp.) Hidden
    DeskUpdate 4.11 (x32 Version: 4.11.0074 - Fujitsu Technology Solutions)
    Dropbox (HKCU Version: 2.0.26 - Dropbox, Inc.)
    EasyLife Gadget (Version: 1.0 - EasyLife Gadget)
    ESET Smart Security (Version: 6.0.316.0 - ESET, spol s r. o.)
    File Association Manager (x32 Version: 0.5 - Amnis Technology Ltd)
    FJ Camera (x32 Version: 5.8.52032.0_WHQL - Sonix)
    Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED)
    Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
    Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden
    Fujitsu MobilityCenter Extension Utility (x32 Version: 3.01.00.002 - FUJITSU LIMITED)
    Fujitsu System Extension Utility (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
    Fujitsu System Extension Utility (x32 Version: 3.4.4.0 - FUJITSU LIMITED)
    Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
    IBM SPSS Statistics 19 (x32 Version: 19.0.0 - SPSS Inc., an IBM Company)
    Intel PROSet Wireless (Version: - ) Hidden
    Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
    Intel(R) Processor Graphics (x32 Version: 8.15.10.2696 - Intel Corporation)
    Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
    KeepnBrowse (x32 Version: - Intellitech)
    KMP Service (x32 Version: - KMP)
    LIFEBOOK Application Panel (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
    LIFEBOOK Application Panel (x32 Version: 8.3.2.0 - FUJITSU LIMITED)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
    Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
    NextVPN (x32 Version: 2.1.1 - )
    NVIDIA 3D Vision Driver 290.69 (Version: 290.69 - NVIDIA Corporation)
    NVIDIA Control Panel 290.69 (Version: 290.69 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 290.69 (Version: 290.69 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.48.259 - NVIDIA Corporation) Hidden
    NVIDIA Optimus 1.6.24 (Version: 1.6.24 - NVIDIA Corporation) Hidden
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9069 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.6.24 (Version: 1.6.24 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.6.24 - NVIDIA Corporation) Hidden
    ooVoo (x32 Version: 3.5.9056 - ooVoo LLC.)
    OptimizerPro Upd (Version: 1.0 - BetterSoft) <==== ATTENTION
    Plugfree NETWORK (Version: 6.2.0.1 - FUJITSU LIMITED)
    Plugfree NETWORK (Version: 6.2.001 - FUJITSU LIMITED) Hidden
    Power Saving Utility (x32 Version: 32.01.10.038 - FUJITSU LIMITED)
    Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011 - Realtek)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
    Search Protection (HKCU Version: 7.5.0.1 - Spigot, Inc.)
    Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.7 (x32 Version: 6.7.102 - Skype Technologies S.A.)
    SLOW-PCfighter (Version: 1.7.68 - SPAMfighter ApS) Hidden
    SLOW-PCfighter (Version: 1.7.68 - SPAMfighter ApS.)
    Synaptics Pointing Device Driver (Version: 14.0.10.0 - Synaptics Incorporated)
    SystemDiagnostics (x32 Version: 3.02.0010 - Fujitsu Technology Solutions)
    The KMPlayer (remove only) (x32 Version: 3.6.0.87 - KMP Media co., Ltd)
    WIDCOMM Bluetooth Software (Version: 6.5.0.3100 - Broadcom Corporation)
    Windows Driver Package - Intel (NETw5s64) net (09/15/2009 13.0.0.107) (Version: 09/15/2009 13.0.0.107 - Intel)
    Windows Driver Package - Intel (NETw5v64) net (09/15/2009 13.0.0.107) (Version: 09/15/2009 13.0.0.107 - Intel)
    Winferno Registry Power Cleaner (x32 Version: 2012 - Winferno.com)
    WinRAR archiver (x32 Version: - )
    Yahoo! Toolbar (x32 Version: - Yahoo! Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2009-07-13 18:34 - 2014-01-01 21:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1320C1DB-82B7-484B-B100-938623C97405} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
    Task: {406D13B5-D67D-4CF4-8CB7-686F7A8BB661} - System32\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
    Task: {5A348E42-2EF0-411F-8690-71A1A9532AA9} - System32\Tasks\Fujitsu\DeskUpdateRetry => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
    Task: {66625CFF-B5EF-4930-B9B5-AB959A16DA4F} - System32\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
    Task: {6E26F554-4074-49E6-AC73-5126B2AB094E} - System32\Tasks\{D3B0207E-0794-4545-B765-A7EAE8832335} => Chrome.exe http://ui.skype.com/ui/0/6.7.59.102/en/abandoninstall?page=tsMain
    Task: {751CB664-7262-4C48-83C7-7A6DDB7D8B84} - System32\Tasks\SLOW-PCfighter64-Fujitsu-Startup => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2013-08-08] (SPAMfighter ApS)
    Task: {96E43A6F-D562-426A-A409-6FE1EE14F668} - System32\Tasks\SLOW-PCfighter64-Fujitsu-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe [2013-08-08] (SPAMfighter ApS)
    Task: {B93DFB3C-7EA9-4397-B548-AB141D993DBC} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
    Task: {BA20C422-4305-4913-A60C-DBB0583F7466} - System32\Tasks\bestLyrics-33-enabler => C:\Program Files (x86)\bestLyrics-33\bestLyrics-33-enabler.exe <==== ATTENTION
    Task: {BFD4E2A4-ABA4-41B9-B3CE-FD9458647DD4} - System32\Tasks\bestLyrics-33-codedownloader => C:\Program Files (x86)\bestLyrics-33\bestLyrics-33-codedownloader.exe <==== ATTENTION
    Task: {FABCEFDA-FF45-425A-BE4B-A41B11C778EE} - System32\Tasks\bestLyrics-33-updater => C:\Program Files (x86)\bestLyrics-33\bestLyrics-33-updater.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Startup.job => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2011-04-10 09:40 - 2011-04-10 09:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-12-28 12:07 - 2013-12-28 12:07 - 00179536 _____ () C:\ProgramData\KeepnBrowse\KeepnBrowseSvc.dll
    2013-12-28 12:07 - 2013-12-28 12:07 - 04511744 _____ () C:\ProgramData\KeepnBrowse\KeepnBrowse.dll
    2013-08-04 12:07 - 2012-10-22 10:21 - 01277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
    2013-08-04 12:07 - 2012-07-09 16:57 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
    2013-08-04 12:07 - 2011-12-06 15:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
    2013-08-04 12:07 - 2012-03-23 09:07 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
    2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-03-13 12:48 - 2013-03-13 12:48 - 24978944 _____ () C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\libcef.dll
    2012-10-31 21:44 - 2012-01-21 02:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-12-20 09:51 - 2013-12-20 09:52 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2012-01-27 13:09 - 2012-01-27 13:09 - 00350016 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    2013-12-10 22:59 - 2013-12-10 22:59 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/01/2014 11:54:25 PM) (Source: Application Hang) (User: )
    Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 189c

    Start Time: 01cf078d547c0267

    Termination Time: 28

    Application Path: C:\Users\Fujitsu\Downloads\OTL.exe

    Report Id: 1692d56f-7383-11e3-9d8b-c01885ae12ca

    Error: (01/01/2014 11:28:33 PM) (Source: Application Error) (User: )
    Description: Faulting application name: KMPProcess.exe, version: 1.0.1.2, time stamp: 0x51d50ca2
    Faulting module name: PanStreamer.dll, version: 2.0.7.38, time stamp: 0x509c8e1f
    Exception code: 0xc0000005
    Fault offset: 0x0001dc74
    Faulting process id: 0xe80
    Faulting application start time: 0xKMPProcess.exe0
    Faulting application path: KMPProcess.exe1
    Faulting module path: KMPProcess.exe2
    Report Id: KMPProcess.exe3

    Error: (01/01/2014 11:27:23 PM) (Source: Application Hang) (User: )
    Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: fd8

    Start Time: 01cf078ae3dd8023

    Termination Time: 6

    Application Path: C:\Users\Fujitsu\Downloads\OTL.exe

    Report Id: 4f5fb0e6-737f-11e3-8fb3-c01885ae12ca

    Error: (01/01/2014 11:18:28 PM) (Source: Application Hang) (User: )
    Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1998

    Start Time: 01cf07883a3dbdbc

    Termination Time: 9

    Application Path: C:\Users\Fujitsu\Downloads\OTL.exe

    Report Id: 11308814-737e-11e3-8fb3-c01885ae12ca


    System errors:
    =============
    Error: (01/01/2014 11:30:06 PM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error:
    %%-2147196306

    Error: (01/01/2014 11:29:52 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (01/01/2014 11:29:51 PM) (Source: Service Control Manager) (User: )
    Description: The Extension Security Monitor Service service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (01/01/2014 11:54:25 PM) (Source: Application Hang)(User: )
    Description: OTL.exe3.2.69.0189c01cf078d547c026728C:\Users\Fujitsu\Downloads\OTL.exe1692d56f-7383-11e3-9d8b-c01885ae12ca

    Error: (01/01/2014 11:28:33 PM) (Source: Application Error)(User: )
    Description: KMPProcess.exe1.0.1.251d50ca2PanStreamer.dll2.0.7.38509c8e1fc00000050001dc74e8001cf0785c3bb244dC:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exeC:\Program Files (x86)\PANDORA.TV\PanService\PanStreamer.dll7b80e060-737f-11e3-8fb3-c01885ae12ca

    Error: (01/01/2014 11:27:23 PM) (Source: Application Hang)(User: )
    Description: OTL.exe3.2.69.0fd801cf078ae3dd80236C:\Users\Fujitsu\Downloads\OTL.exe4f5fb0e6-737f-11e3-8fb3-c01885ae12ca

    Error: (01/01/2014 11:18:28 PM) (Source: Application Hang)(User: )
    Description: OTL.exe3.2.69.0199801cf07883a3dbdbc9C:\Users\Fujitsu\Downloads\OTL.exe11308814-737e-11e3-8fb3-c01885ae12ca


    CodeIntegrity Errors:
    ===================================
    Date: 2014-01-01 23:30:35.614
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 22:41:58.167
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 22:13:21.150
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 21:25:51.224
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 21:15:54.939
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 21:12:26.884
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-01 21:12:26.880
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-01 19:40:21.161
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 19:31:21.526
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 17:28:03.011
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 88%
    Total physical RAM: 3952.3 MB
    Available physical RAM: 438.77 MB
    Total Pagefile: 7902.76 MB
    Available Pagefile: 2981.6 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.76 GB) (Free:157.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AE56DA55)
    Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
  17. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    FRST.txt content (more than 50000 character so I split it):
    Part 1:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
    Ran by Fujitsu (administrator) on FUJITSU-PC on 02-01-2014 00:11:05
    Running from C:\Users\Fujitsu\Downloads
    Windows 7 Ultimate (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
    (PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Dropbox, Inc.) C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    (Farbar) C:\Users\Fujitsu\Downloads\FRST64(1).exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
    HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
    HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED)
    HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
    HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED)
    HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED)
    HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
    HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [97560 2010-10-13] (Fujitsu Technology Solutions)
    HKLM-x32\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe
    HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
    HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
    HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SurfCanyonDesktop] - C:\Program Files (x86)\Surf Canyon\SurfCanyonDesktop.exe
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20686704 2013-07-25] (Skype Technologies S.A.)
    HKCU\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [35253824 2013-08-04] (ooVoo LLC)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.242.0.12
  18. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Part 2:

    FireFox:
    ========
    FF ProfilePath: C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\d4gsali1.default
    FF DefaultSearchEngine: Yahoo
    FF SearchEngineOrder.1: Yahoo
    FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
    FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
    FF SelectedSearchEngine: Yahoo
    FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20131253,20030,0,85,0
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
    FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha292.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha292\ff
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    Chrome:
    =======
    CHR Extension: (Google Docs) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Instant Savings App) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdjndgfgjaglgcnllemofeepjeeaofa\1.0_0
    CHR Extension: (Google Search) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.0.317_0
    CHR Extension: (Skype Click to Call) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
    CHR Extension: (Google Wallet) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
    CHR Extension: (Gmail) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
    CHR HKLM-x32\...\Chrome\Extension: [iekdpffghahikncifpidkhadjhhlagjl] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha292\ch\WebexpEnhancedV1alpha292.crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
    CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx
    CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 a6bb4a82; C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)
    R2 a6bb4a82; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-13] (Microsoft Corporation)
    R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
    R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
    R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
    R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED)
    R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
    S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
    S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
    S2 scbhmon; "C:\Program Files (x86)\Surf Canyon\scbhmon.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-23] (Broadcom Corporation.)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
    R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
    R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
    R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
    R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2014-01-01] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-27] ()
    S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [x]
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [x]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

    ==================== NetSvcs (Whitelisted) ===================
     
  19. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Part 3:

    ==================== One Month Created Files and Folders ========

    2014-01-02 00:11 - 2014-01-02 00:11 - 00017469 _____ C:\Users\Fujitsu\Downloads\FRST.txt
    2014-01-02 00:10 - 2014-01-02 00:10 - 00000000 ____D C:\FRST
    2014-01-02 00:09 - 2014-01-02 00:09 - 01931426 _____ (Farbar) C:\Users\Fujitsu\Downloads\FRST64(1).exe
    2014-01-02 00:08 - 2014-01-02 00:08 - 01931426 _____ (Farbar) C:\Users\Fujitsu\Downloads\FRST64.exe
    2014-01-02 00:07 - 2014-01-02 00:07 - 01064481 _____ (Farbar) C:\Users\Fujitsu\Downloads\FRST.exe
    2014-01-01 23:32 - 2014-01-01 23:32 - 00000000 ____D C:\ProgramData\Fighters
    2014-01-01 23:30 - 2014-01-01 23:30 - 00000000 ___RD C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-01-01 22:59 - 2014-01-01 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Fujitsu\Downloads\OTL.exe
    2014-01-01 22:57 - 2014-01-01 22:57 - 00005038 _____ C:\Users\Fujitsu\Desktop\JRT.txt
    2014-01-01 22:45 - 2014-01-01 22:45 - 00000000 ____D C:\Windows\ERUNT
    2014-01-01 22:44 - 2014-01-01 22:44 - 01036305 _____ (Thisisu) C:\Users\Fujitsu\Downloads\JRT.exe
    2014-01-01 22:35 - 2014-01-01 22:38 - 00000000 ____D C:\AdwCleaner
    2014-01-01 22:34 - 2014-01-01 22:34 - 01233962 _____ C:\Users\Fujitsu\Downloads\adwcleaner.exe
    2014-01-01 21:04 - 2014-01-01 21:14 - 00000000 ____D C:\ComboFix
    2014-01-01 21:04 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-01 21:04 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-01 21:04 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-01 21:04 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-01 21:04 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-01 21:04 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-01 21:04 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-01 21:04 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-01 21:03 - 2014-01-01 21:04 - 00000000 ____D C:\Qoobox
    2014-01-01 21:02 - 2014-01-01 21:13 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 19:42 - 2014-01-01 20:51 - 05160282 ____R (Swearware) C:\Users\Fujitsu\Downloads\ComboFix.exe
    2014-01-01 17:42 - 2014-01-01 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-01-01 17:41 - 2014-01-01 17:41 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-01-01 17:40 - 2014-01-01 17:41 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Fujitsu\Downloads\mbar-1.07.0.1008.exe
    2014-01-01 17:39 - 2014-01-01 17:39 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00363584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00294992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00217680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00200272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00184576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00046672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:39 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 14020416 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 04718952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 01898576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 01812608 _____ () C:\Windows\system32\Drivers\snp2uvc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00293936 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00215552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00214096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00185936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00171600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00167488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00149056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00104016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00075840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00035456 _____ C:\Windows\system32\Drivers\sncduvc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00034896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00028992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 14745600 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 11417088 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 01659984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00947776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00751616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00620584 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00568600 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00460504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00410688 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00374864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00367168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00331264 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00290368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00288336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00279200 _____ (Atheros) C:\Windows\system32\Drivers\btfilter.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00224832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00223448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00213416 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00190232 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00178752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00178728 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00167976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00155216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00153152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00150616 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00140352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00095312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00094784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00060184 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00059440 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00058416 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00030272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00027216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00023104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00021104 _____ (FUJITSU LIMITED) C:\Windows\system32\Drivers\FBIOSDRV.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00014416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00007808 _____ (FUJITSU LIMITED) C:\Windows\system32\Drivers\fuj02b1.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00007296 _____ (FUJITSU LIMITED) C:\Windows\system32\Drivers\fuj02e3.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:37 - 00154272 _____ (Atheros) C:\Windows\system32\Drivers\btath_rcp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 02712064 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00298144 _____ (Atheros) C:\Windows\system32\Drivers\btath_a2dp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00201376 _____ (Atheros) C:\Windows\system32\Drivers\btath_hcrp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00155728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00134696 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00106576 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00055456 _____ (Atheros) C:\Windows\system32\Drivers\btath_lwflt.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00051872 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AthDfu.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00036000 _____ (Atheros) C:\Windows\system32\Drivers\btath_flt.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00028832 _____ (Atheros) C:\Windows\system32\Drivers\btath_bus.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00028752 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
    2014-01-01 17:26 - 2014-01-01 17:26 - 00003416 ____N C:\bootsqm.dat
    2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\found.000
    2014-01-01 15:53 - 2014-01-01 15:54 - 03810304 _____ C:\Users\Fujitsu\Downloads\RogueKiller.exe
    2014-01-01 11:43 - 2014-01-01 11:43 - 00000000 _____ C:\Users\Fujitsu\Desktop\New Bitmap Image.bmp
    2014-01-01 02:31 - 2014-01-01 02:31 - 00688992 ____R (Swearware) C:\Users\Fujitsu\Downloads\dds.com
    2014-01-01 02:13 - 2014-01-01 02:13 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-01 02:13 - 2014-01-01 02:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-01 02:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-01-01 02:12 - 2014-01-01 02:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fujitsu\Downloads\mbam-setup-1.75.0.1300(1).exe
    2013-12-31 21:14 - 2014-01-01 11:39 - 00020215 ____H C:\Users\Fujitsu\Documents\~WRL0128.tmp
    2013-12-31 16:49 - 2013-12-31 16:49 - 00000000 ____D C:\ProgramData\Winferno
    2013-12-31 16:45 - 2014-01-01 23:35 - 00000386 _____ C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Startup.job
    2013-12-31 16:45 - 2014-01-01 23:29 - 00000388 _____ C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Notification.job
    2013-12-31 16:45 - 2013-12-31 16:45 - 00003460 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Fujitsu-Notification
    2013-12-31 16:45 - 2013-12-31 16:45 - 00002774 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Fujitsu-Startup
    2013-12-31 16:45 - 2013-12-31 16:45 - 00002048 _____ C:\Users\Public\Desktop\SLOW-PCfighter.lnk
    2013-12-31 16:45 - 2013-12-31 16:45 - 00000000 ____D C:\Program Files\Fighters
    2013-12-31 16:44 - 2014-01-01 22:51 - 00000000 ____D C:\Program Files (x86)\Winferno
    2013-12-31 16:44 - 2013-12-31 16:44 - 00001375 _____ C:\Users\Public\Desktop\Check PC for Errors.lnk
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\FileAssociationManager
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\ProgramData\Yahoo! Companion
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
    2013-12-31 16:44 - 2010-10-26 11:07 - 00499785 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINUTIL8.DLL
    2013-12-31 16:44 - 2010-09-01 15:59 - 00835656 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINCTL5.OCX
    2013-12-31 16:44 - 2010-01-14 10:31 - 00425984 _____ C:\Windows\SysWOW64\WinCMR.dll
    2013-12-31 16:44 - 2009-06-05 11:06 - 00516832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapiCom.dll
    2013-12-31 16:44 - 2009-06-05 11:04 - 00393216 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINLCTL6.DLL
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Windows\SysWOW64\modules
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Windows\SysWOW64\js
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Windows\SysWOW64\css
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Yahoo!
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\ProgramData\Yahoo!
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\LavasoftStatistics
    2013-12-31 12:53 - 2013-12-31 12:51 - 00015073 _____ C:\Users\Fujitsu\Documents\hijackthis.log
    2013-12-31 12:45 - 2013-12-31 12:45 - 00000000 ____D C:\ProgramData\BitDefender
    2013-12-31 12:33 - 2013-12-31 12:48 - 00015073 _____ C:\Users\Fujitsu\Downloads\hijackthis.log
    2013-12-31 12:33 - 2013-12-31 12:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Fujitsu\Downloads\Crusty.exe
    2013-12-31 12:29 - 2013-12-31 12:29 - 00000000 ____D C:\Program Files\Lavasoft
    2013-12-31 12:28 - 2013-12-31 12:28 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2013-12-31 12:26 - 2013-12-31 12:26 - 01725064 _____ C:\Users\Fujitsu\Downloads\Adaware_Installer.exe
    2013-12-31 12:26 - 2013-12-31 12:26 - 00000000 ____D C:\ProgramData\Lavasoft
    2013-12-30 12:05 - 2013-12-30 12:05 - 00037376 _____ C:\Windows\system32\dmawc.luc
    2013-12-30 11:55 - 2014-01-02 00:10 - 00000081 _____ C:\Windows\system32\vtjfsu.sjm
    2013-12-30 11:54 - 2013-12-30 12:05 - 00000097 _____ C:\Windows\system32\icxuy.xhf
    2013-12-30 11:54 - 2013-12-30 11:54 - 00000064 _____ C:\Windows\system32\fvoxv.hov
    2013-12-30 11:38 - 2013-12-30 11:38 - 00219314 ____S C:\Windows\system32\nsza.qwf
    2013-12-29 10:05 - 2013-12-29 10:17 - 147136153 _____ C:\Users\Fujitsu\Downloads\FRIENDS SEASON-1-EPISODE-4 (THE ONE WITH GEORGE STEPHANOPOULOS).mkv
    2013-12-29 08:56 - 2013-12-29 08:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fujitsu\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-29 08:56 - 2013-12-29 08:56 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Malwarebytes
    2013-12-29 08:56 - 2013-12-29 08:56 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-29 08:53 - 2013-12-29 08:53 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Fujitsu\Downloads\iExplore.exe
    2013-12-29 08:51 - 2014-01-01 23:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc.job
    2013-12-29 08:51 - 2014-01-01 23:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44.job
    2013-12-29 08:51 - 2013-12-29 08:51 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc
    2013-12-29 08:51 - 2013-12-29 08:51 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44
    2013-12-29 08:49 - 2013-12-29 08:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Fujitsu\Downloads\iexplore.exe.exe
    2013-12-29 08:46 - 2013-12-29 08:46 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-12-29 08:45 - 2013-12-29 08:45 - 00000000 ____D C:\Program Files (x86)\Google
    2013-12-29 08:44 - 2013-12-29 08:44 - 00819176 _____ (Google Inc.) C:\Users\Fujitsu\Downloads\ChromeSetup.exe
    2013-12-28 12:07 - 2013-12-28 12:07 - 00000000 ____D C:\ProgramData\KeepnBrowse
    2013-12-21 17:14 - 2013-12-21 17:14 - 00000000 ____D C:\Users\Fujitsu\Documents\Textbooks
    2013-12-21 17:11 - 2013-12-21 17:21 - 00000000 ____D C:\Users\Fujitsu\Documents\Marketing Papers
    2013-12-21 17:10 - 2013-12-21 17:19 - 00000000 ____D C:\Users\Fujitsu\Documents\R
    2013-12-21 17:09 - 2013-12-21 17:22 - 00000000 ____D C:\Users\Fujitsu\Documents\Novels
    2013-12-20 15:49 - 2013-12-31 11:36 - 00000640 __RSH C:\ProgramData\ntuser.pol
    2013-12-20 09:51 - 2013-12-20 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-19 22:55 - 2013-12-19 22:55 - 31412160 _____ (Spotify Ltd) C:\Users\Fujitsu\Downloads\Spotify Installer.exe
    2013-12-04 19:38 - 2013-12-04 22:33 - 00097161 _____ C:\Users\Fujitsu\Downloads\Kantian inquiring system(1).pptx
  20. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Part 4:

    ==================== One Month Modified Files and Folders =======

    2014-01-02 00:11 - 2014-01-02 00:11 - 00017469 _____ C:\Users\Fujitsu\Downloads\FRST.txt
    2014-01-02 00:10 - 2014-01-02 00:10 - 00000000 ____D C:\FRST
    2014-01-02 00:10 - 2013-12-30 11:55 - 00000081 _____ C:\Windows\system32\vtjfsu.sjm
    2014-01-02 00:09 - 2014-01-02 00:09 - 01931426 _____ (Farbar) C:\Users\Fujitsu\Downloads\FRST64(1).exe
    2014-01-02 00:08 - 2014-01-02 00:08 - 01931426 _____ (Farbar) C:\Users\Fujitsu\Downloads\FRST64.exe
    2014-01-02 00:07 - 2014-01-02 00:07 - 01064481 _____ (Farbar) C:\Users\Fujitsu\Downloads\FRST.exe
    2014-01-02 00:01 - 2012-10-31 20:50 - 01244989 _____ C:\Windows\WindowsUpdate.log
    2014-01-01 23:59 - 2013-08-17 07:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-01 23:56 - 2013-12-29 08:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc.job
    2014-01-01 23:37 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-01 23:37 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-01 23:35 - 2013-12-31 16:45 - 00000386 _____ C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Startup.job
    2014-01-01 23:32 - 2014-01-01 23:32 - 00000000 ____D C:\ProgramData\Fighters
    2014-01-01 23:30 - 2014-01-01 23:30 - 00000000 ___RD C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-01-01 23:30 - 2013-09-06 09:21 - 00000000 ___RD C:\Users\Fujitsu\Dropbox
    2014-01-01 23:30 - 2013-09-06 09:19 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Dropbox
    2014-01-01 23:30 - 2012-10-31 22:02 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
    2014-01-01 23:29 - 2013-12-31 16:45 - 00000388 _____ C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Notification.job
    2014-01-01 23:29 - 2013-12-29 08:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44.job
    2014-01-01 23:29 - 2013-08-03 13:50 - 00000000 ____D C:\ProgramData\NVIDIA
    2014-01-01 23:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-01 23:29 - 2009-07-13 20:51 - 00047169 _____ C:\Windows\setupact.log
    2014-01-01 22:59 - 2014-01-01 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Fujitsu\Downloads\OTL.exe
    2014-01-01 22:57 - 2014-01-01 22:57 - 00005038 _____ C:\Users\Fujitsu\Desktop\JRT.txt
    2014-01-01 22:51 - 2013-12-31 16:44 - 00000000 ____D C:\Program Files (x86)\Winferno
    2014-01-01 22:45 - 2014-01-01 22:45 - 00000000 ____D C:\Windows\ERUNT
    2014-01-01 22:44 - 2014-01-01 22:44 - 01036305 _____ (Thisisu) C:\Users\Fujitsu\Downloads\JRT.exe
    2014-01-01 22:40 - 2013-08-03 13:34 - 00383008 _____ C:\Windows\PFRO.log
    2014-01-01 22:38 - 2014-01-01 22:35 - 00000000 ____D C:\AdwCleaner
    2014-01-01 22:34 - 2014-01-01 22:34 - 01233962 _____ C:\Users\Fujitsu\Downloads\adwcleaner.exe
    2014-01-01 21:59 - 2012-10-31 20:58 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu
    2014-01-01 21:14 - 2014-01-01 21:04 - 00000000 ____D C:\ComboFix
    2014-01-01 21:13 - 2014-01-01 21:02 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 21:13 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-01 21:04 - 2014-01-01 21:03 - 00000000 ____D C:\Qoobox
    2014-01-01 20:51 - 2014-01-01 19:42 - 05160282 ____R (Swearware) C:\Users\Fujitsu\Downloads\ComboFix.exe
    2014-01-01 17:58 - 2014-01-01 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-01-01 17:41 - 2014-01-01 17:41 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-01-01 17:41 - 2014-01-01 17:40 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Fujitsu\Downloads\mbar-1.07.0.1008.exe
    2014-01-01 17:39 - 2014-01-01 17:39 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00363584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00294992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00217680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00200272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00184576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00046672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:39 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
    2014-01-01 17:39 - 2014-01-01 17:38 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 14020416 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 04718952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 01898576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 01812608 _____ () C:\Windows\system32\Drivers\snp2uvc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00293936 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00215552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00214096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00185936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00171600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00167488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00149056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00104016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00075840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00035456 _____ C:\Windows\system32\Drivers\sncduvc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00034896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00028992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
    2014-01-01 17:38 - 2014-01-01 17:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 14745600 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 11417088 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 01659984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00947776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00751616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00620584 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00568600 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00460504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00410688 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00374864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00367168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00331264 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00290368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00288336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00279200 _____ (Atheros) C:\Windows\system32\Drivers\btfilter.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00224832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00223448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00213416 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00190232 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00178752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00178728 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00167976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00155216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00153152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00150616 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00140352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00095312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00094784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00060184 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00059440 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00058416 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00030272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00027216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00023104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00021104 _____ (FUJITSU LIMITED) C:\Windows\system32\Drivers\FBIOSDRV.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00014416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00007808 _____ (FUJITSU LIMITED) C:\Windows\system32\Drivers\fuj02b1.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00007296 _____ (FUJITSU LIMITED) C:\Windows\system32\Drivers\fuj02e3.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
    2014-01-01 17:37 - 2014-01-01 17:36 - 00154272 _____ (Atheros) C:\Windows\system32\Drivers\btath_rcp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 02712064 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00298144 _____ (Atheros) C:\Windows\system32\Drivers\btath_a2dp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00201376 _____ (Atheros) C:\Windows\system32\Drivers\btath_hcrp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00155728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00134696 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00106576 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00055456 _____ (Atheros) C:\Windows\system32\Drivers\btath_lwflt.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00051872 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AthDfu.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00036000 _____ (Atheros) C:\Windows\system32\Drivers\btath_flt.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00028832 _____ (Atheros) C:\Windows\system32\Drivers\btath_bus.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00028752 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
    2014-01-01 17:36 - 2014-01-01 17:36 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
    2014-01-01 17:26 - 2014-01-01 17:26 - 00003416 ____N C:\bootsqm.dat
    2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\found.000
    2014-01-01 15:54 - 2014-01-01 15:53 - 03810304 _____ C:\Users\Fujitsu\Downloads\RogueKiller.exe
    2014-01-01 14:25 - 2013-09-02 16:02 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Skype
    2014-01-01 11:43 - 2014-01-01 11:43 - 00000000 _____ C:\Users\Fujitsu\Desktop\New Bitmap Image.bmp
    2014-01-01 11:39 - 2013-12-31 21:14 - 00020215 ____H C:\Users\Fujitsu\Documents\~WRL0128.tmp
    2014-01-01 02:34 - 2009-07-13 21:13 - 00782154 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-01 02:31 - 2014-01-01 02:31 - 00688992 ____R (Swearware) C:\Users\Fujitsu\Downloads\dds.com
    2014-01-01 02:13 - 2014-01-01 02:13 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-01 02:13 - 2014-01-01 02:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-01 02:13 - 2014-01-01 02:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fujitsu\Downloads\mbam-setup-1.75.0.1300(1).exe
    2013-12-31 18:36 - 2013-08-03 18:43 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
    2013-12-31 16:49 - 2013-12-31 16:49 - 00000000 ____D C:\ProgramData\Winferno
    2013-12-31 16:45 - 2013-12-31 16:45 - 00003460 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Fujitsu-Notification
    2013-12-31 16:45 - 2013-12-31 16:45 - 00002774 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Fujitsu-Startup
    2013-12-31 16:45 - 2013-12-31 16:45 - 00002048 _____ C:\Users\Public\Desktop\SLOW-PCfighter.lnk
    2013-12-31 16:45 - 2013-12-31 16:45 - 00000000 ____D C:\Program Files\Fighters
    2013-12-31 16:44 - 2013-12-31 16:44 - 00001375 _____ C:\Users\Public\Desktop\Check PC for Errors.lnk
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\FileAssociationManager
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\ProgramData\Yahoo! Companion
    2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Windows\SysWOW64\modules
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Windows\SysWOW64\js
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Windows\SysWOW64\css
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Yahoo!
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\ProgramData\Yahoo!
    2013-12-31 16:43 - 2013-12-31 16:43 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2013-12-31 14:55 - 2013-09-02 16:25 - 00000000 ____D C:\Users\Fujitsu\Documents\Youcam
    2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\LavasoftStatistics
    2013-12-31 12:58 - 2013-09-02 16:24 - 00000026 _____ C:\Users\Fujitsu\Desktop\New Text Document.txt
    2013-12-31 12:51 - 2013-12-31 12:53 - 00015073 _____ C:\Users\Fujitsu\Documents\hijackthis.log
    2013-12-31 12:48 - 2013-12-31 12:33 - 00015073 _____ C:\Users\Fujitsu\Downloads\hijackthis.log
    2013-12-31 12:45 - 2013-12-31 12:45 - 00000000 ____D C:\ProgramData\BitDefender
    2013-12-31 12:33 - 2013-12-31 12:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Fujitsu\Downloads\Crusty.exe
    2013-12-31 12:29 - 2013-12-31 12:29 - 00000000 ____D C:\Program Files\Lavasoft
    2013-12-31 12:28 - 2013-12-31 12:28 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2013-12-31 12:26 - 2013-12-31 12:26 - 01725064 _____ C:\Users\Fujitsu\Downloads\Adaware_Installer.exe
    2013-12-31 12:26 - 2013-12-31 12:26 - 00000000 ____D C:\ProgramData\Lavasoft
    2013-12-31 11:36 - 2013-12-20 15:49 - 00000640 __RSH C:\ProgramData\ntuser.pol
    2013-12-30 12:50 - 2013-08-03 13:52 - 00000000 ____D C:\Program Files\Apoint2K
    2013-12-30 12:05 - 2013-12-30 12:05 - 00037376 _____ C:\Windows\system32\dmawc.luc
    2013-12-30 12:05 - 2013-12-30 11:54 - 00000097 _____ C:\Windows\system32\icxuy.xhf
    2013-12-30 11:54 - 2013-12-30 11:54 - 00000064 _____ C:\Windows\system32\fvoxv.hov
    2013-12-30 11:38 - 2013-12-30 11:38 - 00219314 ____S C:\Windows\system32\nsza.qwf
    2013-12-29 10:17 - 2013-12-29 10:05 - 147136153 _____ C:\Users\Fujitsu\Downloads\FRIENDS SEASON-1-EPISODE-4 (THE ONE WITH GEORGE STEPHANOPOULOS).mkv
    2013-12-29 08:56 - 2013-12-29 08:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fujitsu\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-29 08:56 - 2013-12-29 08:56 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Malwarebytes
    2013-12-29 08:56 - 2013-12-29 08:56 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-29 08:53 - 2013-12-29 08:53 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Fujitsu\Downloads\iExplore.exe
    2013-12-29 08:51 - 2013-12-29 08:51 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc
    2013-12-29 08:51 - 2013-12-29 08:51 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44
    2013-12-29 08:49 - 2013-12-29 08:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Fujitsu\Downloads\iexplore.exe.exe
    2013-12-29 08:46 - 2013-12-29 08:46 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-12-29 08:45 - 2013-12-29 08:45 - 00000000 ____D C:\Program Files (x86)\Google
    2013-12-29 08:44 - 2013-12-29 08:44 - 00819176 _____ (Google Inc.) C:\Users\Fujitsu\Downloads\ChromeSetup.exe
    2013-12-29 08:43 - 2013-08-03 18:37 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\Google
    2013-12-28 12:07 - 2013-12-28 12:07 - 00000000 ____D C:\ProgramData\KeepnBrowse
    2013-12-21 17:22 - 2013-12-21 17:09 - 00000000 ____D C:\Users\Fujitsu\Documents\Novels
    2013-12-21 17:21 - 2013-12-21 17:11 - 00000000 ____D C:\Users\Fujitsu\Documents\Marketing Papers
    2013-12-21 17:19 - 2013-12-21 17:10 - 00000000 ____D C:\Users\Fujitsu\Documents\R
    2013-12-21 17:14 - 2013-12-21 17:14 - 00000000 ____D C:\Users\Fujitsu\Documents\Textbooks
    2013-12-21 08:18 - 2013-08-04 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-12-20 15:49 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2013-12-20 15:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2013-12-20 09:52 - 2013-12-20 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-19 22:55 - 2013-12-19 22:55 - 31412160 _____ (Spotify Ltd) C:\Users\Fujitsu\Downloads\Spotify Installer.exe
    2013-12-13 23:25 - 2013-09-02 15:52 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\CrashDumps
    2013-12-10 22:59 - 2013-08-17 07:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-12-10 22:59 - 2013-08-17 07:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-12-10 22:59 - 2013-08-04 13:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-12-04 22:33 - 2013-12-04 19:38 - 00097161 _____ C:\Users\Fujitsu\Downloads\Kantian inquiring system(1).pptx

    Some content of TEMP:
    ====================
    C:\Users\Fujitsu\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-12-30 10:58

    ==================== End Of Log ============================
  21. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    One more thing. I don't know if it matters at all but right from the day I spotted the problem on my laptop (the weird audio being started whenever I turn on the laptop), my laptop loses power in almost half an hour (it would usually take up to 4 hours to be out of charge and it's a 5 month old laptop). I don't know if the two problems are correlated but I just thought I'd share it here with you. Also, ever since the day I noticed the problem, the system is automatically being shut down every few hours because "plug and play service terminated unexpectedly".
  22. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    [​IMG] Uninstall SLOW-PCfighter.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    [​IMG] Uninstall McAfee Security Scan, typical foistware.

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Attached Files:

  23. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    This is the fix log content:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-01-2014
    Ran by Fujitsu at 2014-01-02 20:45:14 Run:1
    Running from C:\Users\Fujitsu\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    OptimizerPro Upd (Version: 1.0 - BetterSoft) <==== ATTENTION
    Task: {751CB664-7262-4C48-83C7-7A6DDB7D8B84} - System32\Tasks\SLOW-PCfighter64-Fujitsu-Startup => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2013-08-08] (SPAMfighter ApS)
    Task: {96E43A6F-D562-426A-A409-6FE1EE14F668} - System32\Tasks\SLOW-PCfighter64-Fujitsu-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe [2013-08-08] (SPAMfighter ApS)
    Task: {BA20C422-4305-4913-A60C-DBB0583F7466} - System32\Tasks\bestLyrics-33-enabler => C:\Program Files (x86)\bestLyrics-33\bestLyrics-33-enabler.exe <==== ATTENTION
    Task: {BFD4E2A4-ABA4-41B9-B3CE-FD9458647DD4} - System32\Tasks\bestLyrics-33-codedownloader => C:\Program Files (x86)\bestLyrics-33\bestLyrics-33-codedownloader.exe <==== ATTENTION
    Task: {FABCEFDA-FF45-425A-BE4B-A41B11C778EE} - System32\Tasks\bestLyrics-33-updater => C:\Program Files (x86)\bestLyrics-33\bestLyrics-33-updater.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Startup.job => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Fujitsu\AppData\Local\Temp\Quarantine.exe


    *****************

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{751CB664-7262-4C48-83C7-7A6DDB7D8B84} => Key not found.
    C:\Windows\System32\Tasks\SLOW-PCfighter64-Fujitsu-Startup not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SLOW-PCfighter64-Fujitsu-Startup => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E43A6F-D562-426A-A409-6FE1EE14F668} => Key not found.
    C:\Windows\System32\Tasks\SLOW-PCfighter64-Fujitsu-Notification not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SLOW-PCfighter64-Fujitsu-Notification => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA20C422-4305-4913-A60C-DBB0583F7466} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA20C422-4305-4913-A60C-DBB0583F7466} => Key deleted successfully.
    C:\Windows\System32\Tasks\bestLyrics-33-enabler => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bestLyrics-33-enabler => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFD4E2A4-ABA4-41B9-B3CE-FD9458647DD4} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFD4E2A4-ABA4-41B9-B3CE-FD9458647DD4} => Key deleted successfully.
    C:\Windows\System32\Tasks\bestLyrics-33-codedownloader => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bestLyrics-33-codedownloader => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FABCEFDA-FF45-425A-BE4B-A41B11C778EE} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FABCEFDA-FF45-425A-BE4B-A41B11C778EE} => Key deleted successfully.
    C:\Windows\System32\Tasks\bestLyrics-33-updater => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bestLyrics-33-updater => Key deleted successfully.
    C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf04b63df5fa44.job => Moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf04b63e1198fc.job => Moved successfully.
    C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Notification.job not found.
    C:\Windows\Tasks\SLOW-PCfighter64-Fujitsu-Startup.job not found.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    C:\Users\Fujitsu\AppData\Local\Temp\Quarantine.exe => Moved successfully.

    ==== End of Fixlog ====
  24. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    How are things now?
    Did you uninstall Slow-PCFighter and McAfee Security Scan?
  25. Hoori

    Hoori Newcomer, in training Topic Starter Posts: 34

    Yup, both. The voices are gone. Thank you so so much. Is there any additional thing I need to do now? Also, is this possible that the system shutdown was in somehow connected to this problem? (one thing I noticed was that when the laptop is disconnected from internet, there's no voice anymore and also the battery works just as fine as before but whenever I'm connected to internet, the computer loses power in half an hour).

    Thanks again. I really appreciate your time, patience and effort.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.