Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MalwareBytes/Disk Check freeze


  • This topic is locked This topic is locked
45 replies to this topic

#1 Falneth

Falneth

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 17 December 2013 - 08:52 AM

I am working on my brother-in-law's laptop. It is a Toshiba Satellite C655D-S5200 with Windows 7 Home Premium 64-bit. When he brought it to me, it was because he was unable to uninstall AVG 2012 Linkscanner, could not do a MalwareBytes scan, and could not get the MS Security Essentials that his local PC repair shop put on it to run.

 

The AVG Linkscanner would continue to show up in the Add/Remove Programs list as well as in the taskbar when the computer was rebooted after doing the uninstall. I ended up having to download an AVG 2012 remover and when I ran it, it actually fully removed the Linkscanner. When the Linkscanner was removed, Security Essentials appeared in the taskbar.

 

I have tried to run MalwareBytes in normal mode and safe mode with just a quick scan but it freezes every time. It gets about 2-3 minutes in and then just stops responding. When MalwareBytes locks up, I cannot open the Start Menu, open Task Manager, or anything. Ctrl + Alt + Del does nothing either. I am forced to hold the power button to shut it down. MalwareBytes has between 31-36 things found when it locks up, so it has at least that many issues.

 

I have tried running CheckDisk as well. I scheduled it to run and then rebooted the computer. It got to stage 4 - file data verification - and completely froze at 11%. It sat doing nothing for 2 hours on the same file. The laptop does not have a hard drive activity light and I did not hear it spinning up.

 

I am thinking I will have to do a Repair Install on this laptop. I would like to avoid having to do this if possible. i have read some other threads where other people have had similar issues. I followed what they did to see if it worked for me but it has not. So far, I have run AdwCleaner, Junkware Removal Tool, and ComboFix. I realize now I should have waited to run ComboFix, but I have had to run it on my own computers so I went ahead and used it. I have all the logs if anyone wants them.

 

Any ideas would be welcome.


Edited by Falneth, 17 December 2013 - 09:04 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 22 December 2013 - 08:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517746 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 27 December 2013 - 08:55 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 01 January 2014 - 09:28 AM

The laptop in question has been continually locking up during malwarebytes and antivirus scans. Here are the steps I have tried already to fix it:

 

I have run Junkware Removal Tool 2 times, AdwCleaner 2 times, RogueKiller 64bit 1 time, and ComboFix once. I have all the logs for each run.

 

I ran MalwareBytes yesterday and recorded every time it quit responding until I ended up going to bed and the scan finished after I went to bed last night.

 

Here is the record of lockups:

 

Objects scanned: 28861
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 8 min 39 sec
 
currenty scanning:
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0020970\TC00209700E.exe
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 29155
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 2 hours 26 min 34 sec
 
currenty scanning:
C:\Program Files\TOSHIBA\TVAP\TVAP\1042.mst
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 39795
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 3 hours 55 min 18 sec
 
currenty scanning:
C:\Program Files (x86)\Toshiba\PCDiag\en-US\pcdiag.exe.mui
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 83300
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 6 hours 51 min  sec
 
currenty scanning:
C:\Windows\System32\zh-TW\msimsg.dll.mui
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 92617
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 8 hours 5 min 40 sec
 
currenty scanning:
C:\Windows\winsxs\amd64_microsoft-windows-help-vidclip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_16539581fcb7c10f\vidclip.H1S
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 92778
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 8 hours 31 min 45 sec
 
currenty scanning:
C:\Windows\winsxs\amd64_microsoft-windows-i.ersandsecurityzones_31bf3856ad364e35_10.2.9200.16521_none_32bcb170473d8916\urlmon.dll
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 94017
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 9 hours 35 min 50 sec
 
currenty scanning:
C:\Windows\winsxs\amd64_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ebd600e27f8de6bf\irprops.cpl.mui
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 94024
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 9 hours 40 min 16 sec
 
 
currenty scanning:
C:\Windows\winsxs\amd64_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7601.17514_none_4458ac8eafdacbdd\isoburn.exe
------------------------------------------------------------------------------------------------------------------------------------------------
Objects scanned: 96845
Objects detected: 0
 
scan type: Full scan [C:\]
time elapsed: 10 hours 16 min 26 sec
 
 
currenty scanning:
C:\Windows\winsxs\amd64_microsoft-windows-p.ooler-core-localspl_31bf3856ad364e35_6.1.7601.17841_none_8e1df87aa968a25f\winprint.dll
------------------------------------------------------------------------------------------------------------------------------------------------

When the scan finished, it said nothing found.

 

Also, the computer is making a strange beep anytime anything finishes, like a download or a scan. It is not the normal windows beep. Because this is the operating system that came preinstalled, I do not have the original windows install dvd but I did find ISO's that will allow me to do a reinstall. I did download them and have them ready to burn to dvd if need be. The website I obtained them from said they are microsoft released dvd iso's. digital river content is where I obtained the ISO's.

 

The current DDS log is as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by Ju at 7:55:40 on 2014-01-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1432 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uProxyOverride = <local>
mCustomizeSearch = hxxp://www.google.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Toolbar BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
BHO: Search Assistant BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} - 
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\Ju\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=2164751a647547d18574d16f2a26566f-1c8b9fc74ae23dd726a1f31373c012c46eec35a3 /CMPID=1213b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - 
Trusted Zone: $talisma_url$
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 8.8.4.4 8.8.8.8
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3} : DHCPNameServer = 8.8.4.4 8.8.8.8
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\25966756273796465602E4F6274786 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\27564627F6F66613 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\27564627F6F66633 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\27564627F6F666F514 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\46C696E6B6 : DHCPNameServer = 206.246.0.5 206.246.0.6
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - 
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-6-1 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-6-1 38016]
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-6-1 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-16 701512]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-1 126392]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-23 1153368]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-1 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-16 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-1 38096]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 SRS_AE_Service;SRS Audio;C:\windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-1 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 McciServiceHost;McciServiceHost;"C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" --> C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [?]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-12-16 36680]
S3 McAfee ScanAndRepair Svc;McAfee ScanAndRepair Svc;"C:\Program Files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe" --> C:\Program Files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-12-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-1 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-1 1109096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-12-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-12-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-21 15:00:55 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-21 14:25:18 -------- d-----w- C:\Users\Ju\AppData\Roaming\AVG2014
2013-12-21 14:24:26 -------- d-----w- C:\Users\Ju\AppData\Roaming\TuneUp Software
2013-12-21 14:21:39 -------- d-----w- C:\ProgramData\AVG2014
2013-12-21 14:15:31 -------- d-----w- C:\Users\Ju\AppData\Local\MFAData
2013-12-21 14:15:31 -------- d-----w- C:\Users\Ju\AppData\Local\Avg2014
2013-12-21 14:15:31 -------- d-----w- C:\ProgramData\MFAData
2013-12-20 13:06:10 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{002F3548-A03F-468D-8F7E-497C0A545DEA}\mpengine.dll
2013-12-20 13:00:26 -------- d-----w- C:\Program Files\McAfee
2013-12-19 01:14:59 71552 ----a-w- C:\windows\System32\drivers\volmgr.sys.bak
2013-12-17 02:26:49 -------- d-----w- C:\windows\ERUNT
2013-12-17 02:18:16 -------- d-----w- C:\AdwCleaner
2013-12-16 22:40:11 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-12-16 22:37:11 -------- d-----w- C:\Users\Ju\AppData\Roaming\Malwarebytes
2013-12-16 22:36:13 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-16 22:36:09 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-12-16 22:36:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 23:42:31 -------- d-----w- C:\Users\Ju\AppData\Local\Macromedia
2013-12-15 23:40:01 -------- d-----w- C:\Users\Ju\AppData\Local\Mozilla
2013-12-15 23:35:23 -------- d-----w- C:\Program Files (x86)\McAfee
2013-12-15 20:01:59 5773824 ----a-w- C:\windows\System32\mstscax.dll
2013-12-15 20:01:30 -------- d-----w- C:\history
2013-12-15 19:57:13 -------- d-----w- C:\Program Files\Synaptics
2013-12-15 19:51:05 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2013-12-15 19:51:05 366592 ----a-w- C:\windows\System32\qdvd.dll
2013-12-15 19:12:46 -------- d-----w- C:\windows\Migration
2013-12-12 09:06:02 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 09:06:02 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:06:00 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2013-12-12 09:05:58 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2013-12-12 09:01:59 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-12-12 09:01:58 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-12-12 05:51:10 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-12-12 05:51:10 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-12-12 05:51:09 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-12-12 05:51:07 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-12-12 05:51:07 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-12-12 05:51:05 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-12 05:51:05 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-12-12 05:50:57 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-12-12 05:50:57 2048 ----a-w- C:\windows\System32\tzres.dll
2013-12-12 05:50:46 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-12-12 05:50:46 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
2013-12-12 05:50:45 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-12-12 05:50:45 156160 ----a-w- C:\windows\System32\cscript.exe
2013-12-12 05:50:45 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-12-12 05:50:45 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-12-12 05:50:44 168960 ----a-w- C:\windows\System32\wscript.exe
2013-12-12 05:50:44 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-12-12 05:50:44 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-12-12 05:50:44 126976 ----a-w- C:\windows\SysWow64\cscript.exe
.
==================== Find3M  ====================
.
2013-12-12 22:58:18 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 22:58:18 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 18:25:52 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-06 03:55:48 150808 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2013-11-05 03:52:42 240920 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-11-01 05:00:18 212280 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-11-01 04:49:46 294712 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-10-25 04:25:58 194872 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll
.
============= FINISH:  7:56:59.03 ===============
 

Attached Files


A.A.S in Computer and Network Support from Crowder College


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:15 PM

Posted 01 January 2014 - 11:43 AM

Hello Falneth, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

====================================

 

Also, please copy and paste the ComboFix.txt into the reply as well that you previously ran.


Best Regards,
oneof4.


#6 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 01 January 2014 - 12:28 PM

I will not do anything unless directed from here on out. I ran those other tools (minus the ComboFix) when I was following directions from MalwareBytes help forum. I had asked for help there first before I asked for help here. I will have to post each log in a separate post because all together it is too long.

Checkup.txt:

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

A.A.S in Computer and Network Support from Crowder College


#7 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 01 January 2014 - 12:30 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Ju (administrator) on JU-PC on 01-01-2014 11:18:13
Running from C:\Users\Ju\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Ju\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=2164751a647547d18574d16f2a26566f-1c8b9fc74ae23dd726a1f31373c012c46eec35a3 /CMPID=1213b
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {E4B49DCA-27D6-44E1-9B97-C96D38DB21B2} URL = 
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FROMDO~2\bar\1.bin\65bar.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
Toolbar: HKLM-x32 - No Name - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Google Wallet) - C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [opilbjgolebgjkdcmnocgmojaghhcckm] - C:\ProgramData\wxDownload\opilbjgolebgjkdcmnocgmojaghhcckm.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 McAfee ScanAndRepair Svc; "C:\Program Files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe" [x]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [36680 2013-12-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 hfgfazxo; \??\C:\windows\system32\drivers\hfgfazxo.sys [x]
S1 hvscfecd; \??\C:\windows\system32\drivers\hvscfecd.sys [x]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-01 11:18 - 2014-01-01 11:19 - 00014179 _____ C:\Users\Ju\Desktop\FRST.txt
2014-01-01 11:18 - 2014-01-01 11:18 - 00000000 ____D C:\FRST
2014-01-01 10:58 - 2014-01-01 10:58 - 01931302 _____ (Farbar) C:\Users\Ju\Desktop\FRST64.exe
2014-01-01 10:58 - 2014-01-01 10:58 - 00987410 _____ C:\Users\Ju\Desktop\SecurityCheck.exe
2014-01-01 07:54 - 2013-12-31 11:01 - 00688992 ____R (Swearware) C:\Users\Ju\Desktop\dds.com
2013-12-21 08:25 - 2013-12-21 08:25 - 00000000 ____D C:\Users\Ju\AppData\Roaming\AVG2014
2013-12-21 08:24 - 2013-12-21 08:24 - 00000936 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-12-21 08:24 - 2013-12-21 08:24 - 00000000 ____D C:\Users\Ju\AppData\Roaming\TuneUp Software
2013-12-21 08:21 - 2013-12-21 08:24 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-21 08:15 - 2014-01-01 10:02 - 00000000 ____D C:\ProgramData\MFAData
2013-12-21 08:15 - 2014-01-01 07:49 - 00000000 ____D C:\Users\Ju\AppData\Local\Avg2014
2013-12-21 08:15 - 2013-12-21 08:15 - 00000000 ____D C:\Users\Ju\AppData\Local\MFAData
2013-12-21 08:05 - 2013-12-21 08:10 - 149157408 _____ (AVG Technologies) C:\Users\Ju\Downloads\avg_free_x64_all_2014_4259a6848.exe
2013-12-21 08:03 - 2013-12-21 08:03 - 00002230 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-20 07:00 - 2013-12-20 07:00 - 00000000 ____D C:\Program Files\McAfee
2013-12-18 19:21 - 2013-12-16 18:19 - 00037582 _____ C:\Users\Public\ComboFix.txt
2013-12-18 19:16 - 2013-12-18 19:15 - 00002638 _____ C:\Users\Public\RKreport[0]_S_12182013_191510.txt
2013-12-18 19:15 - 2013-12-18 19:15 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00088576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\watchdog.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00027776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wacompen.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00022096 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wimmount.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00021504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00021056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wd.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00016464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmilib.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmiacpi.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwf.sys.bak
2013-12-18 19:14 - 2013-12-18 19:15 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 08283136 _____ (ATI Technologies Inc.) C:\windows\system32\Drivers\atikmdag.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 03286016 _____ (Broadcom Corporation) C:\windows\system32\Drivers\evbda.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01656680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01581184 _____ (Conexant Systems Inc.) C:\windows\system32\Drivers\CHDRT64.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01524816 _____ (QLogic Corporation) C:\windows\system32\Drivers\ql2300.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01514568 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtwlane.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01221224 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8192se.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01109096 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8192ce.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00651264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00626792 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl819xp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00549704 _____ C:\windows\system32\Drivers\SRS_AE_amd64.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00530496 _____ (Emulex) C:\windows\system32\Drivers\elxstor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00524528 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00491088 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adp94xx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00468480 _____ (Broadcom Corporation) C:\windows\system32\Drivers\bxvbda.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00467456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00450048 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187B.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00442368 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187Se.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spsys.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00410496 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00376688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00366976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00363392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00339536 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpahci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00334208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00318976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00295808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00294400 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\atikmpag.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00289664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fltMgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00288088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00286720 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrSerId.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00284736 _____ (LSI Corporation, Inc.) C:\windows\system32\Drivers\MegaSR.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00273792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00270848 _____ (Broadcom Corporation) C:\windows\system32\Drivers\b57nd60a.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00265064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00261632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00248240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\MpFilter.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00243712 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsUStor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\1394ohci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00220752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcmcia.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00215936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00213888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdyboost.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00195072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00194128 _____ (AMD Technologies Inc.) C:\windows\system32\Drivers\amdsbs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00189824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00184704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00182864 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpu320.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00179072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00171392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scsiport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00169584 _____ (Atheros Communications, Inc.) C:\windows\system32\Drivers\L1C62x64.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00168448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00166272 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00164352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiswan.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\windows\system32\Drivers\vsmraid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00155008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00148352 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdrom.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00140672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msdsm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00137512 _____ (ELAN Microelectronics Corp.) C:\windows\system32\Drivers\ETD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00134944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NisDrvWFP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pacer.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00128592 _____ (QLogic Corporation) C:\windows\system32\Drivers\ql40xx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00125440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00122960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irda.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipnat.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00115776 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00114752 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_fc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00113152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00111104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspptp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00107904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00106560 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00103808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sbp2port.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxg.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00097856 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\arcsas.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\parport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00094592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00094208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serial.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00093184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\smb.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspppoe.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00087632 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\arc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rassstp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00080464 _____ (Silicon Integrated Systems) C:\windows\system32\Drivers\sisraid4.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00078848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00078720 _____ (Hewlett-Packard Company) C:\windows\system32\Drivers\HpSAMD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rspndr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00075904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amd_sata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00075120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00073280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00072832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ohci1394.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthmodem.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00071552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00070224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fileinfo.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00068864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\Drivers\1394bus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00065600 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00065088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00064592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00064080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UAGP35.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00063360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\termdd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00061008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\lltdio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndisuio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00055376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fsdepends.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00055128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpfve.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00051264 _____ (IBM Corporation) C:\windows\system32\Drivers\nfrd960.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00050768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcw.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00050768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00049216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00048720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciidex.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umbus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00047104 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\qwavedrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidir.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\circlass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\blbdrive.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbios.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\windows\system32\Drivers\iirsp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\windows\system32\Drivers\sisraid2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\modem.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\discache.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00039504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CompositeBus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00038096 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\PGEffect.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00038016 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amd_xata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00036680 _____ C:\windows\system32\Drivers\mbamchameleon.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00036432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vdrvroot.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00035392 _____ (LSI Corporation) C:\windows\system32\Drivers\megasas.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiscap.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\filetrace.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00032320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mssmbios.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbrpm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\windows\system32\Drivers\hcw85cir.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msahci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scfilter.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fdc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vgapnp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vga.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tape.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00028736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dumpata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00028240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\battc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00027784 _____ (TOSHIBA Corporation.) C:\windows\system32\Drivers\tdcmdpst.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00027520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00027008 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026840 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\TVALZ_O.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbatt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024656 _____ (Promise Technology) C:\windows\system32\Drivers\stexstor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifibus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\flpydisk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crcdisk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\atapi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpbus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdtcp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serenum.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fs_rec.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\asyncmac.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\windows\system32\Drivers\secdrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mcd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00021584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\compbatt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\smclib.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksthunk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00020544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00019008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spldr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00018432 _____ (Brother Industries, Ltd.) C:\windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irenum.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CmBatt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017488 _____ (VIA Technologies, Inc.) C:\windows\system32\Drivers\viaide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017488 _____ (CMD Technology, Inc.) C:\windows\system32\Drivers\cmdide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00016960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sfloppy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxapi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdpipe.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015440 _____ (Acer Laboratories Inc.) C:\windows\system32\Drivers\aliide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\MTConfig.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014976 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasacd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hwpolicy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014720 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sffp_sd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sffdisk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpipmi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00012496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\swenum.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00012352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rootmdm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00011136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mskssrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umpass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\errdev.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00009216 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\FwLnk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008704 _____ (Brother Industries, Ltd.) C:\windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RDPREFMP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mshidkmdf.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mstee.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RDPCDD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspclock.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00006784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspqm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\beep.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\null.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys.bak
2013-12-18 19:09 - 2013-12-18 19:07 - 00000883 _____ C:\Users\Public\AdwCleaner[S1].txt
2013-12-18 18:48 - 2013-12-18 18:43 - 04359168 _____ C:\Users\Public\RogueKillerX64.exe
2013-12-18 08:27 - 2013-12-18 08:27 - 00024301 _____ C:\Users\Public\dds.txt
2013-12-18 08:27 - 2013-12-18 08:27 - 00005641 _____ C:\Users\Public\attach.txt
2013-12-18 08:25 - 2013-12-18 08:24 - 00688992 ____R (Swearware) C:\Users\Public\dds.scr
2013-12-16 20:50 - 2013-12-18 19:03 - 00000776 _____ C:\Users\Public\JRT.txt
2013-12-16 20:26 - 2013-12-16 20:26 - 00000000 ____D C:\windows\ERUNT
2013-12-16 20:22 - 2013-12-16 20:23 - 00021960 _____ C:\Users\Public\AdwCleaner[S0].txt
2013-12-16 20:18 - 2013-12-18 19:07 - 00000000 ____D C:\AdwCleaner
2013-12-16 20:17 - 2013-12-16 20:15 - 01226750 _____ C:\Users\Public\AdwCleaner.exe
2013-12-16 20:17 - 2013-12-16 20:15 - 01034531 _____ (Thisisu) C:\Users\Public\JRT.exe
2013-12-16 17:13 - 2013-12-21 09:00 - 00000000 ____D C:\windows\erdnt
2013-12-16 16:40 - 2013-12-16 16:40 - 00036680 _____ C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-16 16:37 - 2013-12-16 16:37 - 00000000 ____D C:\Users\Ju\AppData\Roaming\Malwarebytes
2013-12-16 16:36 - 2013-12-16 16:36 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-16 16:36 - 2013-12-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-16 16:36 - 2013-12-16 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-16 16:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-16 16:34 - 2013-12-16 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ju\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-16 15:49 - 2013-12-16 16:23 - 00541628 _____ C:\Users\Ju\Downloads\avgremover.log
2013-12-16 15:40 - 2013-12-16 15:40 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ju\Downloads\avg_remover_stf_x64_2012_2125.exe
2013-12-16 15:17 - 2014-01-01 11:00 - 00001266 _____ C:\windows\setupact.log
2013-12-16 15:17 - 2013-12-21 09:04 - 00044320 _____ C:\windows\PFRO.log
2013-12-16 15:17 - 2013-12-16 15:17 - 00000000 _____ C:\windows\setuperr.log
2013-12-15 17:42 - 2013-12-15 17:42 - 00000000 ____D C:\Users\Ju\AppData\Local\Macromedia
2013-12-15 17:40 - 2013-12-21 08:06 - 00000000 ____D C:\Users\Ju\AppData\Local\Mozilla
2013-12-15 17:36 - 2013-12-15 17:36 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-15 17:35 - 2013-12-31 10:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-15 17:35 - 2013-12-15 17:34 - 23288584 _____ (Mozilla) C:\Users\Ju\Downloads\Firefox_Setup [1].exe
2013-12-15 14:02 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2013-12-15 14:02 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2013-12-15 14:02 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2013-12-15 14:02 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-12-15 14:02 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2013-12-15 14:02 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2013-12-15 14:02 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-12-15 14:02 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-12-15 14:02 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2013-12-15 14:02 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-12-15 14:02 - 2012-08-23 07:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2013-12-15 14:02 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-12-15 14:02 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-12-15 14:02 - 2012-08-23 06:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-12-15 14:02 - 2012-08-23 05:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-12-15 14:02 - 2012-08-23 05:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2013-12-15 14:02 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-12-15 14:02 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2013-12-15 14:02 - 2012-08-23 04:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-12-15 14:02 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2013-12-15 14:02 - 2012-08-23 04:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2013-12-15 14:02 - 2012-08-23 04:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-12-15 14:02 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-12-15 14:02 - 2012-08-23 02:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2013-12-15 14:01 - 2012-08-23 02:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-12-15 13:57 - 2013-12-15 13:57 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2013-12-15 13:57 - 2013-12-15 13:57 - 00000000 ____D C:\Program Files\Synaptics
2013-12-15 13:51 - 2012-05-04 05:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2013-12-15 13:51 - 2012-05-04 03:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2013-12-14 09:39 - 2014-01-01 11:01 - 00003350 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2013-12-14 09:39 - 2014-01-01 11:01 - 00003210 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2013-12-12 03:06 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 03:05 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-12 03:02 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-12 03:02 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-12 03:02 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 03:02 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-12 03:02 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 03:02 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 03:02 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-12 03:02 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 03:02 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-12 03:02 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-12 03:02 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-12 03:02 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-12 03:02 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-12 03:01 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 03:01 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 23:51 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 23:51 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 23:51 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 23:51 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 23:51 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 23:51 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 23:51 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 23:50 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 23:50 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 23:50 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 23:50 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 23:50 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 23:50 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 23:50 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 23:50 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 23:50 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 23:50 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 23:50 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 23:50 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 21:05 - 2013-12-20 06:59 - 00003328 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2013-12-10 21:05 - 2013-12-20 06:59 - 00003188 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2013-12-03 03:04 - 2013-12-03 03:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-12-03 03:04 - 2013-12-03 03:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-12-03 03:04 - 2013-12-03 03:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-12-03 03:04 - 2013-12-03 03:04 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-12-03 03:04 - 2013-12-03 03:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-12-03 03:04 - 2013-12-03 03:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-12-03 03:04 - 2013-12-03 03:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-01 11:19 - 2014-01-01 11:18 - 00014179 _____ C:\Users\Ju\Desktop\FRST.txt
2014-01-01 11:18 - 2014-01-01 11:18 - 00000000 ____D C:\FRST
2014-01-01 11:17 - 2013-06-26 12:03 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 11:15 - 2013-01-10 07:01 - 00000332 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2014-01-01 11:10 - 2009-07-13 23:13 - 00799374 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-01 11:08 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 11:08 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 11:03 - 2011-06-01 12:04 - 01057086 _____ C:\windows\WindowsUpdate.log
2014-01-01 11:01 - 2013-12-14 09:39 - 00003350 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2014-01-01 11:01 - 2013-12-14 09:39 - 00003210 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2014-01-01 11:00 - 2013-12-16 15:17 - 00001266 _____ C:\windows\setupact.log
2014-01-01 11:00 - 2013-06-26 12:03 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 11:00 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-01 10:58 - 2014-01-01 10:58 - 01931302 _____ (Farbar) C:\Users\Ju\Desktop\FRST64.exe
2014-01-01 10:58 - 2014-01-01 10:58 - 00987410 _____ C:\Users\Ju\Desktop\SecurityCheck.exe
2014-01-01 10:57 - 2013-09-24 16:02 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 10:02 - 2013-12-21 08:15 - 00000000 ____D C:\ProgramData\MFAData
2014-01-01 09:59 - 2012-12-31 10:38 - 00000338 _____ C:\windows\Tasks\Playtopus Updater.job
2014-01-01 07:49 - 2013-12-21 08:15 - 00000000 ____D C:\Users\Ju\AppData\Local\Avg2014
2013-12-31 11:01 - 2014-01-01 07:54 - 00688992 ____R (Swearware) C:\Users\Ju\Desktop\dds.com
2013-12-31 10:38 - 2013-12-15 17:35 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-21 09:05 - 2012-11-10 15:48 - 00000000 ____D C:\ProgramData\McAfee
2013-12-21 09:04 - 2013-12-16 15:17 - 00044320 _____ C:\windows\PFRO.log
2013-12-21 09:00 - 2013-12-16 17:13 - 00000000 ____D C:\windows\erdnt
2013-12-21 08:25 - 2013-12-21 08:25 - 00000000 ____D C:\Users\Ju\AppData\Roaming\AVG2014
2013-12-21 08:24 - 2013-12-21 08:24 - 00000936 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-12-21 08:24 - 2013-12-21 08:24 - 00000000 ____D C:\Users\Ju\AppData\Roaming\TuneUp Software
2013-12-21 08:24 - 2013-12-21 08:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-21 08:20 - 2011-12-29 16:43 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-21 08:15 - 2013-12-21 08:15 - 00000000 ____D C:\Users\Ju\AppData\Local\MFAData
2013-12-21 08:12 - 2011-03-29 20:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-21 08:11 - 2013-01-09 19:10 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-21 08:10 - 2013-12-21 08:05 - 149157408 _____ (AVG Technologies) C:\Users\Ju\Downloads\avg_free_x64_all_2014_4259a6848.exe
2013-12-21 08:10 - 2012-11-12 08:05 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-21 08:10 - 2011-11-21 18:19 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-21 08:09 - 2012-12-31 10:38 - 00000000 ____D C:\Users\Ju\AppData\Roaming\Mozilla
2013-12-21 08:09 - 2012-10-07 04:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 08:06 - 2013-12-15 17:40 - 00000000 ____D C:\Users\Ju\AppData\Local\Mozilla
2013-12-21 08:03 - 2013-12-21 08:03 - 00002230 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-21 08:02 - 2011-06-01 12:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-21 08:01 - 2011-11-19 16:25 - 00000000 ____D C:\Users\Ju\AppData\Local\Google
2013-12-20 07:02 - 2012-08-12 08:09 - 00001945 _____ C:\windows\epplauncher.mif
2013-12-20 07:00 - 2013-12-20 07:00 - 00000000 ____D C:\Program Files\McAfee
2013-12-20 06:59 - 2013-12-10 21:05 - 00003328 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2013-12-20 06:59 - 2013-12-10 21:05 - 00003188 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2952883985-3304835424-3763697947-1000
2013-12-18 19:15 - 2013-12-18 19:16 - 00002638 _____ C:\Users\Public\RKreport[0]_S_12182013_191510.txt
2013-12-18 19:15 - 2013-12-18 19:15 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00088576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\watchdog.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00027776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wacompen.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00022096 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wimmount.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00021504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00021056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wd.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00016464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmilib.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmiacpi.sys.bak
2013-12-18 19:15 - 2013-12-18 19:15 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwf.sys.bak
2013-12-18 19:15 - 2013-12-18 19:14 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 08283136 _____ (ATI Technologies Inc.) C:\windows\system32\Drivers\atikmdag.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 03286016 _____ (Broadcom Corporation) C:\windows\system32\Drivers\evbda.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01656680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01581184 _____ (Conexant Systems Inc.) C:\windows\system32\Drivers\CHDRT64.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01524816 _____ (QLogic Corporation) C:\windows\system32\Drivers\ql2300.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01514568 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtwlane.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01221224 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8192se.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 01109096 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8192ce.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00651264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00626792 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl819xp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00549704 _____ C:\windows\system32\Drivers\SRS_AE_amd64.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00530496 _____ (Emulex) C:\windows\system32\Drivers\elxstor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00524528 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00491088 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adp94xx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00468480 _____ (Broadcom Corporation) C:\windows\system32\Drivers\bxvbda.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00467456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00450048 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187B.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00442368 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187Se.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spsys.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00410496 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00376688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00366976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00363392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00339536 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpahci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00334208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00318976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00295808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00294400 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\atikmpag.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00289664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fltMgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00288088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00286720 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrSerId.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00284736 _____ (LSI Corporation, Inc.) C:\windows\system32\Drivers\MegaSR.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00273792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00270848 _____ (Broadcom Corporation) C:\windows\system32\Drivers\b57nd60a.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00265064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00261632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00248240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\MpFilter.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00243712 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsUStor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\1394ohci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00220752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcmcia.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00215936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00213888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdyboost.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00195072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00194128 _____ (AMD Technologies Inc.) C:\windows\system32\Drivers\amdsbs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00189824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00184704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00182864 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpu320.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00179072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00171392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scsiport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00169584 _____ (Atheros Communications, Inc.) C:\windows\system32\Drivers\L1C62x64.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00168448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00166272 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00164352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiswan.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\windows\system32\Drivers\vsmraid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00155008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00148352 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdrom.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00140672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msdsm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00137512 _____ (ELAN Microelectronics Corp.) C:\windows\system32\Drivers\ETD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00134944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NisDrvWFP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pacer.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00128592 _____ (QLogic Corporation) C:\windows\system32\Drivers\ql40xx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00125440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00122960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irda.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipnat.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00115776 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00114752 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_fc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00113152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00111104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspptp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00107904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00106560 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00103808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sbp2port.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxg.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00097856 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\arcsas.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\parport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00094592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00094208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serial.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00093184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\smb.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspppoe.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00087632 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\arc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rassstp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00080464 _____ (Silicon Integrated Systems) C:\windows\system32\Drivers\sisraid4.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00078848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00078720 _____ (Hewlett-Packard Company) C:\windows\system32\Drivers\HpSAMD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rspndr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00075904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amd_sata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00075120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00073280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00072832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ohci1394.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthmodem.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00071552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00070224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fileinfo.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00068864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\Drivers\1394bus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00065600 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00065088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00064592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00064080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UAGP35.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00063360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\termdd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00061008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\lltdio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndisuio.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00055376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fsdepends.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00055128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpfve.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00051264 _____ (IBM Corporation) C:\windows\system32\Drivers\nfrd960.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00050768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcw.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00050768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00049216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00048720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciidex.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umbus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00047104 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\qwavedrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidir.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\circlass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\blbdrive.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbios.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\windows\system32\Drivers\iirsp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\windows\system32\Drivers\sisraid2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\modem.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\discache.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00039504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CompositeBus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00038096 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\PGEffect.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00038016 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amd_xata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00036680 _____ C:\windows\system32\Drivers\mbamchameleon.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00036432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vdrvroot.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00035392 _____ (LSI Corporation) C:\windows\system32\Drivers\megasas.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiscap.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\filetrace.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00032320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mssmbios.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbrpm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\windows\system32\Drivers\hcw85cir.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00031104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msahci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scfilter.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fdc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vgapnp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vga.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tape.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00028736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dumpata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00028240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\battc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00027784 _____ (TOSHIBA Corporation.) C:\windows\system32\Drivers\tdcmdpst.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00027520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00027008 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026840 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\TVALZ_O.SYS.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbatt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msfs.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024656 _____ (Promise Technology) C:\windows\system32\Drivers\stexstor.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifibus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\flpydisk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crcdisk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\atapi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpbus.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdtcp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serenum.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fs_rec.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\asyncmac.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\windows\system32\Drivers\secdrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mcd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00021584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\compbatt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\smclib.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksthunk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00020544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00019008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spldr.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00018432 _____ (Brother Industries, Ltd.) C:\windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irenum.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CmBatt.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017488 _____ (VIA Technologies, Inc.) C:\windows\system32\Drivers\viaide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00017488 _____ (CMD Technology, Inc.) C:\windows\system32\Drivers\cmdide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00016960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sfloppy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxapi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdpipe.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015440 _____ (Acer Laboratories Inc.) C:\windows\system32\Drivers\aliide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\MTConfig.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014976 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasacd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hwpolicy.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014720 _____ (Brother Industries Ltd.) C:\windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sffp_sd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sffdisk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpipmi.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00012496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\swenum.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00012352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciide.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rootmdm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00011136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mskssrv.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umpass.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\errdev.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00009216 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\FwLnk.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008704 _____ (Brother Industries, Ltd.) C:\windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RDPREFMP.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mshidkmdf.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00008064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mstee.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RDPCDD.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspclock.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00006784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspqm.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\beep.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\null.sys.bak
2013-12-18 19:14 - 2013-12-18 19:14 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys.bak
2013-12-18 19:07 - 2013-12-18 19:09 - 00000883 _____ C:\Users\Public\AdwCleaner[S1].txt
2013-12-18 19:07 - 2013-12-16 20:18 - 00000000 ____D C:\AdwCleaner
2013-12-18 19:03 - 2013-12-16 20:50 - 00000776 _____ C:\Users\Public\JRT.txt
2013-12-18 18:43 - 2013-12-18 18:48 - 04359168 _____ C:\Users\Public\RogueKillerX64.exe
2013-12-18 08:27 - 2013-12-18 08:27 - 00024301 _____ C:\Users\Public\dds.txt
2013-12-18 08:27 - 2013-12-18 08:27 - 00005641 _____ C:\Users\Public\attach.txt
2013-12-18 08:24 - 2013-12-18 08:25 - 00688992 ____R (Swearware) C:\Users\Public\dds.scr
2013-12-16 20:26 - 2013-12-16 20:26 - 00000000 ____D C:\windows\ERUNT
2013-12-16 20:23 - 2013-12-16 20:22 - 00021960 _____ C:\Users\Public\AdwCleaner[S0].txt
2013-12-16 20:15 - 2013-12-16 20:17 - 01226750 _____ C:\Users\Public\AdwCleaner.exe
2013-12-16 20:15 - 2013-12-16 20:17 - 01034531 _____ (Thisisu) C:\Users\Public\JRT.exe
2013-12-16 18:20 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2013-12-16 18:19 - 2013-12-18 19:21 - 00037582 _____ C:\Users\Public\ComboFix.txt
2013-12-16 18:11 - 2009-07-13 20:34 - 00000215 _____ C:\windows\system.ini
2013-12-16 18:10 - 2009-07-13 20:34 - 69992448 _____ C:\windows\system32\config\software.bak
2013-12-16 18:10 - 2009-07-13 20:34 - 14680064 _____ C:\windows\system32\config\system.bak
2013-12-16 18:10 - 2009-07-13 20:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-12-16 18:10 - 2009-07-13 20:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-12-16 18:10 - 2009-07-13 20:34 - 00262144 _____ C:\windows\system32\config\default.bak
2013-12-16 16:40 - 2013-12-16 16:40 - 00036680 _____ C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-16 16:37 - 2013-12-16 16:37 - 00000000 ____D C:\Users\Ju\AppData\Roaming\Malwarebytes
2013-12-16 16:36 - 2013-12-16 16:36 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-16 16:36 - 2013-12-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-16 16:36 - 2013-12-16 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-16 16:35 - 2013-12-16 16:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ju\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-16 16:23 - 2013-12-16 15:49 - 00541628 _____ C:\Users\Ju\Downloads\avgremover.log
2013-12-16 15:44 - 2013-08-02 07:07 - 00000000 ____D C:\Users\Ju\AppData\Local\CrashDumps
2013-12-16 15:40 - 2013-12-16 15:40 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ju\Downloads\avg_remover_stf_x64_2012_2125.exe
2013-12-16 15:17 - 2013-12-16 15:17 - 00000000 _____ C:\windows\setuperr.log
2013-12-15 17:42 - 2013-12-15 17:42 - 00000000 ____D C:\Users\Ju\AppData\Local\Macromedia
2013-12-15 17:36 - 2013-12-15 17:36 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-15 17:34 - 2013-12-15 17:35 - 23288584 _____ (Mozilla) C:\Users\Ju\Downloads\Firefox_Setup [1].exe
2013-12-15 16:56 - 2011-11-19 16:21 - 00000000 ____D C:\Users\Ju
2013-12-15 16:55 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-15 16:55 - 2009-07-13 21:20 - 00000000 ____D C:\windows\registration
2013-12-15 15:21 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2013-12-15 14:05 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-15 13:57 - 2013-12-15 13:57 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2013-12-15 13:57 - 2013-12-15 13:57 - 00000000 ____D C:\Program Files\Synaptics
2013-12-15 13:16 - 2012-08-12 08:07 - 00775084 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-12-15 03:05 - 2013-07-19 15:33 - 00000000 ____D C:\windows\system32\MRT
2013-12-15 03:01 - 2012-02-14 13:37 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-13 19:37 - 2013-10-01 13:29 - 00000258 __RSH C:\Users\Ju\ntuser.pol
2013-12-12 18:12 - 2009-07-13 23:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-12 16:58 - 2013-09-24 16:02 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 16:58 - 2013-07-31 18:03 - 00000000 ____D C:\Users\Ju\AppData\Local\Adobe
2013-12-12 16:58 - 2012-08-09 19:09 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 16:58 - 2012-08-09 19:09 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 03:25 - 2009-07-13 22:45 - 00275712 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-07 01:12 - 2013-06-26 12:03 - 00003886 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 01:12 - 2013-06-26 12:03 - 00003634 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 03:04 - 2013-12-03 03:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-12-03 03:04 - 2013-12-03 03:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-12-03 03:04 - 2013-12-03 03:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-12-03 03:04 - 2013-12-03 03:04 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-12-03 03:04 - 2013-12-03 03:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-12-03 03:04 - 2013-12-03 03:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-12-03 03:04 - 2013-12-03 03:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-12-03 03:04 - 2013-12-03 03:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-12-03 03:04 - 2013-12-03 03:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
 
Files to move or delete:
====================
C:\Users\Public\AdwCleaner.exe
C:\Users\Public\JRT.exe
C:\Users\Public\RogueKillerX64.exe
 
 
Some content of TEMP:
====================
C:\Users\Ju\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Ju\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-01 01:57
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Ju at 2014-01-01 11:20:45
Running from C:\Users\Ju\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (Version: 3.0.808.0 - ATI Technologies, Inc.)
AVG 2014 (Version: 14.0.3658 - AVG Technologies)
AVG 2014 (Version: 14.0.4259 - AVG Technologies)
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0216.726.13233 - ATI)
Catalyst Control Center InstallProxy (x32 Version: 2011.0216.726.13233 - ATI Technologies, Inc.)
Catalyst Control Center Localization All (x32 Version: 2011.0216.726.13233 - ATI)
CCC Help Chinese Standard (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Chinese Traditional (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Czech (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Danish (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Dutch (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help English (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Finnish (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help French (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help German (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Greek (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Hungarian (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Italian (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Japanese (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Korean (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Norwegian (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Polish (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Portuguese (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Russian (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Spanish (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Swedish (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Thai (x32 Version: 2011.0216.0725.13233 - ATI)
CCC Help Turkish (x32 Version: 2011.0216.0725.13233 - ATI)
ccc-core-static (x32 Version: 2011.0216.726.13233 - ATI)
ccc-utility64 (Version: 2011.0216.726.13233 - ATI)
Conexant HD Audio (Version: 8.54.1.0 - Conexant)
Coupon Printer for Windows (x32 Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (x32 Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (x32 Version: 1.0.0.10712 - HP Photo Creations Powered by RocketLife)
Internet TV for Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 17 (x32 Version: 7.0.170 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Label@Once 1.0 (x32 Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.5.2.3456 (x32 Version: 1.5.2.3456 - MPC-HC Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft)
Origin (x32 Version: 8.5.0.4554 - Electronic Arts, Inc.)
Plants vs. Zombies (x32 Version:  - PopCap Games)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Playtopus (HKCU Version:  - Playtopus)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc)
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc)
Synaptics Pointing Device Driver (Version: 17.0.8.21 - Synaptics Incorporated)
The Weather Channel App (x32 Version:  - )
Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (x32 Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (x32 Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (x32 Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (x32 Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (x32 Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (x32 Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (x32 Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.1.1 - TOSHIBA Corporation)
ToshibaRegistration (x32 Version: 1.0.4 - Toshiba)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.)
 
==================== Restore Points  =========================
 
21-12-2013 15:00:44 ComboFix created restore point
01-01-2014 07:57:19 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2013-12-16 18:11 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0740B58E-12C4-4EF6-A39D-894206198C78} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2952883985-3304835424-3763697947-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {095AFE90-E6A2-4859-8B5E-A03C3AA8923F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2952883985-3304835424-3763697947-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3EFBA15F-BA38-40C3-A6CF-A42FC036B03B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2952883985-3304835424-3763697947-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {51FB70FD-32EA-4164-9A5B-561D7C766191} - System32\Tasks\Playtopus Updater => Rundll32.exe C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest
Task: {54DFAB1E-3BC9-4346-A0C8-F8BA281F2C2C} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {56942E56-0DB1-46E9-AD29-D5DBA783D3CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {58CE15D6-8D21-4871-9416-24E966D985C1} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {673BDBEE-B29A-4000-8701-2EBEC44C278C} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {72873F0E-77CB-4FDF-A60F-5D93B9B8366C} - \BitGuard No Task File
Task: {7C493055-5CB1-4AC6-8888-E39786531B93} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9A2F5D2D-6E94-498C-BF3C-AE2262233EDF} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-01-10] ()
Task: {C10B82A7-5EB1-4EAE-98DF-5D9790EB3214} - \AdobeFlashPlayerUpdate No Task File
Task: {CB3A0398-9E24-483D-AA42-7F2CBB3C7347} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {CC1471F1-31DD-459F-9135-E822F12A44F1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952883985-3304835424-3763697947-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CC9C215C-D1C0-4A91-9E93-F70577957588} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {CCE7F5B3-A9CA-47A7-8D0C-3A527F84017B} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {DA527331-769E-47A9-8041-BE690FEA96D8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2952883985-3304835424-3763697947-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {EF3536F2-7051-4227-9573-F6214CE06B85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\windows\Tasks\Playtopus Updater.job => C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll
 
==================== Loaded Modules (whitelisted) =============
 
2010-04-07 17:07 - 2010-04-07 17:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-03-29 20:48 - 2009-06-22 16:40 - 00022328 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-02-16 08:25 - 2011-02-16 08:25 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-10-19 15:15 - 2010-10-19 15:15 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2014 11:00:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2014 11:00:50 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (01/01/2014 02:55:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/01/2014 02:54:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (12/31/2013 03:27:47 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 03:27:27 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 03:27:06 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 03:26:46 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 11:32:17 AM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 11:28:59 AM) (Source: TOSHIBA Service Station) (User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.
 
 
System errors:
=============
Error: (01/01/2014 11:00:30 AM) (Source: Service Control Manager) (User: )
Description: The McciServiceHost service failed to start due to the following error: 
%%2
 
Error: (01/01/2014 11:00:30 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
%%2
 
Error: (01/01/2014 11:00:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/01/2014 11:00:17 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:56:11 AM on ‎1/‎1/‎2014 was unexpected.
 
Error: (01/01/2014 10:26:47 AM) (Source: DCOM) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (01/01/2014 10:26:10 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (01/01/2014 10:26:10 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (01/01/2014 07:54:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
 
Error: (01/01/2014 07:53:34 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
 
Error: (01/01/2014 07:53:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/01/2014 11:00:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2014 11:00:50 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (01/01/2014 02:55:01 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
 
Error: (01/01/2014 02:54:56 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (12/31/2013 03:27:47 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 03:27:27 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 03:27:06 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 03:26:46 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 11:32:17 AM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (12/31/2013 11:28:59 AM) (Source: TOSHIBA Service Station)(User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-16 18:08:17.060
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-16 18:08:16.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 2662.87 MB
Available physical RAM: 1520.52 MB
Total Pagefile: 5323.91 MB
Available Pagefile: 3670.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:249.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2B538AD9)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=17)
 
==================== End Of Log ============================

A.A.S in Computer and Network Support from Crowder College


#8 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 01 January 2014 - 12:31 PM

ComboFix.txt:

 

ComboFix 13-12-16.01 - Ju 12/16/2013  17:17:57.1.2 - x64 NETWORK

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1991 [GMT -6:00]
Running from: c:\users\Ju\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\wxDownload
c:\programdata\wxDownload\50e1c0d6a707d.dll
c:\programdata\wxDownload\50e1c0d6a707d.tlb
c:\programdata\wxDownload\data\wxDownload.dat
c:\programdata\wxDownload\opilbjgolebgjkdcmnocgmojaghhcckm.crx
c:\programdata\wxDownload\settings.ini
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehdcpdlmoolkbecbefimbgnneifpcpne_0
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehdcpdlmoolkbecbefimbgnneifpcpne_0\3
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\background.html
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\crossriderManifest.json
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\manifest.xml
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins.json
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\1_base.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\17_jQuery.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\21_debug.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\22_resources.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\28_initializer.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\47_resources_background.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\64_appApiMessage.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\72_appApiValidation.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\userCode\background.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\userCode\extension.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\actions\1.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\icon128.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\icon16.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\icon48.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\chrome.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\cookie.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\message.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\pageAction.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\pageActionBG.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\background.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\app_api.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\bg_app_api.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\consts.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\cookie_store.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\crossriderAPI.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\delegate.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\events.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\extensionDataStore.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\installer.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\logFile.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\logging.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\onBGDocumentLoad.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\popupResource\newPopup.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\popupResource\popup.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\reports.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\storageWrapper.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\updateManager.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\util.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\xhr.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\main.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\manifest.json
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\popup.html
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\blocklist.json
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\Public\ComboFix.exe
c:\users\Public\mbam-clean-1.60.2.0003.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-17 to 2013-12-17  )))))))))))))))))))))))))))))))
.
.
2013-12-17 00:09 . 2013-12-17 00:09    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-16 22:40 . 2013-12-16 22:40    36680    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-16 22:37 . 2013-12-16 22:37    --------    d-----w-    c:\users\Ju\AppData\Roaming\Malwarebytes
2013-12-16 22:36 . 2013-12-16 22:36    --------    d-----w-    c:\programdata\Malwarebytes
2013-12-16 22:36 . 2013-04-04 20:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-12-16 22:36 . 2013-12-16 22:36    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-15 23:42 . 2013-12-15 23:42    --------    d-----w-    c:\users\Ju\AppData\Local\Macromedia
2013-12-15 23:40 . 2013-12-15 23:40    --------    d-----w-    c:\users\Ju\AppData\Local\Mozilla
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files\Linksicle
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\users\Ju\AppData\Roaming\UpdaterEX
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files (x86)\Common Files\McAfee
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\users\Ju\AppData\Local\MyPoints Score
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files (x86)\Linksicle
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files (x86)\MyPoints Score
2013-12-15 23:35 . 2013-12-15 23:39    --------    d-----w-    c:\program files (x86)\McAfee
2013-12-15 23:05 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7B7B889-0719-4AE4-894B-735705F33FF2}\mpengine.dll
2013-12-15 20:01 . 2012-08-23 08:13    5773824    ----a-w-    c:\windows\system32\mstscax.dll
2013-12-15 20:01 . 2013-12-15 20:01    --------    d-----w-    C:\history
2013-12-15 19:57 . 2013-12-15 19:57    --------    d-----w-    c:\program files\Synaptics
2013-12-15 19:51 . 2012-05-04 11:00    366592    ----a-w-    c:\windows\system32\qdvd.dll
2013-12-15 19:51 . 2012-05-04 09:59    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2013-12-15 19:12 . 2013-12-15 19:12    --------    d-----w-    c:\windows\Migration
2013-12-15 08:16 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 09:06 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 09:06 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:06 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-12 09:05 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-12 09:05 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-12 09:01 . 2013-11-26 08:16    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-12-12 09:01 . 2013-11-26 08:35    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-12-12 05:51 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-12 05:51 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-12-12 05:51 . 2013-10-30 01:24    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-12-12 05:51 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-12 05:51 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-12 05:51 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-12 05:51 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-12 05:50 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-12 05:50 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-12-12 05:50 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-12 05:50 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-12 05:50 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-12 05:50 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-12 05:50 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-12 05:50 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-12 05:50 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-12 05:50 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-12-12 05:50 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-12 05:50 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-06 09:44 . 2013-10-18 01:09    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30F31551-F3B8-431E-BE5C-FFF844E253C7}\gapaengine.dll
2013-11-23 00:14 . 2013-11-23 00:14    --------    d-----w-    c:\programdata\AskPartnerNetwork
2013-11-23 00:14 . 2013-11-23 00:14    --------    d-----w-    c:\program files (x86)\AskPartnerNetwork
2013-11-23 00:14 . 2013-11-23 00:14    --------    d-----w-    c:\programdata\APN
2013-11-23 00:08 . 2013-11-23 00:08    --------    d-----w-    c:\users\Ju\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 09:01 . 2012-02-14 19:37    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-12 22:58 . 2012-08-10 01:09    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 22:58 . 2012-08-10 01:09    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-18 01:09 . 2012-10-03 00:21    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 00:00 . 2012-11-20 12:15    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 18:14    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 18:14    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 18:14    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 18:14    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 18:14    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 18:41    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 18:41    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 18:41    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 18:41    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 18:41    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 18:41    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 18:41    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 18:41    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 18:16    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 18:16    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2013-10-02 21:14 . 2013-10-02 21:14    58192    ----a-w-    c:\windows\system32\drivers\lsnfd.sys
2013-09-28 01:09 . 2013-11-13 18:41    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-27 15:53 . 2013-09-27 15:53    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-27 15:53 . 2012-03-21 03:44    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-13 18:40    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 18:40    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 18:40    135680    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 18:40    28672    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 18:40    28160    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 18:40    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 18:40    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 18:40    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 18:40    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 18:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 18:40    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 18:40    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 18:40    30720    ----a-w-    c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110411661178}]
2013-12-15 23:35    637440    ----a-w-    c:\program files (x86)\MyPoints Score\MyPoints Score-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}]
2013-10-02 21:14    145960    ----a-w-    c:\program files (x86)\Linksicle\IE\LinksicleClientIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c}]
2013-07-18 17:30    712264    ----a-w-    c:\progra~2\FROMDO~2\bar\1.bin\65bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}]
2013-07-18 17:30    62864    ----a-w-    c:\program files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c66a678d-5e6c-4af9-8f57-c6192f42cf74}"= "c:\program files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll" [2013-07-18 712264]
.
[HKEY_CLASSES_ROOT\clsid\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"FromDocToPDF Search Scope Monitor"="c:\progra~2\FROMDO~2\bar\1.bin\65srchmn.exe" [2013-07-18 44784]
"FromDocToPDF_65 Browser Plugin Loader"="c:\progra~2\FROMDO~2\bar\1.bin\65brmon.exe" [2013-07-18 30096]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-09-11 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 hfgfazxo;hfgfazxo;c:\windows\system32\drivers\hfgfazxo.sys;c:\windows\SYSNATIVE\drivers\hfgfazxo.sys [x]
R1 hvscfecd;hvscfecd;c:\windows\system32\drivers\hvscfecd.sys;c:\windows\SYSNATIVE\drivers\hvscfecd.sys [x]
R2 0026191387150821mcinstcleanup;McAfee Application Installer Cleanup (0026191387150821);c:\windows\TEMP\002619~1.EXE;c:\windows\TEMP\002619~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
R2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 McAfee ScanAndRepair Svc;McAfee ScanAndRepair Svc;c:\program files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe;c:\program files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe [x]
S2 lssvc;Linksicle Client Service;c:\program files (x86)\Linksicle\Service\lssvc.exe;c:\program files (x86)\Linksicle\Service\lssvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-24 22:58]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 18:03]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 18:03]
.
2013-12-17 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-01-10 13:01]
.
2013-12-16 c:\windows\Tasks\Playtopus Updater.job
- c:\users\Ju\AppData\Local\PLAYTO~1\Updater.dll [2013-06-26 16:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411661178}]
2013-12-15 23:35    965120    ----a-w-    c:\program files (x86)\MyPoints Score\MyPoints Score-bho64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"FromDocToPDF Home Page Guard 64 bit"="c:\progra~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe" [2013-07-18 548936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =

Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 8.8.4.4 8.8.8.8
FF - ProfilePath - c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\

FF - ExtSQL: 2013-12-15 17:40; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-12-15 17:42; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-12-15 17:43; jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack; c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
FF - ExtSQL: 2013-12-15 17:45; {c9d31470-81c6-4e3e-9a37-46eb9237ed3a}; c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-{96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
Toolbar-Locked - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-{96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DefaultTab - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2952883985-3304835424-3763697947-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,d6,6b,fe,ec,ad,c3,a0,d2,1b,60,8c,c0,68,a6,e1,0e,d0,91,8c,b9,
   95,aa,75,c5,1f,b2,e0,14,6d,0d,90,d6,2e,f6,d5,cf,1f,d5,b7,26,39,91,ce,ff,d7,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-12-16  18:19:57 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-17 00:19
.
Pre-Run: 266,307,182,592 bytes free
Post-Run: 265,629,065,216 bytes free
.
- - End Of File - - AD9EE5E00CCECD72F19B60396027F037
5B5E648D12FCADC244C1EC30318E1EB9


A.A.S in Computer and Network Support from Crowder College


#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:15 PM

Posted 01 January 2014 - 03:44 PM

Hello Falneth, :)

 

I have a quick question, why did you abandon your topic that you began at the MBAM forum?  Just curious.

 

Please perform the following:

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, update me on how your system is performing after running the fix.

 

Attached Files


Best Regards,
oneof4.


#10 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 01 January 2014 - 04:21 PM

I left the topic in MBAM forum because their fixes were not doing any good.

 

FixLog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014

Ran by Ju at 2014-01-01 15:04:47 Run:1
Running from C:\Users\Ju\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FROMDO~2\bar\1.bin\65bar.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
Toolbar: HKLM-x32 - No Name - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 hfgfazxo; \??\C:\windows\system32\drivers\hfgfazxo.sys [x]
S1 hvscfecd; \??\C:\windows\system32\drivers\hvscfecd.sys [x]
C:\Users\Public\AdwCleaner.exe
C:\Users\Public\JRT.exe
C:\Users\Public\RogueKillerX64.exe
C:\Users\Ju\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Ju\AppData\Local\Temp\Quarantine.exe
Task: {51FB70FD-32EA-4164-9A5B-561D7C766191} - System32\Tasks\Playtopus Updater => Rundll32.exe C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest
Task: {72873F0E-77CB-4FDF-A60F-5D93B9B8366C} - \BitGuard No Task File
Task: {C10B82A7-5EB1-4EAE-98DF-5D9790EB3214} - \AdobeFlashPlayerUpdate No Task File
Task: {CCE7F5B3-A9CA-47A7-8D0C-3A527F84017B} - \AdobeFlashPlayerUpdate 2 No Task File
Task: C:\windows\Tasks\Playtopus Updater.job => C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll
C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll
Task: {673BDBEE-B29A-4000-8701-2EBEC44C278C} - System32\Tasks\IHSelfDeleteTASK => CMD
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
*****************
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.
HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
AppMgmt => Service deleted successfully.
hfgfazxo => Service deleted successfully.
hvscfecd => Service deleted successfully.
C:\Users\Public\AdwCleaner.exe => Moved successfully.
C:\Users\Public\JRT.exe => Moved successfully.
C:\Users\Public\RogueKillerX64.exe => Moved successfully.
C:\Users\Ju\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Ju\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51FB70FD-32EA-4164-9A5B-561D7C766191} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51FB70FD-32EA-4164-9A5B-561D7C766191} => Key deleted successfully.
C:\Windows\System32\Tasks\Playtopus Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Playtopus Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72873F0E-77CB-4FDF-A60F-5D93B9B8366C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72873F0E-77CB-4FDF-A60F-5D93B9B8366C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C10B82A7-5EB1-4EAE-98DF-5D9790EB3214} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C10B82A7-5EB1-4EAE-98DF-5D9790EB3214} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CCE7F5B3-A9CA-47A7-8D0C-3A527F84017B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE7F5B3-A9CA-47A7-8D0C-3A527F84017B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2 => Key deleted successfully.
C:\windows\Tasks\Playtopus Updater.job => Moved successfully.
C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{673BDBEE-B29A-4000-8701-2EBEC44C278C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{673BDBEE-B29A-4000-8701-2EBEC44C278C} => Key deleted successfully.
C:\Windows\System32\Tasks\IHSelfDeleteTASK => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHSelfDeleteTASK => Key deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
 
==== End of Fixlog ====
 
The computer did not reboot at all when running the tool. So, when the fix finished, I rebooted the laptop myself. When I drag windows to the side of the screen, they are still not adjusting to take up half the screen.
 
I just started an AVG scan because it has not performed a system scan yet even though I installed AVG on the 21st. AVG is locking up when it gets into:
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\.......
 
It is sitting on the same file just like malwarebytes did when I tried to scan with it. The AVG scan console is sitting and blinking as it tries over and over to scan this same file. Now that AVG is locked up, I cannot open, move, or close any program or start menu or anything.
 
When I tried to open MBAM, it sits doing nothing then eventually says that the operation period timed out. 
 
Am I going to have to end up reinstalling Windows on this laptop?

Edited by Falneth, 01 January 2014 - 04:31 PM.

A.A.S in Computer and Network Support from Crowder College


#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:15 PM

Posted 01 January 2014 - 05:50 PM

Let's have a closer look at what that folder contains:

 

We need to search for a few things with SystemLook:

  • Please download SystemLook by jpshortstuff and save it to your desktop
  • Double-click the program to run it, paste the entire text into the main text box:
    :dir
    C:\Program Files\TOSHIBA\TOSAPINS\COMPS1 /s
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Best Regards,
oneof4.


#12 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 01 January 2014 - 06:39 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:37 on 01/01/2014 by Ju
Administrator - Elevation successful
 
========== dir ==========
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1 - Parameters: "/s"
 
---Files---
None found.
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0009160 d-a---- [03:09 30/03/2011]
TC00091600J.exe --a---- 10195224 bytes [03:09 30/03/2011] [07:54 22/10/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0014340 d-a---- [03:07 30/03/2011]
TC00143400M.exe --a---- 38928832 bytes [03:07 30/03/2011] [09:50 18/02/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0020970 d-a---- [03:09 30/03/2011]
TC00209700E.exe --a---- 13457864 bytes [03:09 30/03/2011] [02:22 01/11/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0021240 d-a---- [03:09 30/03/2011]
TC00212400F.exe --a---- 89632512 bytes [03:09 30/03/2011] [13:28 14/10/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0024760 d-a---- [03:09 30/03/2011]
TC00247600B.exe --a---- 115528152 bytes [03:09 30/03/2011] [16:36 22/10/2009]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0028910 d-a---- [03:07 30/03/2011]
TC00289100H.exe --a---- 81738192 bytes [03:07 30/03/2011] [23:25 26/04/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0029010 d-a---- [03:09 30/03/2011]
TC00290100V.exe --a---- 50612272 bytes [03:09 30/03/2011] [11:00 05/11/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0029950 d-a---- [03:07 30/03/2011]
TC00299500D.exe --a---- 5571128 bytes [03:07 30/03/2011] [01:33 22/10/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0032770 d-a---- [03:08 30/03/2011]
TC00327700A.exe --a---- 25777416 bytes [03:08 30/03/2011] [07:41 25/06/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0033450 d-a---- [03:08 30/03/2011]
TC00334500A.exe --a---- 27978728 bytes [03:08 30/03/2011] [11:15 02/08/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0034620 d-a---- [03:09 30/03/2011]
TC00346200B.exe --a---- 26058104 bytes [03:09 30/03/2011] [08:36 11/11/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0036050 d-a---- [03:09 30/03/2011]
TC00360500J.exe --a---- 10705144 bytes [03:09 30/03/2011] [16:46 09/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC1006830 d-a---- [03:09 30/03/2011]
TC10068300B.exe --a---- 6888000 bytes [03:09 30/03/2011] [01:57 02/07/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC1006960 d-a---- [03:09 30/03/2011]
TC10069600B.exe --a---- 6597784 bytes [03:09 30/03/2011] [18:00 01/07/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC1007700 d-a---- [03:08 30/03/2011]
TC10077000J.exe --a---- 38298976 bytes [03:08 30/03/2011] [18:03 28/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC1008870 d-a---- [03:07 30/03/2011]
TC10088700B.exe --a---- 4735272 bytes [03:07 30/03/2011] [22:22 16/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC1009300 d-a---- [03:08 30/03/2011]
TC10093000A.exe --a---- 214783928 bytes [03:08 30/03/2011] [22:45 16/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC1009630 d-a---- [03:09 30/03/2011]
TC10096300A.exe --a---- 143638224 bytes [03:09 30/03/2011] [01:39 23/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC3029570 d-a---- [03:09 30/03/2011]
TC30295700A.exe --a---- 67507520 bytes [03:09 30/03/2011] [00:54 16/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5006960 d-a---- [03:09 30/03/2011]
TC50069600O.exe --a---- 9951360 bytes [03:09 30/03/2011] [01:40 09/11/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5006970 d-a---- [03:09 30/03/2011]
TC50069700H.exe --a---- 9869056 bytes [03:09 30/03/2011] [07:39 04/10/2010]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5008180 d-a---- [03:09 30/03/2011]
TC50081800B.exe --a---- 22640680 bytes [03:09 30/03/2011] [09:05 14/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5008190 d-a---- [03:09 30/03/2011]
TC50081900C.exe --a---- 7132648 bytes [03:09 30/03/2011] [00:28 11/03/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5008210 d-a---- [03:08 30/03/2011]
TC50082100D.exe --a---- 11702192 bytes [03:08 30/03/2011] [01:12 15/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5008230 d-a---- [03:08 30/03/2011]
TC50082300G.exe --a---- 44202112 bytes [03:08 30/03/2011] [11:24 24/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5008240 d-a---- [03:08 30/03/2011]
TC50082400H.exe --a---- 139691784 bytes [03:08 30/03/2011] [12:18 18/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5008260 d-a---- [03:08 30/03/2011]
TC50082600F.exe --a---- 38737592 bytes [03:08 30/03/2011] [10:17 16/02/2011]
 
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC5009030 d-a---- [03:08 30/03/2011]
TC50090300A.exe --a---- 36163144 bytes [03:08 30/03/2011] [03:37 12/01/2011]
 
-= EOF =-
 
When the computer is doing a scan, it locks up on multiple files in several subfolders of the root TOSHIBA folder. 

Edited by Falneth, 01 January 2014 - 06:42 PM.

A.A.S in Computer and Network Support from Crowder College


#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:15 PM

Posted 02 January 2014 - 10:30 AM

Well, since your onboard scanners don't want to cooperate, let's try this:

 

ESET Online Scanner:

Note:
You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Best Regards,
oneof4.


#14 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:12:15 PM

Posted 02 January 2014 - 11:27 PM

Scan results after over 12 hours scanning:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65auxstb.dll.vir Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe.vir Win32/Toolbar.MyWebSearch.X application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bprtct.dll.vir Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe.vir Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65impipe.exe.vir Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65reghk.dll.vir Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skplay.exe.vir Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe.vir Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.W application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll.vir Win32/Toolbar.MyWebSearch.T application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll.vir a variant of Win32/AdWare.Vitruvian.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linksicle\Service\lssvc.exe.vir Win32/AdWare.Vitruvian.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPoints Score\MyPoints Score-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPoints Score\MyPoints Score-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPoints Score\MyPoints Score-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\Ju\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.H application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakRegCleanPro6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakRegCleanPro7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakRegCleanPro8.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen12.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen19.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen31.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen39.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen45.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakRegCleanPro6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakRegCleanPro7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakRegCleanPro8.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen12.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen19.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen31.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen39.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen45.zip Win32/Bagle.gen.zip worm
C:\Users\Ju\AppData\Local\Downloaded Installations\{BF3589D3-BF62-48FE-9405-C2FB81574783}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Ju\AppData\Local\The Weather Channel\The Weather Channel App\patch\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Ju\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7b06a41a-60d9e0e4-temp a variant of Java/Exploit.Agent.QMM trojan
C:\Users\Ju\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\5f0d3c20-7bbcce0b a variant of Java/Exploit.CVE-2013-0422.CF trojan
C:\Users\Ju\Documents\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application

A.A.S in Computer and Network Support from Crowder College


#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:15 PM

Posted 03 January 2014 - 07:16 PM

delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    rd /s /q "C:\ProgramData\Spybot - Search & Destroy\Recovery\"
    rd /s /q "C:\Users\All Users\Spybot - Search & Destroy\Recovery\"
    del /f /s /q "C:\Users\Ju\AppData\Local\Downloaded Installations\{BF3589D3-BF62-48FE-9405-C2FB81574783}\The Weather Channel App.msi"
    del /f /s /q "C:\Users\Ju\AppData\Local\The Weather Channel\The Weather Channel App\patch\The Weather Channel App.msi"
    del /f /s /q "C:\Users\Ju\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7b06a41a-60d9e0e4-temp"
    del /f /s /q "C:\Users\Ju\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\5f0d3c20-7bbcce0b"
    del /f /s /q "C:\Users\Ju\Documents\APNSetup.exe"
    del /f /s /q "C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
    del /f /s /q "C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista, 7, 8
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

====================

 

I did some research on the TOSAPINS folder; it contains a backup of all the Toshiba applications that are installed on your computer, in case there is ever a need to re-install them.  It is a very huge group of files, which may be why the scanners are getting bogged down with it.  My advice would be to either remove the folder from your computer by copying it to a USB drive, DVD/s, or an external drive.  That would free up a tremendous amount of space on your C: drive, as well as speed up scans.  If you do not wish to remove it, I would use the "exclude" feature that is available in most scanners, to skip scanning of the TOSAPINS folder.

 

I would like for you to now attempt the following:

 

Malwarebytes' Anti-Malware

I would like you to run a quick scan at this time

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Click the Ignore List tab
  • Click Add, then navigate to the C:\Program Files\TOSHIBA\TOSAPINS folder.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users