Inactive-A Adware Generic55.ACXX

Status
Not open for further replies.

jojammin

Posts: 20   +0
Hello im new to this site.

AVG shows I have Adware Generic55.ACXX in the Virus Vault but cant remove it. I can't find it in C:\Program Files (x86) as AVG says it is. AVG also shows it found two infected Registry Keys. The Adware is medium severity. I have noticed that cmd.exe will pop up at random with no text than disappear, I don't know if that has to do with the Adware or not.

Help me remove it please? Thanks
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
user :: USER-HP [administrator]

8/5/2013 22:08:46
mbam-log-2013-08-05 (22-08-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213225
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN39308013001374025&UM=2&ctid=CT3282812) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Users\user\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\1375666708_9520569_694_4.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by user at 22:23:16 on 2013-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.1466 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\user\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Users\user\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\24x7Help\App24x7Help.exe
C:\Program Files (x86)\24x7Help\App24x7Hook.exe
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Users\user\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <local>
uURLSearchHooks: Somoto V.1 Toolbar: {e306aaa2-3b4f-4802-9faf-0c10ab78b589} -
mURLSearchHooks: Somoto V.1 Toolbar: {e306aaa2-3b4f-4802-9faf-0c10ab78b589} -
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Somoto V.1 Toolbar: {e306aaa2-3b4f-4802-9faf-0c10ab78b589} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Somoto V.1 Toolbar: {e306aaa2-3b4f-4802-9faf-0c10ab78b589} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SearchProtection] "C:\Users\user\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [SDP] C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
uRun: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{84479487-AA4A-4788-BC5F-9E0E7E91FF32} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{8FC41F59-9965-49A0-9191-315A50C9C9B4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8FC41F59-9965-49A0-9191-315A50C9C9B4}\3547F6275644 : DHCPNameServer = 204.215.43.3 209.26.88.31
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s9uc69uc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&CUI=UN22473897826981254&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Somoto V.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-10 18:46; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF - ExtSQL: 2013-07-23 18:05; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF - ExtSQL: 2013-08-04 21:35; gencrawler@some.com; C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-7-23 342608]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-7-22 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-28 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-7-25 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-11-5 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-12 2413056]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2012-6-12 138760]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-7-16 96896]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-12 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-7-16 214144]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [2012-6-12 1151096]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys [2012-6-12 167048]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys [2012-6-12 488568]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-12 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-12 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-6-12 1145448]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1301000.01C\SymDS64.sys [2012-6-12 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1301000.01C\SymEFA64.sys [2012-6-12 1084536]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.sys [2012-6-12 189560]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\symnets.sys [2012-6-12 401016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-7-23 35840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-06 02:07:31--------d-----w-C:\Users\user\AppData\Roaming\Malwarebytes
2013-08-06 02:06:29--------d-----w-C:\ProgramData\Malwarebytes
2013-08-06 02:06:2825928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-08-06 02:06:28--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 02:47:22--------d-----w-C:\Users\user\AppData\Local\Anvisoft
2013-08-05 02:47:22--------d-----w-C:\Program Files (x86)\Anvisoft
2013-08-05 01:36:56--------d-----w-C:\Windows\SysWow64\WNLT
2013-08-05 01:35:46--------d-----w-C:\Users\user\AppData\Local\DownloadTerms
2013-08-05 01:35:28--------d-----w-C:\Users\user\AppData\Roaming\Media Finder
2013-08-05 00:51:34--------d-----w-C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-08-04 15:43:22--------d-----w-C:\Windows\pss
2013-08-03 22:23:08--------d-----w-C:\Users\user\AppData\Roaming\OpenCandy
2013-08-03 19:15:52--------d-----w-C:\Users\user\AppData\Roaming\VSRevoGroup
2013-08-03 18:55:04--------d-----w-C:\Program Files (x86)\VS Revo Group
2013-08-03 18:21:44--------d-----w-C:\Users\user\AppData\Local\Bundled software uninstaller
2013-08-03 18:21:14--------d-----w-C:\Users\user\AppData\Local\Programs
2013-08-03 07:35:2249110----a-w-C:\Windows\SysWow64\bypass.xem
2013-08-03 07:35:2232768----a-w-C:\Windows\SysWow64\OGHcham.dat
2013-08-03 07:31:42875472----a-w-C:\Windows\SysWow64\msvcr110.dll
2013-08-03 07:31:42535008----a-w-C:\Windows\SysWow64\msvcp110.dll
2013-08-03 07:31:42147968----a-w-C:\Windows\SysWow64\k1.dat
2013-08-03 07:31:42108336----a-w-C:\Windows\SysWow64\MSWINSCK.OCX
2013-08-01 23:51:23--------d-----w-C:\Users\user\AppData\Roaming\Awesomium
2013-07-29 07:02:46--------d-----w-C:\Users\user\AppData\Local\Aeria Games
2013-07-29 07:02:19--------d-----w-C:\ProgramData\Aeria Games
2013-07-29 06:34:09--------d-sh--w-C:\Windows\SysWow64\AI_RecycleBin
2013-07-29 06:34:06--------d-----w-C:\Program Files (x86)\Aeria Games
2013-07-29 05:47:41--------d-----w-C:\Users\user\AppData\Local\Akamai
2013-07-29 05:47:39--------d-----w-C:\AeriaGames
2013-07-28 21:27:20789416----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-07-28 21:27:19867240----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-07-28 21:27:0396168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-28 20:33:06--------d-----w-C:\ProgramData\InterAction studios
2013-07-28 20:31:56--------d-----w-C:\Program Files (x86)\WildGames
2013-07-28 20:19:58--------d-----w-C:\Users\user\AppData\Roaming\WildTangent
2013-07-27 22:33:56--------d-----w-C:\Users\user\AppData\Local\Microsoft Games
2013-07-25 23:48:57--------d-----w-C:\Users\user\AppData\Local\Conduit
2013-07-25 23:48:26--------d-----w-C:\Users\user\AppData\Local\CRE
2013-07-25 23:46:34--------d-----w-C:\Users\user\AppData\Local\FilesFrog Update Checker
2013-07-24 23:56:37--------d-----w-C:\Users\user\AppData\Local\Diagnostics
2013-07-24 20:56:50--------d-----w-C:\Users\user\AppData\Roaming\IDT
2013-07-24 20:53:13--------d-----w-C:\Users\user\AppData\Local\SCE
2013-07-24 20:52:1878680----a-w-C:\Windows\System32\XAPOFX1_4.dll
2013-07-24 20:52:1874072----a-w-C:\Windows\SysWow64\XAPOFX1_4.dll
2013-07-24 20:52:18530776----a-w-C:\Windows\System32\XAudio2_6.dll
2013-07-24 20:52:18528216----a-w-C:\Windows\SysWow64\XAudio2_6.dll
2013-07-24 20:52:16238936----a-w-C:\Windows\SysWow64\xactengine3_6.dll
2013-07-24 20:52:16176984----a-w-C:\Windows\System32\xactengine3_6.dll
2013-07-24 20:52:1524920----a-w-C:\Windows\System32\X3DAudio1_7.dll
2013-07-24 20:52:1522360----a-w-C:\Windows\SysWow64\X3DAudio1_7.dll
2013-07-24 16:41:16--------d-----w-C:\Users\user\AppData\Roaming\Search Protection
2013-07-24 16:39:04--------d-----w-C:\Users\user\AppData\Roaming\uTorrent
2013-07-24 02:10:32--------d-----w-C:\Program Files (x86)\dumps
2013-07-24 02:08:38--------d-----w-C:\Program Files (x86)\Common Files\Steam
2013-07-24 02:08:36--------d-----w-C:\Program Files (x86)\Steam
2013-07-24 01:22:32--------d-----w-C:\Users\user\AppData\Local\HP
2013-07-24 00:29:48--------d-----w-C:\Users\user\AppData\Local\CyberLink
2013-07-24 00:29:09--------d-----r-C:\Program Files (x86)\Skype
2013-07-24 00:27:04--------d-----w-C:\Users\user\AppData\Local\CrashDumps
2013-07-23 23:24:34--------d-----w-C:\Program Files\CCleaner
2013-07-23 23:23:40--------d-----w-C:\Users\user\AppData\Roaming\24x7 Help
2013-07-23 23:23:34--------d-----w-C:\Program Files (x86)\24x7Help
2013-07-23 23:23:32--------d-----w-C:\Users\user\AppData\Roaming\PCFixSpeed
2013-07-23 23:23:32--------d-----w-C:\ProgramData\PCFixSpeed
2013-07-23 23:22:26--------d-----w-C:\Users\user\AppData\Local\SwvUpdater
2013-07-23 23:01:04--------d-----w-C:\Users\user\AppData\Local\Google
2013-07-23 22:59:00--------d-----w-C:\Users\user\AppData\Local\Macromedia
2013-07-23 22:58:47692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-23 22:58:01--------d-----w-C:\Users\user\AppData\Local\Adobe
2013-07-23 22:43:57--------d-----w-C:\Users\user\AppData\Roaming\AVG2013
2013-07-23 22:43:19--------d-----w-C:\Users\user\AppData\Roaming\TuneUp Software
2013-07-23 22:42:43--------d--h--w-C:\$AVG
2013-07-23 22:42:42--------d-----w-C:\ProgramData\AVG2013
2013-07-23 22:41:54--------d-----w-C:\Program Files (x86)\AVG
2013-07-23 22:38:22--------d--h--w-C:\ProgramData\Common Files
2013-07-23 22:38:22--------d-----w-C:\Users\user\AppData\Local\MFAData
2013-07-23 22:38:22--------d-----w-C:\Users\user\AppData\Local\Avg2013
2013-07-23 22:38:22--------d-----w-C:\ProgramData\MFAData
2013-07-23 22:34:43--------d-----w-C:\Program Files (x86)\MyPC Backup
2013-07-23 22:23:4535840----a-r-C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2013-07-23 22:23:07--------d-----w-C:\Netgear
2013-07-23 13:31:579460976----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04E4CA21-CC66-4776-9188-1C5A73B6A61A}\mpengine.dll
2013-07-22 16:40:55535552----a-w-C:\Windows\System32\drivers\stwrt64.sys
2013-07-22 16:40:50654336------w-C:\Windows\System32\stapi64.dll
2013-07-22 16:40:50448512----a-w-C:\Windows\System32\stcplx64.dll
2013-07-22 16:40:501987072----a-w-C:\Windows\System32\stapo64.dll
2013-07-22 16:40:42--------d-----w-C:\Program Files\IDT
2013-07-20 05:51:00311608----a-w-C:\Windows\System32\drivers\avgloga.sys
2013-07-20 05:50:5671480----a-w-C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 05:50:56246072----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 05:50:50206648----a-w-C:\Windows\System32\drivers\avgldx64.sys
2013-07-16 14:13:26--------d-----w-C:\Program Files (x86)\MSXML 4.0
2013-07-15 13:16:11--------d-----w-C:\Windows\SysWow64\Wat
2013-07-15 13:16:11--------d-----w-C:\Windows\System32\Wat
2013-07-15 13:05:271424384----a-w-C:\Windows\System32\WindowsCodecs.dll
2013-07-15 13:05:271230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
2013-07-15 13:00:041643520----a-w-C:\Windows\System32\DWrite.dll
2013-07-15 13:00:041247744----a-w-C:\Windows\SysWow64\DWrite.dll
2013-07-13 14:59:109728----a-w-C:\Windows\System32\Wdfres.dll
2013-07-13 14:59:10785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2013-07-13 14:59:1054376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2013-07-13 14:59:102560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-07-13 14:43:599728---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 14:13:4046080----a-w-C:\Windows\System32\atmlib.dll
2013-07-13 14:13:40367616----a-w-C:\Windows\System32\atmfd.dll
2013-07-13 14:13:4034304----a-w-C:\Windows\SysWow64\atmlib.dll
2013-07-13 14:13:40295424----a-w-C:\Windows\SysWow64\atmfd.dll
2013-07-13 14:12:2187040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2013-07-13 14:12:2184992----a-w-C:\Windows\System32\WUDFSvc.dll
2013-07-13 14:12:2145056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2013-07-13 14:12:21229888----a-w-C:\Windows\System32\WUDFHost.exe
2013-07-13 14:12:21198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2013-07-13 14:12:21194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2013-07-13 14:12:20744448----a-w-C:\Windows\System32\WUDFx.dll
2013-07-13 13:58:3381408----a-w-C:\Windows\System32\imagehlp.dll
2013-07-13 13:58:3323408----a-w-C:\Windows\System32\drivers\fs_rec.sys
2013-07-13 13:58:33159232----a-w-C:\Windows\SysWow64\imagehlp.dll
2013-07-13 13:58:325120----a-w-C:\Windows\SysWow64\wmi.dll
2013-07-13 13:58:325120----a-w-C:\Windows\System32\wmi.dll
2013-07-12 23:33:598795216----a-w-C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-07-12 14:05:04983912----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-12 14:05:04265064----a-w-C:\Windows\System32\drivers\dxgmms1.sys
2013-07-12 14:03:59509952----a-w-C:\Windows\System32\ntshrui.dll
2013-07-12 14:02:50478208----a-w-C:\Windows\System32\dpnet.dll
2013-07-12 14:01:40498688----a-w-C:\Windows\System32\drivers\afd.sys
2013-07-12 14:00:4095744----a-w-C:\Windows\System32\synceng.dll
2013-07-12 13:59:58634880----a-w-C:\Windows\System32\msvcrt.dll
2013-07-12 13:59:57690688----a-w-C:\Windows\SysWow64\msvcrt.dll
2013-07-12 13:59:44903168----a-w-C:\Windows\SysWow64\certutil.exe
2013-07-12 13:59:441464320----a-w-C:\Windows\System32\crypt32.dll
2013-07-12 13:59:441192448----a-w-C:\Windows\System32\certutil.exe
2013-07-12 13:59:4352224----a-w-C:\Windows\System32\certenc.dll
2013-07-12 13:59:4343008----a-w-C:\Windows\SysWow64\certenc.dll
2013-07-12 13:59:43184320----a-w-C:\Windows\System32\cryptsvc.dll
2013-07-12 13:59:43140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2013-07-12 13:59:43139776----a-w-C:\Windows\System32\cryptnet.dll
2013-07-12 13:59:431160192----a-w-C:\Windows\SysWow64\crypt32.dll
2013-07-12 13:59:43103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2013-07-12 13:59:109460976----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-11 13:53:45--------d-----w-C:\Users\user\AppData\Local\AMD
2013-07-11 13:53:35--------d-----w-C:\Users\user\AppData\Local\ATI
2013-07-11 13:52:33--------d-----w-C:\Users\user\AppData\Roaming\Synaptics
2013-07-11 13:43:05--------d-----w-C:\Users\user\AppData\Roaming\hpqlog
2013-07-11 13:43:03--------d-----w-C:\Users\user\AppData\Local\Hewlett-Packard
2013-07-10 22:49:18826880----a-w-C:\Windows\SysWow64\rdpcore.dll
2013-07-10 22:49:1823552----a-w-C:\Windows\System32\drivers\tdtcp.sys
2013-07-10 22:49:181031680----a-w-C:\Windows\System32\rdpcore.dll
2013-07-10 22:45:38--------d-----w-C:\Users\user\AppData\Local\RemEngine
2013-07-10 22:45:31--------d-----w-C:\Users\user\AppData\Local\Hewlett-Packard_Company
2013-07-10 22:45:25--------d-----w-C:\Users\user\AppData\Local\AuthenTec
2013-07-10 05:32:3845880----a-w-C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M ====================
.
2013-07-23 23:09:5271048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 14:47:231054720----a-w-C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-13 14:43:599728---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-01 05:45:28116536----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2013-06-11 23:43:371767936----a-w-C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:002877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:5861440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:202241024----a-w-C:\Windows\System32\wininet.dll
2013-06-11 23:25:163958784----a-w-C:\Windows\System32\jscript9.dll
2013-06-11 23:25:1367072----a-w-C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13136704----a-w-C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:4571680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:5889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:182706432----a-w-C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:522706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:273153920----a-w-C:\Windows\System32\win32k.sys
2013-06-04 06:00:13624128----a-w-C:\Windows\System32\qedit.dll
2013-06-04 04:53:07509440----a-w-C:\Windows\SysWow64\qedit.dll
2013-05-10 05:49:2730720----a-w-C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:5424576----a-w-C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:011910632----a-w-C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 22:24:38.95 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2013 18:43:52
System Uptime: 8/5/2013 22:18:48 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1805
Processor: AMD A4-3305M APU with Radeon(tm) HD Graphics | Socket FS1 | 1387/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 440 GiB total, 369.188 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 2.324 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 8/3/2013 14:27:06 - Restore Operation
RP22: 8/3/2013 14:57:21 - Revo Uninstaller's restore point - Solid Savings
RP23: 8/3/2013 14:59:43 - Revo Uninstaller's restore point - Optimizer Pro v3.0
RP24: 8/3/2013 15:00:35 - Revo Uninstaller's restore point - Fast Free Converter
RP25: 8/3/2013 18:23:28 - Uniblue SpeedUpMyPC installation
RP26: 8/3/2013 18:24:14 - Revo Uninstaller's restore point - SpeedUpMyPC
RP27: 8/3/2013 18:25:22 - Revo Uninstaller's restore point - Tiny Media Player v1.0
RP28: 8/3/2013 18:54:03 - Revo Uninstaller's restore point - Video Converter
RP29: 8/3/2013 18:56:22 - Revo Uninstaller's restore point - Video Converter
RP30: 8/3/2013 18:57:42 - Revo Uninstaller's restore point - Safe Saver
RP31: 8/4/2013 17:33:20 - Installed 7-Zip 9.20 (x64 edition)
RP32: 8/4/2013 20:51:54 - Installed HP Support Assistant
RP33: 8/4/2013 23:48:41 - Installed HP Support Assistant
RP34: 8/4/2013 23:52:26 - Windows Modules Installer
RP35: 8/4/2013 23:53:27 - Windows Modules Installer
RP36: 8/5/2013 0:10:15 - Windows Update
.
==== Installed Programs ======================
.
µTorrent
24x7 Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 11.6
Aeria Ignite
Akamai NetSession Interface
Alliance of Valiant Arms
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Steady Video Plug-In
AMD System Monitor
AMD VISION Engine Control Center
AuthenTec TrueAPI
AVG 2013
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blio
Bundled software uninstaller
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cradle of Rome 2
CyberLink YouCam
D3DX10
Dora's World Adventure
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
FilesFrog Update Checker
Final Drive Fury
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP 3D DriveGuard
HP Application Assistant
HP Auto
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP SimplePass 2012
HP Software Framework
HP Support Assistant
IDT Audio
Java 7 Update 25
Java Auto Updater
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup
Norton Internet Security
opensource
Penguins!
PlanetSide 2
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Revo Uninstaller 1.95
RollerCoaster Tycoon 3: Platinum
Search Protection
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.6
Soldier Front 2
Steam
swMSM
Synaptics TouchPad Driver
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update Installer for WildTangent Games App
Validity WBF DDK
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 x64 Redistributables
WildTangent Games
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/5/2013 22:18:21, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
8/5/2013 0:23:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/5/2013 0:23:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/5/2013 0:23:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2013 0:23:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2013 0:22:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/5/2013 0:22:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Wanarpv6
8/5/2013 0:22:48, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2013 0:16:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
8/5/2013 0:16:58, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2013 0:03:28, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
8/3/2013 15:00:53, Error: Service Control Manager [7034] - The FastFreeConverterUpdt service terminated unexpectedly. It has done this 1 time(s).
8/3/2013 14:42:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
8/3/2013 14:42:27, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2013 14:20:56, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/31/2013 2:01:20, Error: Service Control Manager [7000] - The WebCake Desktop Updater service failed to start due to the following error: Access is denied.
7/29/2013 14:27:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
7/29/2013 14:27:02, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
redtarget.gif
You're running two AV programs, AVG and Norton.
You must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities
If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html

When done...

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 08/06/2013 19:17:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\Users\user\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]
[SUSP PATH] update_checker.exe -- C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\user\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : SDP (C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2949707943-2611316826-4199831183-1001\[...]\Run : SearchProtection ("C:\Users\user\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2949707943-2611316826-4199831183-1001\[...]\Run : SDP (C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [7]) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][ROGUE ST] Safe Saver-firefoxinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=95D8668583624A119945301E2DE972C0IE /verifier=fd48e1b2c31604761255e5d928302a73 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1375570417 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> DELETED
[V1][ROGUE ST] Safe Saver-chromeinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=95D8668583624A119945301E2DE972C0IE /verifier=fd48e1b2c31604761255e5d928302a73 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1375570417 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> DELETED
[V2][ROGUE ST] Safe Saver-chromeinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=95D8668583624A119945301E2DE972C0IE /verifier=fd48e1b2c31604761255e5d928302a73 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1375570417 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> DELETED
[V2][ROGUE ST] Safe Saver-firefoxinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=95D8668583624A119945301E2DE972C0IE /verifier=fd48e1b2c31604761255e5d928302a73 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1375570417 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] d260946553f712d6d85fc951a4275ee1
[BSP] c920c50bf185857def37a52a031cf7d1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 450573 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 923183104 | Size: 22103 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08062013_191713.txt >>
RKreport[0]_S_08062013_191643.txt
 
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.08.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
user :: USER-HP [administrator]

8/6/2013 19:26:41
mbar-log-2013-08-06 (19-26-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 231372
Time elapsed: 31 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 3734929408, free: 1984462848

Downloaded database version: v2013.08.06.08
Downloaded database version: v2013.07.29.01
Initializing...
------------ Kernel report ------------
08/06/2013 19:26:36
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\avgfwd6a.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\amdxhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\amdhub30.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004653790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa80044fe060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004653790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004654040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004653790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004653040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa80044f0040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80044fe6e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80044fe060, DeviceName: \Device\00000062\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E871E610

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 922773504

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 923183104 Numsec = 45266944

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 968450048 Numsec = 8321024

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Read File: File "c:\programdata\avg2013\chjw\346889176888d8ce.dat:26f82909-55b4-4667-a732-6f2020e65c67" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-08-07.01 - user 08/07/2013 21:40:11.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.2236 [GMT -4:00]
Running from: c:\users\user\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-08 to 2013-08-08 )))))))))))))))))))))))))))))))
.
.
2013-08-08 01:46 . 2013-08-08 01:46--------d-----w-c:\users\Default\AppData\Local\temp
2013-08-06 23:26 . 2013-08-07 00:13--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-06 03:37 . 2013-08-06 03:37--------d-----w-c:\programdata\id Software
2013-08-06 02:06 . 2013-08-06 02:06--------d-----w-c:\programdata\Malwarebytes
2013-08-06 02:06 . 2013-08-06 02:06--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-06 02:06 . 2013-04-04 18:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-08-05 04:12 . 2013-06-24 04:4178185248----a-w-c:\windows\system32\MRT.exe
2013-08-05 02:47 . 2013-08-05 02:47--------d-----w-c:\program files (x86)\Anvisoft
2013-08-05 01:36 . 2013-08-05 02:22--------d-----w-c:\windows\SysWow64\WNLT
2013-08-05 00:51 . 2013-08-05 03:48--------d-----w-c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-08-04 21:34 . 2013-08-05 07:32--------d-----w-c:\program files\7-Zip
2013-08-03 18:55 . 2013-08-05 07:31--------d-----w-c:\program files (x86)\VS Revo Group
2013-08-03 07:35 . 2013-07-25 03:1832768----a-w-c:\windows\SysWow64\OGHcham.dat
2013-08-03 07:35 . 2013-07-17 03:0849110----a-w-c:\windows\SysWow64\bypass.xem
2013-08-03 07:31 . 2013-07-28 02:54147968----a-w-c:\windows\SysWow64\k1.dat
2013-08-03 07:31 . 2013-05-24 14:11875472----a-w-c:\windows\SysWow64\msvcr110.dll
2013-08-03 07:31 . 2013-01-07 16:00535008----a-w-c:\windows\SysWow64\msvcp110.dll
2013-08-03 07:31 . 1998-06-24 04:00108336----a-w-c:\windows\SysWow64\MSWINSCK.OCX
2013-07-30 17:20 . 2013-07-30 17:20--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-29 07:02 . 2013-07-29 07:02--------d-----w-c:\programdata\Aeria Games
2013-07-29 06:34 . 2013-07-29 06:34--------d-sh--w-c:\windows\SysWow64\AI_RecycleBin
2013-07-29 06:34 . 2013-08-05 07:31--------d-----w-c:\program files (x86)\Aeria Games
2013-07-29 05:47 . 2013-08-05 07:31--------d-----w-C:\AeriaGames
2013-07-28 21:29 . 2013-07-28 21:29--------d-----w-c:\windows\Sun
2013-07-28 21:27 . 2013-08-05 07:31--------d-----w-c:\program files (x86)\Common Files\Java
2013-07-28 21:27 . 2013-07-28 21:26789416----a-w-c:\windows\SysWow64\deployJava1.dll
2013-07-28 21:27 . 2013-07-28 21:26867240----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-07-28 21:27 . 2013-07-28 21:2696168----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-28 21:26 . 2013-08-05 07:31--------d-----w-c:\program files (x86)\Java
2013-07-28 21:26 . 2013-07-28 21:26--------d-----w-c:\programdata\McAfee
2013-07-28 20:33 . 2013-08-05 07:31--------d-----w-c:\programdata\InterAction studios
2013-07-28 20:31 . 2013-07-28 20:31--------d-----w-c:\program files (x86)\WildGames
2013-07-28 05:37 . 2013-08-05 07:31--------d-----w-c:\programdata\CyberLink
2013-07-24 20:52 . 2010-02-04 14:0178680----a-w-c:\windows\system32\XAPOFX1_4.dll
2013-07-24 20:52 . 2010-02-04 14:0174072----a-w-c:\windows\SysWow64\XAPOFX1_4.dll
2013-07-24 20:52 . 2010-02-04 14:01530776----a-w-c:\windows\system32\XAudio2_6.dll
2013-07-24 20:52 . 2010-02-04 14:01528216----a-w-c:\windows\SysWow64\XAudio2_6.dll
2013-07-24 20:52 . 2010-02-04 14:01238936----a-w-c:\windows\SysWow64\xactengine3_6.dll
2013-07-24 20:52 . 2010-02-04 14:01176984----a-w-c:\windows\system32\xactengine3_6.dll
2013-07-24 20:52 . 2010-02-04 14:0124920----a-w-c:\windows\system32\X3DAudio1_7.dll
2013-07-24 20:52 . 2010-02-04 14:0122360----a-w-c:\windows\SysWow64\X3DAudio1_7.dll
2013-07-24 02:10 . 2013-07-24 02:10--------d-----w-c:\program files (x86)\dumps
2013-07-24 02:08 . 2013-08-03 18:31--------d-----w-c:\program files (x86)\Common Files\Steam
2013-07-24 02:08 . 2013-08-08 01:33--------d-----w-c:\program files (x86)\Steam
2013-07-24 00:29 . 2013-07-24 00:29--------d-----w-c:\program files (x86)\Common Files\Skype
2013-07-24 00:29 . 2013-07-24 00:29--------d-----r-c:\program files (x86)\Skype
2013-07-23 23:24 . 2013-07-23 23:24--------d-----w-c:\program files\CCleaner
2013-07-23 23:23 . 2013-07-23 23:23--------d-----w-c:\program files (x86)\24x7Help
2013-07-23 23:23 . 2013-07-23 23:23--------d-----w-c:\programdata\PCFixSpeed
2013-07-23 23:01 . 2013-07-23 23:02--------d-----w-c:\program files (x86)\Google
2013-07-23 22:58 . 2013-07-23 23:09692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-23 22:58 . 2013-07-23 22:58--------d-----w-c:\windows\system32\Macromed
2013-07-23 22:42 . 2013-08-08 01:33--------d-----w-c:\programdata\AVG2013
2013-07-23 22:41 . 2013-07-23 22:41--------d-----w-c:\program files (x86)\AVG
2013-07-23 22:38 . 2013-07-23 22:38--------d--h--w-c:\programdata\Common Files
2013-07-23 22:35 . 2013-07-23 22:35--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
2013-07-23 22:34 . 2013-07-23 23:09--------d-----w-c:\program files (x86)\MyPC Backup
2013-07-23 22:23 . 2010-06-30 08:2735840----a-r-c:\windows\system32\drivers\BVRPMPR5a64.SYS
2013-07-23 22:23 . 2013-07-23 22:29--------d-----w-C:\Netgear
2013-07-23 13:31 . 2013-07-02 08:349460976----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{04E4CA21-CC66-4776-9188-1C5A73B6A61A}\mpengine.dll
2013-07-22 16:40 . 2013-07-22 16:40535552----a-w-c:\windows\system32\drivers\stwrt64.sys
2013-07-22 16:40 . 2013-07-22 16:40654336------w-c:\windows\system32\stapi64.dll
2013-07-22 16:40 . 2013-07-22 16:40448512----a-w-c:\windows\system32\stcplx64.dll
2013-07-22 16:40 . 2013-07-22 16:401987072----a-w-c:\windows\system32\stapo64.dll
2013-07-22 16:40 . 2013-07-22 16:42--------d-----w-c:\program files\IDT
2013-07-20 05:51 . 2013-07-20 05:51311608----a-w-c:\windows\system32\drivers\avgloga.sys
2013-07-20 05:50 . 2013-07-20 05:5071480----a-w-c:\windows\system32\drivers\avgidsha.sys
2013-07-20 05:50 . 2013-07-20 05:50246072----a-w-c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 05:50 . 2013-07-20 05:50206648----a-w-c:\windows\system32\drivers\avgldx64.sys
2013-07-16 14:13 . 2013-07-16 14:13--------d-----w-c:\program files (x86)\MSXML 4.0
2013-07-15 13:16 . 2013-07-15 13:16--------d-----w-c:\windows\SysWow64\Wat
2013-07-15 13:16 . 2013-07-15 13:16--------d-----w-c:\windows\system32\Wat
2013-07-15 13:05 . 2013-04-17 07:021230336----a-w-c:\windows\SysWow64\WindowsCodecs.dll
2013-07-15 13:05 . 2013-04-17 06:241424384----a-w-c:\windows\system32\WindowsCodecs.dll
2013-07-15 13:00 . 2013-04-09 23:341247744----a-w-c:\windows\SysWow64\DWrite.dll
2013-07-15 13:00 . 2013-04-02 22:511643520----a-w-c:\windows\system32\DWrite.dll
2013-07-13 14:59 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2013-07-13 14:59 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2013-07-13 14:59 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-07-13 14:59 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2013-07-13 14:43 . 2013-07-13 14:439728---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 14:13 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2013-07-13 14:13 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2013-07-13 14:13 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2013-07-13 14:13 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2013-07-13 14:12 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2013-07-13 14:12 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2013-07-13 14:12 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2013-07-13 14:12 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2013-07-13 14:12 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2013-07-13 14:12 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2013-07-13 14:12 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2013-07-13 13:58 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
2013-07-13 13:58 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
2013-07-13 13:58 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
2013-07-13 13:58 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
2013-07-13 13:58 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
2013-07-12 23:33 . 2013-07-12 23:348795216----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-07-12 14:05 . 2013-04-10 05:24983912----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2013-07-12 14:05 . 2013-04-10 05:24265064----a-w-c:\windows\system32\drivers\dxgmms1.sys
2013-07-12 14:03 . 2012-01-04 10:44509952----a-w-c:\windows\system32\ntshrui.dll
2013-07-12 14:02 . 2012-11-02 05:59478208----a-w-c:\windows\system32\dpnet.dll
2013-07-12 14:01 . 2011-12-28 03:59498688----a-w-c:\windows\system32\drivers\afd.sys
2013-07-12 14:00 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2013-07-12 13:59 . 2011-12-16 08:46634880----a-w-c:\windows\system32\msvcrt.dll
2013-07-12 13:59 . 2011-12-16 07:52690688----a-w-c:\windows\SysWow64\msvcrt.dll
2013-07-12 13:59 . 2013-05-13 05:511464320----a-w-c:\windows\system32\crypt32.dll
2013-07-12 13:59 . 2013-05-13 03:431192448----a-w-c:\windows\system32\certutil.exe
2013-07-12 13:59 . 2013-05-13 03:08903168----a-w-c:\windows\SysWow64\certutil.exe
2013-07-12 13:59 . 2013-05-13 05:51184320----a-w-c:\windows\system32\cryptsvc.dll
2013-07-12 13:59 . 2013-05-13 05:51139776----a-w-c:\windows\system32\cryptnet.dll
2013-07-12 13:59 . 2013-05-13 05:5052224----a-w-c:\windows\system32\certenc.dll
2013-07-12 13:59 . 2013-05-13 04:45140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2013-07-12 13:59 . 2013-05-13 04:451160192----a-w-c:\windows\SysWow64\crypt32.dll
2013-07-12 13:59 . 2013-05-13 04:45103936----a-w-c:\windows\SysWow64\cryptnet.dll
2013-07-12 13:59 . 2013-05-13 03:0843008----a-w-c:\windows\SysWow64\certenc.dll
2013-07-10 22:49 . 2012-02-17 06:381031680----a-w-c:\windows\system32\rdpcore.dll
2013-07-10 22:49 . 2012-02-17 05:34826880----a-w-c:\windows\SysWow64\rdpcore.dll
2013-07-10 22:49 . 2012-02-17 04:5723552----a-w-c:\windows\system32\drivers\tdtcp.sys
2013-07-10 22:44 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2013-07-10 22:44 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2013-07-10 22:44 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2013-07-10 22:44 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2013-07-10 22:44 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2013-07-10 22:44 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-23 23:09 . 2011-11-09 18:5371048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 16:40 . 2012-06-12 05:104444672----a-w-c:\windows\system32\stlang64.dll
2013-07-22 16:40 . 2012-06-12 05:101425408----a-w-c:\windows\sttray64.exe
2013-07-22 16:40 . 2012-06-12 05:09251904----a-w-c:\windows\system32\staco64.dll
2013-07-22 16:40 . 2012-06-12 05:106344704----a-w-c:\windows\system32\IDTNGUI.exe
2013-07-22 16:40 . 2012-06-12 05:105298688----a-w-c:\windows\system32\IDTNHP.dll
2013-07-22 16:40 . 2012-06-12 05:10249344----a-w-c:\windows\system32\IDTNJ.exe
2013-07-22 16:40 . 2012-06-12 05:101085440----a-w-c:\windows\system32\IDTNX.dll
2013-07-22 16:40 . 2012-06-12 05:1068608----a-w-c:\windows\system32\AESTAR64.dll
2013-07-22 16:40 . 2012-06-12 05:10442368----a-w-c:\windows\system32\AESTEC64.dll
2013-07-22 16:40 . 2012-06-12 05:10223744----a-w-c:\windows\system32\HPToneCtrls64.dll
2013-07-22 16:40 . 2012-06-12 05:10162304----a-w-c:\windows\system32\AESTAC64.dll
2013-07-22 16:40 . 2012-06-12 05:1090624----a-w-c:\windows\system32\AESTCo64.dll
2013-07-22 16:40 . 2012-06-12 05:101819136----a-w-c:\windows\system32\IDTNC64.cpl
2013-07-10 22:45 . 2011-03-29 02:3622240----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-01 05:45 . 2013-07-01 05:45116536----a-w-c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"24x7HELP"="c:\program files (x86)\24x7Help\App24x7Help.exe" [2013-03-12 1773648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 24x7HelpSvc;24x7HelpService;c:\program files (x86)\24x7Help\App24x7Svc.exe;c:\program files (x86)\24x7Help\App24x7Svc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSDRIVER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 03:071173456----a-w-c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 23:09]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 23:01]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 23:01]
.
2013-08-08 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-22 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s9uc69uc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&CUI=UN22473897826981254&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Somoto V.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF - ExtSQL: 2013-08-04 21:35; gencrawler@some.com; c:\users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e306aaa2-3b4f-4802-9faf-0c10ab78b589} - c:\program files (x86)\Somoto_V.1\prxtbSomo.dll
BHO-{e306aaa2-3b4f-4802-9faf-0c10ab78b589} - c:\program files (x86)\Somoto_V.1\prxtbSomo.dll
Toolbar-{e306aaa2-3b4f-4802-9faf-0c10ab78b589} - c:\program files (x86)\Somoto_V.1\prxtbSomo.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-07 21:48:41
ComboFix-quarantined-files.txt 2013-08-08 01:48
.
Pre-Run: 394,557,612,032 bytes free
Post-Run: 394,185,678,848 bytes free
.
- - End Of File - - 32C1C9587491529FE266D6E135674B4A
A36C5E4F47E84449FF07ED3517B43A31
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v2.306 - Logfile created 08/08/2013 at 20:23:04
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - USER-HP
# Boot Mode : Normal
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : 24x7HelpSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\24x7 Help.lnk
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\24x7HELP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Somoto_V.1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\Software\24x7HELP
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B673DD09-E496-4A82-8144-D16AD900B303}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Somoto_V.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B673DD09-E496-4A82-8144-D16AD900B303}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CEF6505-7243-4200-A8E0-8494BD36BA0D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D75D1DED-83DC-4900-8279-9267747EC87F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

-\\ Google Chrome v28.0.1500.95

*************************

AdwCleaner[R1].txt - [8367 octets] - [08/08/2013 20:22:47]
AdwCleaner[S1].txt - [8046 octets] - [08/08/2013 20:23:04]

########## EOF - C:\AdwCleaner[S1].txt - [8106 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by user on Thu 08/08/2013 at 20:29:19.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355325554}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344324454}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355325554}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344324454}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355325554}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344324454}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311321154}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355325554}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344324454}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5ABD7D81-D4A1-4E18-97BF-9C6DE745E38E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4B1BD9A-8A7F-4AA4-BAC8-7B67FFFFFD97}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E4B1BD9A-8A7F-4AA4-BAC8-7B67FFFFFD97}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\24x7 help"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\24x7help"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\s9uc69uc.default\user.js
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\s9uc69uc.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\s9uc69uc.default\searchplugins\sweetim.xml
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\s9uc69uc.default\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812&SearchSource=61&CUI=UN22473897826981254&UM=2&UP=SPB9C080E6-45BA-4C16-B995
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=");
user_pref("Smartbar.keywordURLSelectedCTID", "");
user_pref("browser.search.defaultenginename", "Somoto V.1 Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "Somoto V.1 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&CUI=UN22473897826981254&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "Somoto V.1 Customized Web Search");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.js", "\n\n /************************************************************
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "140467658e03114f70195a18aeda6d2d");
user_pref("smartbar.machineId", "DDZJBTGZS0IXQYRLSMOZJR0H6+WSTY3PUCJZ6URTW1LUKSNID5+WWDT+Q6QB+RUUVPDSBIJYWIIOJHDNGKETYQ");
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\s9uc69uc.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/08/2013 at 20:36:54.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL keeps not responding, I have downloaded the main link and the alternate link and both locks up everytime it gets to scanning fire fox settings
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by user (administrator) on 09-08-2013 20:29:10
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-07-22] (IDT, Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-26] (Valve Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKLM - {E4B1BD9A-8A7F-4AA4-BAC8-7B67FFFFFD97} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKCU - {39C8292C-373B-4F3D-BF93-47711DD18F12} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s9uc69uc.default
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://www.n4g.com/
CHR RestoreOnStartup: "hxxp://www.n4g.com/", "hxxp://mysearch.avg.com/?cid={FEA85768-6C4A-4960-B942-AEA676BDEE5D}&mid=c09a3d0925fb47d39b11d967197e0e42-9be2303070cd7b6c38d75c9ef7b12da431b4fe0e&lang=en&ds=AVG&pr=pr&d=2013-08-08 20:04:57&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchURL: (Bing) - http://start.sweetpacks.com?src=6&q...-8CCC-082E5F9AE7B1}&crg=3.5000006.10042&st=23
CHR DefaultSuggestURL: (Bing) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (DownloadTerms) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0
CHR Extension: (New Tab Redirect!) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\user\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-07-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-08] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-08] (AVG Technologies)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================
 
==================== One Month Created Files and Folders ========

2013-08-09 20:28 - 2013-08-09 20:28 - 01790633 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-08-08 22:53 - 2013-08-08 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-08 20:36 - 2013-08-08 20:36 - 00009521 _____ C:\Users\user\Desktop\JRT.txt
2013-08-08 20:29 - 2013-08-08 20:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 20:27 - 2013-08-08 20:27 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\user\Downloads\JRT.exe
2013-08-08 20:23 - 2013-08-08 20:23 - 00008153 _____ C:\AdwCleaner[S1].txt
2013-08-08 20:22 - 2013-08-08 20:22 - 00666633 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-08-08 20:22 - 2013-08-08 20:22 - 00008367 _____ C:\AdwCleaner[R1].txt
2013-08-08 20:05 - 2013-08-08 20:11 - 00000000 ____D C:\Users\user\AppData\Local\AVG SafeGuard toolbar
2013-08-08 20:05 - 2013-08-08 20:05 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-08 20:05 - 2013-08-08 20:05 - 00000965 _____ C:\ProgramData\Desktop\AVG 2013.lnk
2013-08-08 20:05 - 2013-08-08 20:05 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2013
2013-08-08 20:04 - 2013-08-08 20:05 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-08-08 20:04 - 2013-08-08 20:04 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-08-08 20:04 - 2013-08-08 20:04 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-08 20:03 - 2013-08-08 20:05 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-08 20:03 - 2013-08-08 20:03 - 00000000 ___HD C:\$AVG
2013-08-08 20:02 - 2013-08-08 20:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-08-08 19:56 - 2013-08-09 19:13 - 00000000 ____D C:\ProgramData\MFAData
2013-08-08 19:56 - 2013-08-09 01:58 - 00000000 ____D C:\Users\user\AppData\Local\Avg2013
2013-08-08 19:56 - 2013-08-08 19:56 - 04491784 _____ (AVG Technologies) C:\Users\user\Downloads\avg_isct_stb_all_2013_3392_free.exe
2013-08-08 19:56 - 2013-08-08 19:56 - 00000000 ____D C:\Users\user\AppData\Local\MFAData
2013-08-07 22:36 - 2013-08-07 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\TuneUp Software
2013-08-07 21:48 - 2013-08-07 21:48 - 00029874 _____ C:\ComboFix.txt
2013-08-07 21:38 - 2013-08-07 21:48 - 00000000 ____D C:\Qoobox
2013-08-07 21:38 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-07 21:38 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-07 21:38 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-07 21:38 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-07 21:38 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-07 21:38 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-07 21:38 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-07 21:38 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-07 21:35 - 2013-08-07 21:47 - 00000000 ____D C:\Windows\erdnt
2013-08-07 21:23 - 2013-08-07 21:23 - 11619936 _____ (OPSWAT, Inc.) C:\Users\user\Downloads\AppRemover.exe
2013-08-07 21:15 - 2013-08-07 21:15 - 05100713 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2013-08-06 19:26 - 2013-08-06 20:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 19:24 - 2013-08-06 19:24 - 13399154 _____ C:\Users\user\Downloads\mbar-1.06.0.1004.zip
2013-08-06 19:14 - 2013-08-06 19:18 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2013-08-06 19:12 - 2013-08-06 19:12 - 03800064 _____ C:\Users\user\Downloads\RogueKillerX64.exe
2013-08-05 23:37 - 2013-08-05 23:37 - 02095104 _____ C:\Users\user\Downloads\QuakeLiveNP_520.msi
2013-08-05 23:37 - 2013-08-05 23:37 - 00000000 ____D C:\ProgramData\id Software
2013-08-05 23:00 - 2013-08-05 23:00 - 00866592 _____ C:\Users\user\Downloads\Norton_Removal_Tool.exe
2013-08-05 22:07 - 2013-08-05 22:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-08-05 22:06 - 2013-08-05 22:06 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-05 22:06 - 2013-08-05 22:06 - 00001113 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-05 22:06 - 2013-08-05 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 22:06 - 2013-08-05 22:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 22:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-05 22:05 - 2013-08-05 22:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 00:12 - 2013-06-24 00:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-04 23:50 - 2013-08-04 23:50 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-08-04 23:50 - 2013-08-04 23:50 - 00002185 _____ C:\ProgramData\Desktop\HP Support Assistant.lnk
2013-08-04 22:47 - 2013-08-04 22:47 - 00000000 ____D C:\Users\user\AppData\Local\Anvisoft
2013-08-04 22:47 - 2013-08-04 22:47 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-08-04 20:51 - 2013-08-04 23:48 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-08-04 17:34 - 2013-08-05 03:32 - 00000000 ____D C:\Program Files\7-Zip
2013-08-04 17:32 - 2013-08-04 17:32 - 01376768 _____ C:\Users\user\Downloads\7z920-x64.msi
2013-08-04 11:43 - 2013-08-04 11:43 - 00000000 ____D C:\Windows\pss
2013-08-04 01:25 - 2013-08-04 01:25 - 00007602 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2013-08-03 15:15 - 2013-08-03 15:15 - 00000000 ____D C:\Users\user\AppData\Roaming\VSRevoGroup
2013-08-03 14:55 - 2013-08-05 03:31 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-03 14:55 - 2013-08-03 14:55 - 00001268 _____ C:\Users\user\Desktop\Revo Uninstaller.lnk
2013-08-03 14:54 - 2013-08-03 14:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe
2013-08-03 03:35 - 2013-07-24 23:18 - 00032768 _____ C:\Windows\SysWOW64\OGHcham.dat
2013-08-03 03:35 - 2013-07-16 23:08 - 00049110 _____ C:\Windows\SysWOW64\bypass.xem
2013-08-03 03:31 - 2013-07-27 22:54 - 00147968 _____ C:\Windows\SysWOW64\k1.dat
2013-08-03 03:31 - 2013-07-22 03:35 - 00093804 _____ C:\Windows\SysWOW64\inject.wav
2013-08-03 03:31 - 2013-05-24 10:11 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2013-08-03 03:31 - 2013-01-07 12:00 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2013-08-03 03:31 - 1998-06-24 00:00 - 00108336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.OCX
2013-08-02 21:03 - 2013-08-02 21:03 - 00000012 _____ C:\Users\user\Desktop\bless the fall.txt
2013-08-01 19:51 - 2013-08-01 19:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Awesomium
2013-07-30 13:20 - 2013-07-30 13:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-30 13:20 - 2013-07-30 13:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-29 03:02 - 2013-07-29 03:02 - 00000000 ____D C:\Users\user\AppData\Local\Aeria Games
2013-07-29 03:02 - 2013-07-29 03:02 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-29 02:43 - 2013-07-29 02:43 - 00001602 _____ C:\Users\user\Desktop\Alliance of Valiant Arms.lnk
2013-07-29 02:34 - 2013-08-05 03:31 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2013-07-29 02:34 - 2013-07-29 02:34 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk
2013-07-29 02:34 - 2013-07-29 02:34 - 00002028 _____ C:\ProgramData\Desktop\Aeria Ignite.lnk
2013-07-29 01:47 - 2013-08-05 03:33 - 00000000 ____D C:\Users\user\AppData\Local\Akamai
2013-07-29 01:47 - 2013-08-05 03:31 - 00000000 ____D C:\AeriaGames
2013-07-28 17:29 - 2013-07-28 17:29 - 00000000 ____D C:\Windows\Sun
2013-07-28 17:27 - 2013-07-28 17:27 - 00000000 ____D C:\ProgramData\Sun
2013-07-28 17:27 - 2013-07-28 17:26 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-28 17:27 - 2013-07-28 17:26 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-28 17:27 - 2013-07-28 17:26 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-28 17:27 - 2013-07-28 17:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-28 17:27 - 2013-07-28 17:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-28 17:27 - 2013-07-28 17:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-28 17:26 - 2013-08-05 03:31 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-28 17:26 - 2013-07-28 17:26 - 00000000 ____D C:\ProgramData\McAfee
2013-07-28 17:25 - 2013-07-28 17:25 - 00903080 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u25.exe
2013-07-28 16:33 - 2013-08-05 03:31 - 00000000 ____D C:\ProgramData\InterAction studios
2013-07-28 16:31 - 2013-07-28 16:31 - 00000000 ____D C:\Program Files (x86)\WildGames
2013-07-28 16:19 - 2013-08-05 03:32 - 00000000 ____D C:\Users\user\AppData\Roaming\WildTangent
2013-07-28 01:37 - 2013-08-05 03:31 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-27 18:33 - 2013-08-05 03:32 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Games
2013-07-26 14:07 - 2013-08-09 19:33 - 00582363 ____N C:\Windows\WindowsUpdate.log
2013-07-25 19:48 - 2013-07-25 19:48 - 00000000 ____D C:\Users\user\AppData\Local\CRE
2013-07-24 21:00 - 2013-08-05 11:23 - 00000000 _____ C:\dfu.log
2013-07-24 18:04 - 2013-07-24 18:04 - 00000222 _____ C:\Users\user\Desktop\Soldier Front 2.url
2013-07-24 16:56 - 2013-07-24 16:56 - 00000000 ____D C:\Users\user\AppData\Roaming\IDT
2013-07-24 16:53 - 2013-07-24 16:53 - 00000000 ____D C:\Users\user\AppData\Local\SCE
2013-07-24 16:52 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-07-24 16:52 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-07-24 16:52 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-07-24 16:52 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-07-24 16:52 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-07-24 16:52 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-07-24 16:52 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-07-24 16:52 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-07-24 16:51 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-07-24 16:51 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-07-24 16:51 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-07-24 16:51 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-07-24 16:51 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-07-24 16:51 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-07-24 16:51 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-07-24 16:49 - 2013-07-24 16:49 - 00001967 _____ C:\Users\user\Desktop\Skype.lnk
2013-07-24 12:41 - 2013-07-24 12:41 - 00000849 _____ C:\Users\user\Desktop\µTorrent.lnk
2013-07-24 12:39 - 2013-08-05 03:32 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-07-24 12:38 - 2013-07-24 12:38 - 01129552 _____ (BitTorrent Inc.) C:\Users\user\Downloads\utorrent.exe
2013-07-23 22:41 - 2013-07-23 22:41 - 00000222 _____ C:\Users\user\Desktop\PlanetSide 2.url
2013-07-23 22:10 - 2013-07-23 22:10 - 00000000 ____D C:\Program Files (x86)\dumps
2013-07-23 22:08 - 2013-08-09 18:22 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-23 22:08 - 2013-07-23 22:08 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk
2013-07-23 22:08 - 2013-07-23 22:08 - 00000917 _____ C:\ProgramData\Desktop\Steam.lnk
2013-07-23 22:06 - 2013-07-23 22:06 - 01669632 _____ C:\Users\user\Downloads\SteamInstall.msi
2013-07-23 21:22 - 2013-07-23 21:22 - 00000000 ____D C:\Users\user\AppData\Local\HP
2013-07-23 21:13 - 2013-07-29 21:13 - 00003816 _____ C:\Windows\System32\Tasks\SetupManager
2013-07-23 20:29 - 2013-08-03 14:31 - 00000000 ____D C:\Users\user\Documents\Youcam
2013-07-23 20:29 - 2013-07-23 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-23 20:29 - 2013-07-23 20:29 - 00000000 ____D C:\Users\user\AppData\Roaming\CyberLink
2013-07-23 20:29 - 2013-07-23 20:29 - 00000000 ____D C:\Users\user\AppData\Local\CyberLink
2013-07-23 20:28 - 2013-07-23 20:28 - 01492584 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\SkypeSetup.exe
2013-07-23 20:27 - 2013-08-05 12:41 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-07-23 19:57 - 2013-08-03 12:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-07-23 19:46 - 2013-07-23 19:46 - 09826585 _____ C:\Users\user\Downloads\AbstractsDark.themepack
2013-07-23 19:28 - 2013-07-23 19:28 - 00029646 _____ C:\Users\user\Documents\cc_20130723_192832.reg
2013-07-23 19:28 - 2013-07-23 19:28 - 00004032 _____ C:\Users\user\Documents\cc_20130723_192854.reg
2013-07-23 19:24 - 2013-07-23 19:24 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-23 19:24 - 2013-07-23 19:24 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-23 19:24 - 2013-07-23 19:24 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2013-07-23 19:24 - 2013-07-23 19:24 - 00000000 ____D C:\Program Files\CCleaner
2013-07-23 19:02 - 2013-07-31 23:11 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-23 19:02 - 2013-07-31 23:11 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-07-23 19:01 - 2013-08-09 20:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 19:01 - 2013-08-09 19:06 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 19:01 - 2013-07-23 19:02 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-07-23 19:01 - 2013-07-23 19:02 - 00000000 ____D C:\Program Files (x86)\Google
 
2013-07-23 19:01 - 2013-07-23 19:01 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-23 19:01 - 2013-07-23 19:01 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-23 19:00 - 2013-07-23 19:00 - 00784880 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2013-07-23 18:59 - 2013-07-23 18:59 - 00000000 ____D C:\Users\user\AppData\Local\Macromedia
2013-07-23 18:58 - 2013-08-09 19:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 18:58 - 2013-08-03 15:05 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2013-07-23 18:58 - 2013-07-23 19:09 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-23 18:58 - 2013-07-23 19:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 18:58 - 2013-07-23 18:58 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-23 18:43 - 2013-07-23 18:43 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-07-23 18:38 - 2013-07-23 18:38 - 04463512 _____ (AVG Technologies) C:\Users\user\Downloads\avg_isct_stb_all_2013_3349.exe
2013-07-23 18:35 - 2013-07-23 18:35 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-23 18:35 - 2013-07-23 18:35 - 00001151 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-23 18:34 - 2013-07-23 18:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-07-23 18:33 - 2013-07-23 18:33 - 01160856 _____ C:\Users\user\Downloads\mozilla firefox setup.exe
2013-07-23 18:29 - 2013-07-23 18:29 - 00006034 _____ C:\Users\user\Desktop\Router_Setup.html
2013-07-23 18:29 - 2010-06-30 04:27 - 00000172 ____R C:\Users\user\Desktop\Router Login.url
2013-07-23 18:23 - 2013-07-23 18:29 - 00000000 ____D C:\Netgear
2013-07-23 18:23 - 2010-06-30 04:27 - 00035840 ____R (Avanquest Software) C:\Windows\system32\Drivers\BVRPMPR5a64.SYS
2013-07-22 12:40 - 2013-07-22 12:42 - 00000000 ____D C:\Program Files\IDT
2013-07-22 12:40 - 2013-07-22 12:40 - 01987072 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2013-07-22 12:40 - 2013-07-22 12:40 - 00654336 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2013-07-22 12:40 - 2013-07-22 12:40 - 00535552 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2013-07-22 12:40 - 2013-07-22 12:40 - 00448512 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2013-07-22 12:15 - 2013-08-03 14:04 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-16 10:13 - 2013-07-16 10:13 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-16 10:11 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 10:11 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 10:11 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 10:11 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 10:11 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 10:11 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 10:11 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 10:11 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 10:11 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 10:11 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 10:11 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 10:11 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 10:11 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 10:11 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 10:11 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 10:11 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 10:11 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 10:11 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 10:11 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 10:11 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 10:11 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-16 10:11 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-15 10:56 - 2013-07-15 10:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-15 09:05 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-15 09:05 - 2013-04-17 02:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-15 09:00 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-15 09:00 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-13 10:59 - 2012-07-26 00:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-13 10:59 - 2012-07-26 00:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-07-13 10:59 - 2012-07-25 22:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-07-13 10:59 - 2012-06-02 10:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-13 10:47 - 2013-07-13 10:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-13 10:47 - 2013-07-13 10:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-13 10:47 - 2013-07-13 10:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-13 10:47 - 2013-07-13 10:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-13 10:47 - 2013-07-13 10:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-13 10:47 - 2013-07-13 10:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-13 10:47 - 2013-07-13 10:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-13 10:47 - 2013-07-13 10:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-13 10:47 - 2013-07-13 10:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-13 10:43 - 2013-07-13 10:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-13 10:13 - 2012-12-16 13:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-13 10:13 - 2012-12-16 10:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-13 10:13 - 2012-12-16 10:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-13 10:13 - 2012-12-16 10:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-13 10:12 - 2012-07-25 23:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-07-13 10:12 - 2012-07-25 23:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-07-13 10:12 - 2012-07-25 23:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-13 10:12 - 2012-07-25 23:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-13 10:12 - 2012-07-25 23:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-07-13 10:12 - 2012-07-25 22:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-07-13 10:12 - 2012-07-25 22:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-07-13 10:12 - 2012-06-02 10:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-13 09:58 - 2012-03-01 02:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-07-13 09:58 - 2012-03-01 02:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-07-13 09:58 - 2012-03-01 02:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-07-13 09:58 - 2012-03-01 01:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-07-13 09:58 - 2012-03-01 01:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-07-12 19:25 - 2013-08-03 15:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
 
2013-07-12 19:25 - 2013-07-12 19:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2013-07-12 10:05 - 2013-04-10 01:24 - 00983912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-12 10:05 - 2013-04-10 01:24 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-12 10:04 - 2013-05-08 02:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-12 10:04 - 2013-02-15 02:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-12 10:04 - 2013-02-15 02:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-12 10:04 - 2013-02-15 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-12 10:04 - 2013-02-15 00:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-12 10:04 - 2013-02-15 00:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-12 10:04 - 2013-02-14 23:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-12 10:04 - 2013-01-03 02:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-12 10:04 - 2012-11-09 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-12 10:04 - 2012-11-09 00:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-12 10:04 - 2012-10-09 14:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-07-12 10:04 - 2012-10-09 14:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-07-12 10:04 - 2012-10-09 13:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-07-12 10:04 - 2012-10-09 13:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-07-12 10:04 - 2011-10-26 01:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-07-12 10:04 - 2011-10-26 01:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-07-12 10:04 - 2011-10-26 00:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2013-07-12 10:04 - 2011-10-26 00:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-07-12 10:04 - 2011-04-09 02:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-07-12 10:04 - 2011-04-09 01:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-07-12 10:03 - 2013-04-12 10:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-12 10:03 - 2013-03-19 01:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-12 10:03 - 2013-03-19 01:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-12 10:03 - 2013-02-27 02:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-12 10:03 - 2013-02-27 01:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-12 10:03 - 2013-02-27 01:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-12 10:03 - 2013-02-27 01:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-12 10:03 - 2013-02-27 01:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-12 10:03 - 2013-02-27 00:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-12 10:03 - 2013-02-27 00:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-12 10:03 - 2013-02-27 00:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-12 10:03 - 2013-02-12 00:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-12 10:03 - 2012-11-01 01:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-12 10:03 - 2012-11-01 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-12 10:03 - 2012-11-01 00:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-12 10:03 - 2012-11-01 00:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-12 10:03 - 2012-10-03 13:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-12 10:03 - 2012-10-03 13:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-07-12 10:03 - 2012-10-03 13:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-12 10:03 - 2012-10-03 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-12 10:03 - 2012-10-03 13:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-07-12 10:03 - 2012-10-03 13:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-12 10:03 - 2012-10-03 12:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-07-12 10:03 - 2012-10-03 12:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-07-12 10:03 - 2012-10-03 12:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-07-12 10:03 - 2012-10-03 12:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-07-12 10:03 - 2012-08-22 14:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-12 10:03 - 2012-08-22 14:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-07-12 10:03 - 2012-07-04 16:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-07-12 10:03 - 2012-06-02 01:50 - 00458704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-12 10:03 - 2012-06-02 01:48 - 00151920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-12 10:03 - 2012-06-02 01:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-07-12 10:03 - 2012-06-02 01:45 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-12 10:03 - 2012-06-02 00:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-12 10:03 - 2012-06-02 00:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-12 10:03 - 2012-06-02 00:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-12 10:03 - 2012-05-01 01:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-07-12 10:03 - 2012-04-26 01:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-07-12 10:03 - 2012-04-26 01:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-07-12 10:03 - 2012-04-26 01:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-07-12 10:03 - 2012-01-13 03:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-12 10:03 - 2012-01-04 06:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-07-12 10:03 - 2012-01-04 04:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-07-12 10:03 - 2011-12-30 02:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-07-12 10:03 - 2011-12-30 01:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-07-12 10:03 - 2011-11-17 02:35 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-12 10:03 - 2011-11-17 02:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-07-12 10:03 - 2011-11-17 02:35 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-07-12 10:03 - 2011-11-17 02:35 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-07-12 10:03 - 2011-11-17 02:35 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-07-12 10:03 - 2011-11-17 02:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-07-12 10:03 - 2011-11-17 01:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-07-12 10:03 - 2010-06-25 23:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-07-12 10:03 - 2010-06-25 23:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-07-12 10:02 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 10:02 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 10:02 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 10:02 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 10:02 - 2013-01-04 01:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-12 10:02 - 2013-01-04 00:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-12 10:02 - 2013-01-03 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-12 10:02 - 2013-01-03 22:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-12 10:02 - 2013-01-03 22:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-12 10:02 - 2013-01-03 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-12 10:02 - 2012-12-07 09:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-07-12 10:02 - 2012-12-07 09:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-07-12 10:02 - 2012-12-07 08:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-12 10:02 - 2012-12-07 08:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-12 10:02 - 2012-12-07 07:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-07-12 10:02 - 2012-12-07 07:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-07-12 10:02 - 2012-12-07 07:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-07-12 10:02 - 2012-12-07 07:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-07-12 10:02 - 2012-12-07 07:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-07-12 10:02 - 2012-12-07 07:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-07-12 10:02 - 2012-12-07 07:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-07-12 10:02 - 2012-12-07 07:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-07-12 10:02 - 2012-12-07 07:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-07-12 10:02 - 2012-12-07 07:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-07-12 10:02 - 2012-12-07 07:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-07-12 10:02 - 2012-12-07 07:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-07-12 10:02 - 2012-12-07 07:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-07-12 10:02 - 2012-12-07 07:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-12 10:02 - 2012-12-07 06:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-12 10:02 - 2012-11-22 01:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-12 10:02 - 2012-11-22 00:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-12 10:02 - 2012-11-20 01:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-07-12 10:02 - 2012-11-20 00:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-12 10:02 - 2012-11-02 01:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-12 10:02 - 2012-11-02 01:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-12 10:02 - 2012-08-24 14:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-07-12 10:02 - 2012-08-24 12:57 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-07-12 10:02 - 2012-08-21 17:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-07-12 10:02 - 2012-04-27 23:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-07-12 10:01 - 2012-11-30 01:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-07-12 10:01 - 2012-11-30 01:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-07-12 10:01 - 2012-11-30 01:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-07-12 10:01 - 2012-11-30 01:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-07-12 10:01 - 2012-11-30 01:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-12 10:01 - 2012-11-30 01:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-12 10:01 - 2012-11-30 00:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-12 10:01 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-12 10:01 - 2012-11-29 23:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-12 10:01 - 2012-11-29 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-12 10:01 - 2012-11-29 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-12 10:01 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-12 10:01 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-12 10:01 - 2012-11-29 19:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-07-12 10:01 - 2012-11-29 19:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-07-12 10:01 - 2012-08-10 20:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-12 10:01 - 2012-08-10 19:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-12 10:01 - 2012-04-07 08:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-07-12 10:01 - 2012-04-07 07:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-07-12 10:01 - 2012-03-17 03:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-07-12 10:01 - 2011-12-27 23:59 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-07-12 10:00 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 10:00 - 2013-05-10 01:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-12 10:00 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-12 10:00 - 2013-04-26 01:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-12 10:00 - 2013-04-26 00:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-12 10:00 - 2013-01-24 02:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-12 10:00 - 2012-11-22 23:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-12 10:00 - 2012-09-25 18:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-12 10:00 - 2012-09-25 18:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-12 10:00 - 2012-07-04 18:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-07-12 10:00 - 2012-07-04 18:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-07-12 10:00 - 2012-07-04 18:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-07-12 10:00 - 2012-07-04 17:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-07-12 10:00 - 2012-07-04 17:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-07-12 10:00 - 2012-05-05 04:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-07-12 10:00 - 2012-05-05 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-07-12 09:59 - 2013-05-13 01:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-12 09:59 - 2013-05-13 01:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-12 09:59 - 2013-05-13 01:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-12 09:59 - 2013-05-13 01:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-12 09:59 - 2013-05-13 00:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-12 09:59 - 2013-05-13 00:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-12 09:59 - 2013-05-13 00:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-12 09:59 - 2013-05-12 23:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-12 09:59 - 2013-05-12 23:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-12 09:59 - 2013-05-12 23:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-07-12 09:59 - 2011-12-16 04:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-07-12 09:59 - 2011-12-16 03:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-07-12 09:58 - 2013-04-25 19:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-12 09:58 - 2013-03-31 18:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-07-12 09:58 - 2013-03-19 02:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-12 09:58 - 2013-03-19 01:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-12 09:58 - 2013-03-19 01:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-12 09:58 - 2013-03-19 01:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-12 09:58 - 2013-03-19 00:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-12 09:58 - 2013-03-18 23:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-12 09:58 - 2012-06-06 02:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-07-12 09:58 - 2012-06-06 01:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-07-12 09:58 - 2012-05-14 01:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-12 09:58 - 2012-02-11 02:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-12 09:58 - 2012-02-11 02:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-07-12 09:58 - 2011-11-19 10:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-07-12 09:58 - 2011-11-19 10:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-07-12 09:58 - 2011-11-17 02:41 - 01731920 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-07-12 09:58 - 2011-11-17 01:38 - 01292080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-07-12 09:58 - 2011-10-15 02:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-07-12 09:58 - 2011-10-15 01:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-07-11 09:54 - 2013-07-13 12:07 - 00058016 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-11 09:53 - 2013-07-11 09:53 - 00000000 ____D C:\Users\user\AppData\Roaming\ATI
2013-07-11 09:53 - 2013-07-11 09:53 - 00000000 ____D C:\Users\user\AppData\Local\ATI
2013-07-11 09:53 - 2013-07-11 09:53 - 00000000 ____D C:\Users\user\AppData\Local\AMD
2013-07-11 09:52 - 2013-08-09 20:26 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{61D3F0EB-5D9E-4192-AE04-77168BF210D5}
2013-07-11 09:52 - 2013-07-13 12:05 - 00001417 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-11 09:52 - 2013-07-11 09:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Synaptics
2013-07-11 09:51 - 2013-08-07 20:04 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2013-07-11 09:51 - 2013-08-04 11:43 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-11 09:51 - 2013-07-13 12:05 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-11 09:47 - 2013-07-24 17:44 - 00000000 ____D C:\Users\user\AppData\Roaming\Hewlett-Packard
2013-07-11 09:43 - 2013-07-22 12:46 - 00000000 ____D C:\Users\user\AppData\Roaming\hpqlog
2013-07-11 09:43 - 2013-07-11 09:52 - 00000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard
2013-07-10 18:49 - 2012-02-17 02:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-07-10 18:49 - 2012-02-17 01:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-07-10 18:49 - 2012-02-17 00:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-07-10 18:47 - 2013-07-10 18:47 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-10 18:45 - 2013-07-23 21:15 - 00003756 _____ C:\Windows\System32\Tasks\Registration
2013-07-10 18:45 - 2013-07-23 21:13 - 00000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard_Company
2013-07-10 18:45 - 2013-07-10 18:45 - 00000000 ____D C:\Users\user\AppData\Local\RemEngine
2013-07-10 18:45 - 2013-07-10 18:45 - 00000000 ____D C:\Users\user\AppData\Local\AuthenTec
2013-07-10 18:45 - 2011-11-09 15:12 - 00002318 _____ C:\Users\Public\Desktop\HP Download Store.lnk
2013-07-10 18:45 - 2011-11-09 15:12 - 00002318 _____ C:\ProgramData\Desktop\HP Download Store.lnk
2013-07-10 18:45 - 2011-11-09 15:12 - 00002220 _____ C:\Users\Public\Desktop\RaRa Music.lnk
2013-07-10 18:45 - 2011-11-09 15:12 - 00002220 _____ C:\ProgramData\Desktop\RaRa Music.lnk
2013-07-10 18:44 - 2013-07-10 18:44 - 00000020 ___SH C:\Users\user\ntuser.ini
2013-07-10 18:44 - 2013-07-10 18:44 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-07-10 18:44 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-07-10 18:44 - 2012-06-02 18:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-07-10 18:44 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-07-10 18:44 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-07-10 18:44 - 2012-06-02 18:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-07-10 18:44 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-07-10 18:44 - 2012-06-02 18:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-07-10 18:44 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-07-10 18:44 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-07-10 18:44 - 2009-07-14 00:54 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-10 18:44 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
==================== One Month Modified Files and Folders =======

2013-08-09 20:29 - 2013-08-09 20:29 - 00000000 ____D C:\FRST
2013-08-09 20:28 - 2013-08-09 20:28 - 01790633 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-08-09 20:26 - 2013-07-11 09:52 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{61D3F0EB-5D9E-4192-AE04-77168BF210D5}
2013-08-09 20:06 - 2013-07-23 19:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 19:54 - 2013-07-23 18:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 19:33 - 2013-07-26 14:07 - 00582363 ____N C:\Windows\WindowsUpdate.log
2013-08-09 19:13 - 2013-08-08 19:56 - 00000000 ____D C:\ProgramData\MFAData
2013-08-09 19:06 - 2013-07-23 19:01 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 18:28 - 2009-07-14 00:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 18:28 - 2009-07-14 00:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 18:27 - 2009-07-14 01:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 18:22 - 2013-07-23 22:08 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-09 18:20 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 01:58 - 2013-08-08 19:56 - 00000000 ____D C:\Users\user\AppData\Local\Avg2013
2013-08-08 22:53 - 2013-08-08 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-08 20:36 - 2013-08-08 20:36 - 00009521 _____ C:\Users\user\Desktop\JRT.txt
2013-08-08 20:29 - 2013-08-08 20:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 20:27 - 2013-08-08 20:27 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\user\Downloads\JRT.exe
2013-08-08 20:23 - 2013-08-08 20:23 - 00008153 _____ C:\AdwCleaner[S1].txt
2013-08-08 20:22 - 2013-08-08 20:22 - 00666633 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-08-08 20:22 - 2013-08-08 20:22 - 00008367 _____ C:\AdwCleaner[R1].txt
2013-08-08 20:11 - 2013-08-08 20:05 - 00000000 ____D C:\Users\user\AppData\Local\AVG SafeGuard toolbar
2013-08-08 20:05 - 2013-08-08 20:05 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-08 20:05 - 2013-08-08 20:05 - 00000965 _____ C:\ProgramData\Desktop\AVG 2013.lnk
2013-08-08 20:05 - 2013-08-08 20:05 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2013
2013-08-08 20:05 - 2013-08-08 20:04 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-08-08 20:05 - 2013-08-08 20:03 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-08 20:04 - 2013-08-08 20:04 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-08-08 20:04 - 2013-08-08 20:04 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-08 20:03 - 2013-08-08 20:03 - 00000000 ___HD C:\$AVG
2013-08-08 20:02 - 2013-08-08 20:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-08-08 19:56 - 2013-08-08 19:56 - 04491784 _____ (AVG Technologies) C:\Users\user\Downloads\avg_isct_stb_all_2013_3392_free.exe
2013-08-08 19:56 - 2013-08-08 19:56 - 00000000 ____D C:\Users\user\AppData\Local\MFAData
2013-08-07 22:36 - 2013-08-07 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\TuneUp Software
2013-08-07 21:48 - 2013-08-07 21:48 - 00029874 _____ C:\ComboFix.txt
2013-08-07 21:48 - 2013-08-07 21:38 - 00000000 ____D C:\Qoobox
2013-08-07 21:48 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2013-08-07 21:47 - 2013-08-07 21:35 - 00000000 ____D C:\Windows\erdnt
2013-08-07 21:46 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-08-07 21:23 - 2013-08-07 21:23 - 11619936 _____ (OPSWAT, Inc.) C:\Users\user\Downloads\AppRemover.exe
2013-08-07 21:15 - 2013-08-07 21:15 - 05100713 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2013-08-07 20:04 - 2013-07-11 09:51 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2013-08-06 20:13 - 2013-08-06 19:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 19:24 - 2013-08-06 19:24 - 13399154 _____ C:\Users\user\Downloads\mbar-1.06.0.1004.zip
2013-08-06 19:18 - 2013-08-06 19:14 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2013-08-06 19:12 - 2013-08-06 19:12 - 03800064 _____ C:\Users\user\Downloads\RogueKillerX64.exe
2013-08-05 23:37 - 2013-08-05 23:37 - 02095104 _____ C:\Users\user\Downloads\QuakeLiveNP_520.msi
2013-08-05 23:37 - 2013-08-05 23:37 - 00000000 ____D C:\ProgramData\id Software
2013-08-05 23:05 - 2012-06-12 01:21 - 00000000 ____D C:\ProgramData\Norton
2013-08-05 23:00 - 2013-08-05 23:00 - 00866592 _____ C:\Users\user\Downloads\Norton_Removal_Tool.exe
2013-08-05 22:07 - 2013-08-05 22:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-08-05 22:06 - 2013-08-05 22:06 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-05 22:06 - 2013-08-05 22:06 - 00001113 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-05 22:06 - 2013-08-05 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 22:06 - 2013-08-05 22:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 22:05 - 2013-08-05 22:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 12:41 - 2013-07-23 20:27 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-08-05 11:23 - 2013-07-24 21:00 - 00000000 _____ C:\dfu.log
2013-08-05 03:33 - 2013-07-29 01:47 - 00000000 ____D C:\Users\user\AppData\Local\Akamai
2013-08-05 03:32 - 2013-08-04 17:34 - 00000000 ____D C:\Program Files\7-Zip
2013-08-05 03:32 - 2013-07-28 16:19 - 00000000 ____D C:\Users\user\AppData\Roaming\WildTangent
2013-08-05 03:32 - 2013-07-27 18:33 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Games
2013-08-05 03:32 - 2013-07-24 12:39 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-08-05 03:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-08-05 03:31 - 2013-08-03 14:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-05 03:31 - 2013-07-29 02:34 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2013-08-05 03:31 - 2013-07-29 01:47 - 00000000 ____D C:\AeriaGames
2013-08-05 03:31 - 2013-07-28 17:26 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-05 03:31 - 2013-07-28 16:33 - 00000000 ____D C:\ProgramData\InterAction studios
2013-08-05 03:31 - 2013-07-28 01:37 - 00000000 ____D C:\ProgramData\CyberLink
2013-08-04 23:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2013-08-04 23:50 - 2013-08-04 23:50 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-08-04 23:50 - 2013-08-04 23:50 - 00002185 _____ C:\ProgramData\Desktop\HP Support Assistant.lnk
2013-08-04 23:50 - 2011-11-09 15:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 23:50 - 2011-11-09 14:50 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-08-04 23:48 - 2013-08-04 20:51 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-08-04 22:47 - 2013-08-04 22:47 - 00000000 ____D C:\Users\user\AppData\Local\Anvisoft
2013-08-04 22:47 - 2013-08-04 22:47 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-08-04 17:32 - 2013-08-04 17:32 - 01376768 _____ C:\Users\user\Downloads\7z920-x64.msi
2013-08-04 11:43 - 2013-08-04 11:43 - 00000000 ____D C:\Windows\pss
2013-08-04 11:43 - 2013-07-11 09:51 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 01:25 - 2013-08-04 01:25 - 00007602 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2013-08-03 15:15 - 2013-08-03 15:15 - 00000000 ____D C:\Users\user\AppData\Roaming\VSRevoGroup
2013-08-03 15:06 - 2011-11-09 15:09 - 00000000 ____D C:\ProgramData\Adobe
2013-08-03 15:05 - 2013-07-23 18:58 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2013-08-03 15:05 - 2013-07-12 19:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2013-08-03 14:55 - 2013-08-03 14:55 - 00001268 _____ C:\Users\user\Desktop\Revo Uninstaller.lnk
2013-08-03 14:54 - 2013-08-03 14:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe
2013-08-03 14:31 - 2013-07-23 20:29 - 00000000 ____D C:\Users\user\Documents\Youcam
2013-08-03 14:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-03 14:04 - 2013-07-22 12:15 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-03 12:14 - 2013-07-23 19:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-08-02 21:03 - 2013-08-02 21:03 - 00000012 _____ C:\Users\user\Desktop\bless the fall.txt
2013-08-01 19:51 - 2013-08-01 19:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Awesomium
2013-07-31 23:11 - 2013-07-23 19:02 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 23:11 - 2013-07-23 19:02 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-07-31 01:10 - 2011-11-09 14:56 - 00000000 ____D C:\ProgramData\WildTangent
2013-07-30 13:20 - 2013-07-30 13:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-30 13:20 - 2013-07-30 13:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-29 21:13 - 2013-07-23 21:13 - 00003816 _____ C:\Windows\System32\Tasks\SetupManager
2013-07-29 03:02 - 2013-07-29 03:02 - 00000000 ____D C:\Users\user\AppData\Local\Aeria Games
2013-07-29 03:02 - 2013-07-29 03:02 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-29 02:43 - 2013-07-29 02:43 - 00001602 _____ C:\Users\user\Desktop\Alliance of Valiant Arms.lnk
2013-07-29 02:34 - 2013-07-29 02:34 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk
2013-07-29 02:34 - 2013-07-29 02:34 - 00002028 _____ C:\ProgramData\Desktop\Aeria Ignite.lnk
2013-07-28 17:29 - 2013-07-28 17:29 - 00000000 ____D C:\Windows\Sun
2013-07-28 17:27 - 2013-07-28 17:27 - 00000000 ____D C:\ProgramData\Sun
2013-07-28 17:26 - 2013-07-28 17:27 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-28 17:26 - 2013-07-28 17:27 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-28 17:26 - 2013-07-28 17:27 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-28 17:26 - 2013-07-28 17:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-28 17:26 - 2013-07-28 17:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-28 17:26 - 2013-07-28 17:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-28 17:26 - 2013-07-28 17:26 - 00000000 ____D C:\ProgramData\McAfee
2013-07-28 17:25 - 2013-07-28 17:25 - 00903080 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u25.exe
2013-07-28 16:31 - 2013-07-28 16:31 - 00000000 ____D C:\Program Files (x86)\WildGames
2013-07-28 16:31 - 2011-11-09 14:56 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-07-28 16:19 - 2011-11-09 14:56 - 00002590 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-07-28 16:19 - 2011-11-09 14:56 - 00002590 ____N C:\ProgramData\Desktop\WildTangent Games App - hp.lnk
2013-07-27 22:54 - 2013-08-03 03:31 - 00147968 _____ C:\Windows\SysWOW64\k1.dat
2013-07-25 19:48 - 2013-07-25 19:48 - 00000000 ____D C:\Users\user\AppData\Local\CRE
2013-07-24 23:18 - 2013-08-03 03:35 - 00032768 _____ C:\Windows\SysWOW64\OGHcham.dat
2013-07-24 19:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-24 18:04 - 2013-07-24 18:04 - 00000222 _____ C:\Users\user\Desktop\Soldier Front 2.url
2013-07-24 17:44 - 2013-07-11 09:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Hewlett-Packard
2013-07-24 17:44 - 2012-06-12 01:14 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-07-24 17:44 - 2011-02-10 15:23 - 00000000 ____D C:\SWSetup
2013-07-24 16:56 - 2013-07-24 16:56 - 00000000 ____D C:\Users\user\AppData\Roaming\IDT
2013-07-24 16:53 - 2013-07-24 16:53 - 00000000 ____D C:\Users\user\AppData\Local\SCE
2013-07-24 16:49 - 2013-07-24 16:49 - 00001967 _____ C:\Users\user\Desktop\Skype.lnk
2013-07-24 12:41 - 2013-07-24 12:41 - 00000849 _____ C:\Users\user\Desktop\µTorrent.lnk
2013-07-24 12:38 - 2013-07-24 12:38 - 01129552 _____ (BitTorrent Inc.) C:\Users\user\Downloads\utorrent.exe
2013-07-23 22:41 - 2013-07-23 22:41 - 00000222 _____ C:\Users\user\Desktop\PlanetSide 2.url
2013-07-23 22:10 - 2013-07-23 22:10 - 00000000 ____D C:\Program Files (x86)\dumps
2013-07-23 22:08 - 2013-07-23 22:08 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk
2013-07-23 22:08 - 2013-07-23 22:08 - 00000917 _____ C:\ProgramData\Desktop\Steam.lnk
2013-07-23 22:06 - 2013-07-23 22:06 - 01669632 _____ C:\Users\user\Downloads\SteamInstall.msi
2013-07-23 21:22 - 2013-07-23 21:22 - 00000000 ____D C:\Users\user\AppData\Local\HP
2013-07-23 21:15 - 2013-07-10 18:45 - 00003756 _____ C:\Windows\System32\Tasks\Registration
2013-07-23 21:13 - 2013-07-10 18:45 - 00000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard_Company
2013-07-23 20:29 - 2013-07-23 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-23 20:29 - 2013-07-23 20:29 - 00000000 ____D C:\Users\user\AppData\Roaming\CyberLink
2013-07-23 20:29 - 2013-07-23 20:29 - 00000000 ____D C:\Users\user\AppData\Local\CyberLink
2013-07-23 20:29 - 2011-11-09 15:04 - 00000000 ____D C:\ProgramData\Skype
2013-07-23 20:28 - 2013-07-23 20:28 - 01492584 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\SkypeSetup.exe
2013-07-23 19:46 - 2013-07-23 19:46 - 09826585 _____ C:\Users\user\Downloads\AbstractsDark.themepack
2013-07-23 19:30 - 2007-01-01 21:25 - 00000000 ____D C:\Windows\Panther
2013-07-23 19:28 - 2013-07-23 19:28 - 00029646 _____ C:\Users\user\Documents\cc_20130723_192832.reg
2013-07-23 19:28 - 2013-07-23 19:28 - 00004032 _____ C:\Users\user\Documents\cc_20130723_192854.reg
2013-07-23 19:24 - 2013-07-23 19:24 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-23 19:24 - 2013-07-23 19:24 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-23 19:24 - 2013-07-23 19:24 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2013-07-23 19:24 - 2013-07-23 19:24 - 00000000 ____D C:\Program Files\CCleaner
2013-07-23 19:09 - 2013-07-23 18:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-23 19:09 - 2013-07-23 18:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 19:09 - 2011-11-09 14:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-23 19:02 - 2013-07-23 19:01 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-07-23 19:02 - 2013-07-23 19:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-23 19:01 - 2013-07-23 19:01 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-23 19:01 - 2013-07-23 19:01 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-23 19:00 - 2013-07-23 19:00 - 00784880 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2013-07-23 18:59 - 2013-07-23 18:59 - 00000000 ____D C:\Users\user\AppData\Local\Macromedia
2013-07-23 18:58 - 2013-07-23 18:58 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-23 18:43 - 2013-07-23 18:43 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-07-23 18:38 - 2013-07-23 18:38 - 04463512 _____ (AVG Technologies) C:\Users\user\Downloads\avg_isct_stb_all_2013_3349.exe
2013-07-23 18:35 - 2013-07-23 18:35 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-23 18:35 - 2013-07-23 18:35 - 00001151 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-23 18:35 - 2013-07-23 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-23 18:34 - 2013-07-23 18:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-07-23 18:33 - 2013-07-23 18:33 - 01160856 _____ C:\Users\user\Downloads\mozilla firefox setup.exe
2013-07-23 18:29 - 2013-07-23 18:29 - 00006034 _____ C:\Users\user\Desktop\Router_Setup.html
2013-07-23 18:29 - 2013-07-23 18:23 - 00000000 ____D C:\Netgear
2013-07-23 18:19 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-22 12:50 - 2011-11-09 15:10 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-22 12:49 - 2011-09-05 22:20 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-07-22 12:46 - 2013-07-11 09:43 - 00000000 ____D C:\Users\user\AppData\Roaming\hpqlog
2013-07-22 12:42 - 2013-07-22 12:40 - 00000000 ____D C:\Program Files\IDT
2013-07-22 12:40 - 2013-07-22 12:40 - 01987072 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2013-07-22 12:40 - 2013-07-22 12:40 - 00654336 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2013-07-22 12:40 - 2013-07-22 12:40 - 00535552 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2013-07-22 12:40 - 2013-07-22 12:40 - 00448512 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 06344704 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe
2013-07-22 12:40 - 2012-06-12 01:10 - 05298688 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 04444672 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 01819136 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl
2013-07-22 12:40 - 2012-06-12 01:10 - 01425408 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2013-07-22 12:40 - 2012-06-12 01:10 - 01085440 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 00249344 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe
2013-07-22 12:40 - 2012-06-12 01:10 - 00223744 _____ (IDT, Inc.) C:\Windows\system32\HPToneCtrls64.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 00162304 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2013-07-22 12:40 - 2012-06-12 01:10 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2013-07-22 12:40 - 2012-06-12 01:09 - 00251904 _____ (IDT, Inc.) C:\Windows\system32\staco64.dll
2013-07-22 03:35 - 2013-08-03 03:31 - 00093804 _____ C:\Windows\SysWOW64\inject.wav
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-19 09:55 - 2012-06-12 01:08 - 00773482 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-16 23:08 - 2013-08-03 03:35 - 00049110 _____ C:\Windows\SysWOW64\bypass.xem
2013-07-16 10:13 - 2013-07-16 10:13 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-15 10:56 - 2013-07-15 10:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-15 10:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-07-15 09:17 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-13 12:07 - 2013-07-11 09:54 - 00058016 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-13 12:05 - 2013-07-11 09:52 - 00001417 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-13 12:05 - 2013-07-11 09:51 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-13 12:03 - 2009-07-14 00:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 11:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 11:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 11:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-13 11:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
 
2013-07-13 11:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-13 11:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-13 11:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-07-13 11:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-07-13 10:47 - 2013-07-13 10:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-13 10:47 - 2013-07-13 10:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-13 10:47 - 2013-07-13 10:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-13 10:47 - 2013-07-13 10:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-13 10:47 - 2013-07-13 10:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-13 10:47 - 2013-07-13 10:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-13 10:47 - 2013-07-13 10:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-13 10:47 - 2013-07-13 10:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-13 10:47 - 2013-07-13 10:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-13 10:47 - 2013-07-13 10:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-13 10:47 - 2013-07-13 10:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-13 10:43 - 2013-07-13 10:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-13 10:43 - 2013-07-13 10:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-12 19:25 - 2013-07-12 19:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2013-07-12 09:57 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\restore
2013-07-11 09:53 - 2013-07-11 09:53 - 00000000 ____D C:\Users\user\AppData\Roaming\ATI
2013-07-11 09:53 - 2013-07-11 09:53 - 00000000 ____D C:\Users\user\AppData\Local\ATI
2013-07-11 09:53 - 2013-07-11 09:53 - 00000000 ____D C:\Users\user\AppData\Local\AMD
2013-07-11 09:52 - 2013-07-11 09:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Synaptics
2013-07-11 09:52 - 2013-07-11 09:43 - 00000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard
2013-07-10 18:47 - 2013-07-10 18:47 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-10 18:45 - 2013-07-10 18:45 - 00000000 ____D C:\Users\user\AppData\Local\RemEngine
2013-07-10 18:45 - 2013-07-10 18:45 - 00000000 ____D C:\Users\user\AppData\Local\AuthenTec
2013-07-10 18:45 - 2012-06-12 01:17 - 00000000 ___RD C:\Program Files\Online Services
2013-07-10 18:45 - 2011-11-09 14:54 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-07-10 18:45 - 2011-02-10 15:23 - 00000000 ____D C:\SYSTEM.SAV
2013-07-10 18:45 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-10 18:45 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-10 18:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Recovery
2013-07-10 18:45 - 2007-01-01 21:32 - 00000000 ____D C:\Recovery
2013-07-10 18:44 - 2013-07-10 18:44 - 00000020 ___SH C:\Users\user\ntuser.ini
2013-07-10 18:44 - 2013-07-10 18:44 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 07:02

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013
Ran by user at 2013-08-09 20:30:59
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


2013 (Version: 2013.0.3392)
µTorrent (HKCU Version: 3.3.1.29963)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
Aeria Ignite (x32 Version: 1.13.3296)
Akamai NetSession Interface (HKCU)
Alliance of Valiant Arms (x32)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Fuel (Version: 2011.0928.607.9079)
AMD Steady Video Plug-In (Version: 2.02.0000)
AMD System Monitor (x32 Version: 1.0.9)
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079)
AuthenTec TrueAPI (Version: 1.3.0.144)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.8188)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079)
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079)
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079)
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079)
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079)
CCC Help Czech (x32 Version: 2011.0928.0606.9079)
CCC Help Danish (x32 Version: 2011.0928.0606.9079)
CCC Help Dutch (x32 Version: 2011.0928.0606.9079)
CCC Help English (x32 Version: 2011.0928.0606.9079)
CCC Help Finnish (x32 Version: 2011.0928.0606.9079)
CCC Help French (x32 Version: 2011.0928.0606.9079)
CCC Help German (x32 Version: 2011.0928.0606.9079)
CCC Help Greek (x32 Version: 2011.0928.0606.9079)
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079)
CCC Help Italian (x32 Version: 2011.0928.0606.9079)
CCC Help Japanese (x32 Version: 2011.0928.0606.9079)
CCC Help Korean (x32 Version: 2011.0928.0606.9079)
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079)
CCC Help Polish (x32 Version: 2011.0928.0606.9079)
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079)
CCC Help Russian (x32 Version: 2011.0928.0606.9079)
CCC Help Spanish (x32 Version: 2011.0928.0606.9079)
CCC Help Swedish (x32 Version: 2011.0928.0606.9079)
CCC Help Thai (x32 Version: 2011.0928.0606.9079)
CCC Help Turkish (x32 Version: 2011.0928.0606.9079)
ccc-utility64 (Version: 2011.0928.607.9079)
CCleaner (Version: 3.20)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink YouCam (x32 Version: 3.5.0.4528)
D3DX10 (x32 Version: 15.4.2368.0902)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.1.16.1)
HP Application Assistant (Version: 1.0.409.3882)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Documentation (x32 Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.0.12)
HP MovieStore (x32 Version: 2.1.091)
HP MovieStore (x32 Version: 2.1.21091.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.8)
HP Quick Launch (x32 Version: 2.6.3)
HP QuickWeb (x32 Version: 3.1.1.10197)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 1.0.11)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP SimplePass 2012 (x32 Version: 5.3.1.7)
HP Software Framework (x32 Version: 4.5.12.1)
HP Support Assistant (x32 Version: 7.0.39.15)
IDT Audio (x32 Version: 1.0.6381.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Luxor HD (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Firefox 23.0 (x86 en-US) (HKCU Version: 23.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPC Backup (Version: )
opensource (x32 Version: 1.0.14960.3876)
Penguins! (x32 Version: 2.2.0.98)
PlanetSide 2 (x32)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Quake Live Mozilla Plugin (x32 Version: 1.0.520)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.83)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
Revo Uninstaller 1.95 (x32 Version: 1.95)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
Search Protection (HKCU Version: 7.3.0.3)
Skype™ 6.6 (x32 Version: 6.6.106)
Soldier Front 2 (x32)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
Torchlight (x32 Version: 2.2.0.98)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Validity WBF DDK (Version: 4.3.205.0)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WildTangent Games (x32 Version: 1.0.4.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.20)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points =========================

04-08-2013 21:33:20 Installed 7-Zip 9.20 (x64 edition)
05-08-2013 00:51:54 Installed HP Support Assistant
05-08-2013 03:48:41 Installed HP Support Assistant
05-08-2013 03:52:26 Windows Modules Installer
05-08-2013 03:53:27 Windows Modules Installer
05-08-2013 04:10:15 Windows Update
06-08-2013 03:37:30 Installed Quake Live Mozilla Plugin
06-08-2013 23:21:26 Before Anti Rootkit
08-08-2013 01:03:59 Before ComboFix 8/7/2013
08-08-2013 02:04:41 Installed AVG 2013
08-08-2013 02:05:08 Installed AVG 2013
08-08-2013 02:05:55 Removed AVG 2013
08-08-2013 02:10:31 Installed AVG 2013
08-08-2013 02:10:52 Installed AVG 2013
08-08-2013 02:11:28 Removed AVG 2013
08-08-2013 02:29:23 Installed AVG 2013
08-08-2013 02:30:07 Installed AVG 2013
08-08-2013 02:33:05 Installed AVG 2013
09-08-2013 00:02:25 Installed AVG 2013
09-08-2013 00:02:57 Installed AVG 2013

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05EAB058-C8F0-4744-B032-6C77C0ACF560} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {14275463-D301-4A44-9BF2-1DC89C52A3F1} - System32\Tasks\User_Feed_Synchronization-{61D3F0EB-5D9E-4192-AE04-77168BF210D5} => C:\Windows\system32\msfeedssync.exe [2013-07-13] (Microsoft Corporation)
Task: {1D41A71F-7FBA-4851-A90D-66E50C695986} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {46245CA4-02F1-47FB-A3B0-763A334EBC16} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe No File
Task: {4DA6D553-3FB0-4851-BE7A-45B734DEC906} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-16] (Hewlett-Packard)
Task: {544BF042-A113-4B58-8FA9-C68C9524B683} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {5EAF3CFB-4E76-4F08-A0CE-319A5F59BC58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {64A1C541-5723-4EB3-B930-F92A844DE0A4} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] ()
Task: {7AA03C6E-3B4C-49B1-B100-95E93D1DF7C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {842BB4E3-8551-44E7-A3D5-1B6F2F631634} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {8503F97B-A773-4FD4-AD14-3995B4AE5B11} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe No File
Task: {8EA9880A-305E-4111-B086-4B8E73DE1BBA} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-09-06] (Microsoft)
Task: {B08F023D-3712-4D53-9233-418813DF4359} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {B2DB92BE-F924-41E5-B876-E8F93C237E4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C55A0778-3DF2-48A9-9C60-2BB1DB07ECD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-16] (Hewlett-Packard)
Task: {D08ED5C9-D798-4154-801B-8A867FB52B48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23] (Adobe Systems Incorporated)
Task: {E9F38BE6-6FAC-4926-9657-8F175EB4453F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {FDF5A64D-51E0-4164-8C4B-5EF32F601D17} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

Name: Validity Sensors (WBF) (PID=0018)
Description: Validity Sensors (WBF) (PID=0018)
Class Guid: {24619924-aa9e-486f-99f9-847a5986b6be}
Manufacturer: Validity Sensors, Inc.
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 06:21:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 01:23:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 06:47:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 08:46:42 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 151c

Start Time: 01ce94999bd07201

Termination Time: 24

Application Path: C:\Users\user\Downloads\OTL.exe

Report Id: 2439e368-008d-11e3-bf5b-082e5f9ae7b1

Error: (08/08/2013 08:43:52 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1be8

Start Time: 01ce949922e03af0

Termination Time: 17

Application Path: C:\Users\user\Downloads\OTL.exe

Report Id: bf50d630-008c-11e3-bf5b-082e5f9ae7b1

Error: (08/08/2013 08:40:58 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19ec

Start Time: 01ce9498f2fe2e60

Termination Time: 15

Application Path: C:\Users\user\Downloads\OTL.exe

Report Id:


System errors:
=============
Error: (08/09/2013 06:20:50 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/09/2013 04:45:49 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/09/2013 07:05:34 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/09/2013 06:46:08 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/09/2013 02:00:19 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (08/09/2013 06:21:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 01:23:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 06:47:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 08:46:42 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0151c01ce94999bd0720124C:\Users\user\Downloads\OTL.exe2439e368-008d-11e3-bf5b-082e5f9ae7b1

Error: (08/08/2013 08:43:52 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.01be801ce949922e03af017C:\Users\user\Downloads\OTL.exebf50d630-008c-11e3-bf5b-082e5f9ae7b1

Error: (08/08/2013 08:40:58 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.019ec01ce9498f2fe2e6015C:\Users\user\Downloads\OTL.exe


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3561.91 MB
Available physical RAM: 1695.47 MB
Total Pagefile: 7122 MB
Available Pagefile: 4787.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.01 GB) (Free:369.16 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.58 GB) (Free:2.32 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E871E610)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.
redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 

Attachments

  • fixlist.txt
    1 KB · Views: 0
Status
Not open for further replies.
Back