Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess


  • This topic is locked This topic is locked
17 replies to this topic

#1 Devsfan4

Devsfan4

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 21 December 2013 - 05:48 PM

 

 

RogueKiller has detected ZeroAccess on my PC. Should I remove these:
RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Nick [Admin rights]
Mode : Scan -- Date : 12/21/2013 14:45:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{DDDEE9C7-E36E-4EEE-B325-989049DE534D} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{E8380213-C326-4117-9BF9-5743F2AB801A} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{DDDEE9C7-E36E-4EEE-B325-989049DE534D} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{E8380213-C326-4117-9BF9-5743F2AB801A} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{DDDEE9C7-E36E-4EEE-B325-989049DE534D} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{E8380213-C326-4117-9BF9-5743F2AB801A} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Nick\AppData\Roaming\Origin\update.vbe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FF][PROXY] 2pkoe4p9.Default User : user_pref("network.proxy.hxxp", "46.23.68.179"); -> FOUND
[FF][PROXY] 2pkoe4p9.Default User : user_pref("network.proxy.hxxp_port", 39431); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}\@ [-] --> FOUND
[ZeroAccess][Folder] U : C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c}\U [-] --> FOUND
[ZeroAccess][Folder] U : C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c}\L [-] --> FOUND
[ZeroAccess][Folder] L : C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}\L [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST32000641AS +++++
--- User ---
[MBR] 69223aba84ce526c164f1efc3bdc9277
[BSP] 8cbed59385b3925bc0a2df452822599a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14142 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29044736 | Size: 1893546 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer Blade USB Device +++++
--- User ---
[MBR] d7f3b86e257330270e40bda36f1812b5
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8192 | Size: 15260 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] 6d17b0815860d28e9d16eb2c438e540f
[BSP] 832e2d65aece4a7455b015011b7ce13e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_12212013_144523.txt >>

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.45.2
Run by Nick at 18:23:36 on 2013-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.4622 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\schtasks.exe
C:\Program Files\i2p\I2Psvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
C:\Users\Nick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\NaturalPoint\SmartNAV\DwellClicker.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\java.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\ComfortKeys\CKeys.exe
C:\Program Files\ComfortKeys\CKeysCm.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Pandora\Pandora.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <local>
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [NaturalPoint] C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
uRun: [MusicManager] "C:\Users\Nick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [696975F877CEE120328F887DF7C10CABCB6D4EB5._service_run] "C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Akamai NetSession Interface] "C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe"
uRun: [uTorrent] "C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{14DF4DB5-1624-4E29-A34E-C3F6C6B8FFA3} : DHCPNameServer = 198.224.189.236 198.224.188.236
TCP: Interfaces\{1530C4D0-0C4C-420B-92AC-1FE722DDEBE6} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{245EB18C-703E-40A5-A93F-F9C862C94663} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DDDEE9C7-E36E-4EEE-B325-989049DE534D} : NameServer = 95.211.10.3
TCP: Interfaces\{E8380213-C326-4117-9BF9-5743F2AB801A} : NameServer = 95.211.10.3
TCP: Interfaces\{E8380213-C326-4117-9BF9-5743F2AB801A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8380213-C326-4117-9BF9-5743F2AB801A}\65562796A7F6E602D494649443531303C4024353534402355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FA268DD3-73BE-4CD7-9CE0-BB21BF48E0CA} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&CUI=UN26981515773296221&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&SearchSource=2&CUI=UN26981515773296221&UM=2&q=
FF - prefs.js: network.proxy.ftp - 46.23.68.179
FF - prefs.js: network.proxy.ftp_port - 39431
FF - prefs.js: network.proxy.socks - 46.23.68.179
FF - prefs.js: network.proxy.socks_port - 39431
FF - prefs.js: network.proxy.ssl - 46.23.68.179
FF - prefs.js: network.proxy.ssl_port - 39431
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\Nick\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\extensions\cryenginebrowserplugin@crytek.com\plugins\npcry39.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
FF - user.js: extensions.autoDisableScopes - 14
.
FF - user.js: extensions.BabylonToolbar.id - f60770ed000000000000ccaf780f63f5
FF - user.js: extensions.BabylonToolbar.instlDay - 15577
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.611:21:04
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.instlRef - std
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113931&tt=201208_mnt_n_3512_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f60770ed000000000000ccaf780f63f5&q=
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - c6836263-21ef-4e3b-bc94-e6ba46b3f5c5
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-14 56208]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-8-25 70256]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 i2p;I2P Service;C:\Program Files\i2p\I2Psvc.exe [2012-9-25 417792]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-14 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 701512]
R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-15 5341536]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-10-10 558480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-15 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2013-10-30 458960]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-30 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 npusbio;npusbio;C:\Windows\System32\drivers\npusbio_x64.sys [2011-7-27 45600]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/14 23:43:30;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-10-10 112496]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-5-16 25704]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-6-18 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-6-18 9800]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-8-19 135584]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-15 158976]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2011-8-11 26112]
S3 REN2CAP_DRIVER;Hear;C:\Windows\System32\drivers\ren2cap.sys [2013-12-19 46728]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-8-14 79360]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-8-17 31232]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-18 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-8-17 757144]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-21 19:44:59    97280    ----a-w-    C:\Windows\System32\drivers\parport.sys.bak
2013-12-20 01:48:09    46728    ----a-w-    C:\Windows\System32\drivers\ren2cap.sys
2013-12-19 22:38:17    --------    d-----w-    C:\Users\Nick\AppData\Local\DFX
2013-12-19 14:34:18    --------    d-----w-    C:\Program Files\EqualizerAPO
2013-12-13 21:50:33    --------    d-----w-    C:\Users\Nick\AppData\Local\{4419B67C-BDED-4384-92DB-120C7EFF6287}
2013-12-10 18:52:48    --------    d-----w-    C:\Users\Nick\AppData\Local\{335B2562-40BE-44E4-A45B-FDDE1AFF502A}
2013-12-10 14:43:50    --------    d-----w-    C:\Users\Nick\AppData\Roaming\FreeScreenToVideo
2013-12-10 14:43:07    --------    d-----w-    C:\Program Files (x86)\Free Screen To Video
2013-12-10 00:55:16    --------    d-----w-    C:\Users\Nick\AppData\Local\Screencast-O-Matic
2013-12-01 01:31:56    --------    d-----w-    C:\Users\Nick\AppData\Local\ElevatedDiagnostics
2013-11-22 01:02:27    --------    d-----w-    C:\Users\Nick\AppData\Local\Cisco
2013-11-22 01:02:27    --------    d-----w-    C:\ProgramData\Cisco
2013-11-22 01:02:27    --------    d-----w-    C:\Program Files (x86)\Cisco
.
==================== Find3M  ====================
.
2013-12-10 22:02:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:02:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-21 21:05:45    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-11-21 21:05:38    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-21 21:05:32    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-10-30 17:55:10    458960    ----a-w-    C:\Windows\System32\drivers\k57nd60a.sys
2013-10-10 21:48:10    11152    ----a-w-    C:\Windows\SysWow64\vpncategories.dll
2013-10-10 21:48:07    34192    ----a-w-    C:\Windows\SysWow64\vpnevents.dll
2013-10-10 21:31:34    52080    ----a-w-    C:\Windows\System32\drivers\vpnva64-6.sys
2013-10-10 21:29:26    112496    ----a-r-    C:\Windows\System32\drivers\acsock64.sys
2013-10-08 14:50:12    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2013-10-08 14:45:08    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2013-10-08 14:01:14    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2013-10-08 14:01:14    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2013-10-08 14:01:12    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2013-10-08 14:01:12    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2013-10-08 14:01:06    142792    ----a-w-    C:\Windows\System32\atiuxp64.dll
2013-10-08 14:01:06    125824    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2013-10-08 14:01:04    97984    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2013-10-08 14:01:04    114488    ----a-w-    C:\Windows\System32\atiu9p64.dll
2013-10-08 14:01:02    1237200    ----a-w-    C:\Windows\System32\aticfx64.dll
2013-10-08 14:01:00    1030128    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2013-10-08 14:00:56    9464840    ----a-w-    C:\Windows\System32\atidxx64.dll
2013-10-08 14:00:52    8215992    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2013-10-08 14:00:46    6176008    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2013-10-08 14:00:42    6189416    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2013-10-08 14:00:36    6767240    ----a-w-    C:\Windows\System32\atiumd6a.dll
2013-10-08 14:00:32    7256496    ----a-w-    C:\Windows\System32\atiumd64.dll
2013-10-08 13:58:42    12534784    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2013-10-08 13:39:22    229376    ----a-w-    C:\Windows\System32\clinfo.exe
2013-10-08 13:39:06    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2013-10-08 13:38:58    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2013-10-08 13:38:58    127488    ----a-w-    C:\Windows\System32\coinst_13.152.1.8.dll
2013-10-08 13:38:52    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2013-10-08 13:38:48    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2013-10-08 13:38:30    28192256    ----a-w-    C:\Windows\System32\amdocl64.dll
2013-10-08 13:36:22    23761408    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2013-10-08 13:34:34    63488    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-10-08 13:34:28    57344    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-10-08 13:17:50    25385984    ----a-w-    C:\Windows\System32\atio6axx.dll
2013-10-08 13:13:44    368640    ----a-w-    C:\Windows\System32\atiapfxx.exe
2013-10-08 13:13:34    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2013-10-08 13:13:32    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2013-10-08 13:13:26    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2013-10-08 13:13:24    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2013-10-08 13:13:08    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2013-10-08 13:09:52    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2013-10-08 13:00:30    21400064    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2013-10-08 12:54:10    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2013-10-08 12:53:58    26112    ----a-w-    C:\Windows\System32\atimuixx.dll
2013-10-08 12:53:50    576512    ----a-w-    C:\Windows\System32\atieclxx.exe
2013-10-08 12:52:58    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2013-10-08 12:51:30    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2013-10-08 12:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 12:28:36    784384    ----a-w-    C:\Windows\System32\atiadlxx.dll
2013-10-08 12:28:26    594944    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2013-10-08 12:28:12    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2013-10-08 12:28:08    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2013-10-08 12:28:08    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2013-10-08 12:28:04    100352    ----a-w-    C:\Windows\System32\atig6txx.dll
2013-10-08 12:27:56    96768    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2013-10-08 12:27:46    619008    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2013-10-08 12:24:54    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2012-03-29 00:55:36    3993600    ----a-w-    C:\Program Files (x86)\GUT5EC7.tmp
.
============= FINISH: 18:30:38.71 ===============
 

Attached Files


Edited by Devsfan4, 21 December 2013 - 06:33 PM.


BC AdBot (Login to Remove)

 


#2 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 21 December 2013 - 06:00 PM

Wierd: on a second scan, it didn't detect it.

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Nick [Admin rights]
Mode : Scan [Aborted] -- Date : 12/21/2013 17:55:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{DDDEE9C7-E36E-4EEE-B325-989049DE534D} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{E8380213-C326-4117-9BF9-5743F2AB801A} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{DDDEE9C7-E36E-4EEE-B325-989049DE534D} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{E8380213-C326-4117-9BF9-5743F2AB801A} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{DDDEE9C7-E36E-4EEE-B325-989049DE534D} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{E8380213-C326-4117-9BF9-5743F2AB801A} : NameServer (95.211.10.3 [NETHERLANDS (NL)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Nick\AppData\Roaming\Origin\update.vbe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FF][PROXY] 2pkoe4p9.Default User : user_pref("network.proxy.hxxp", "46.23.68.179"); -> FOUND
[FF][PROXY] 2pkoe4p9.Default User : user_pref("network.proxy.hxxp_port", 39431); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}\@ [-] --> FOUND
[ZeroAccess][Folder] U : C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c}\U [-] --> FOUND
[ZeroAccess][Folder] U : C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c}\L [-] --> FOUND
[ZeroAccess][Folder] L : C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}\L [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1             localhost


¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[0]_S_12212013_175552.txt >>
RKreport[0]_S_12212013_144523.txt


 


Edited by Devsfan4, 21 December 2013 - 06:04 PM.


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 22 December 2013 - 10:50 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 December 2013 - 10:56 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Nick (administrator) on NICK-PC on 22-12-2013 10:53:38
Running from C:\Users\Nick\.netbeans-derby\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Tanuki Software, Ltd.) C:\Program Files\i2p\I2Psvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Oracle Corporation) C:\Windows\System32\java.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NaturalPoint) C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe
(BitTorrent Inc.) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Akamai Technologies, Inc.) C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NaturalPoint) C:\Program Files (x86)\NaturalPoint\SmartNAV\DwellClicker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Comfort Software Group) C:\Program Files\ComfortKeys\CKeys.exe
() C:\Program Files\ComfortKeys\CKeysCm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google) C:\Users\Nick\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKCU\...\Run: [NaturalPoint] - C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe [387072 2011-02-18] (NaturalPoint)
HKCU\...\Run: [MusicManager] - C:\Users\Nick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-27] (Google Inc.)
HKCU\...\Run: [696975F877CEE120328F887DF7C10CABCB6D4EB5._service_run] - C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2EB05AC5594CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EFB44ADF-E0F4-4D2E-AF5C-66FDF31FD085} URL =
SearchScopes: HKCU - DefaultScope {EFB44ADF-E0F4-4D2E-AF5C-66FDF31FD085} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3299568&CUI=UN18386459962518021&UM=2
SearchScopes: HKCU - {EFB44ADF-E0F4-4D2E-AF5C-66FDF31FD085} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3299568&CUI=UN18386459962518021&UM=2
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDDEE9C7-E36E-4EEE-B325-989049DE534D}: [NameServer]95.211.10.3
Tcpip\..\Interfaces\{E8380213-C326-4117-9BF9-5743F2AB801A}: [NameServer]95.211.10.3

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User
FF user.js: detected! => C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\user.js
FF Homepage: www.google.com/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&SearchSource=2&CUI=UN26981515773296221&UM=2&q=
FF NetworkProxy: "backup.ftp", "109.224.6.170"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "109.224.6.170"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "109.224.6.170"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "46.23.68.179"
FF NetworkProxy: "ftp_port", 39431
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.23.68.179"
FF NetworkProxy: "socks_port", 39431
FF NetworkProxy: "ssl", "46.23.68.179"
FF NetworkProxy: "ssl_port", 39431
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Nick\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\searchplugins\conduit.xml
FF Extension: Battlefield Play4Free - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\battlefieldplay4free@ea.com
FF Extension: GFACE Experience Plugin - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: LastPass - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\support@lastpass.com
FF Extension: Garmin Communicator - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Gmail Watcher - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\gmailwatcher@sonthakit.xpi
FF Extension: Personas Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\personas@christopher.beard.xpi
FF Extension: Easy YouTube Video Downloader - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.com/ig"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\Nick\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nick\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nick\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Battlefield Play4Free Updater) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.64.2_0\npBP4FUpdater.dll No File
CHR Plugin: (Battlefield Play4Free Updater) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.64.2_0\BP4FUpdater.exe No File
CHR Plugin: (NPLastPass) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.5_0\nplastpass.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Entanglement) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (Angry Birds) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (DictaNote - Speech Recognizer) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\6_0
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Proxy Switchy!) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0
CHR Extension: (Adblock Plus) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (FB Auto-Poker) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh\0.9.2_0
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (GFACE Experience Plugin) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.36.0_0
CHR Extension: (LastPass) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.3_0
CHR Extension: (Start in Non-Pinned Tab) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdmghkoepdddbcdomljmbaajiccappf\1.0_0
CHR Extension: (Google Voice (by Google)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0
CHR Extension: (Poppit) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click12.crx
CHR HKLM-x32\...\Chrome\Extension: [pcajpdcjfekhfnapaiphaecoajeollnc] - C:\Users\Nick\AppData\Local\CRE\pcajpdcjfekhfnapaiphaecoajeollnc.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 i2p; C:\Program Files\i2p\I2Psvc.exe [417792 2012-09-25] (Tanuki Software, Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-21] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-16] (Tunngle.net GmbH)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] ()

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [63744 2006-06-07] (Broadcom Corporation.)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S1 DhaHelper; C:\Windows\SysWow64\drivers\dhahelper.sys [7168 2011-12-14] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [9160 2013-03-07] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [45600 2009-12-17] ()
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-08-11] (Windows ® Win 7 DDK provider)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-18] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 10:53 - 2013-12-22 10:53 - 00000000 ____D C:\FRST
2013-12-21 18:37 - 2013-12-21 18:37 - 00000000 ____D C:\AdwCleaner
2013-12-21 18:31 - 2013-12-21 18:31 - 00005760 _____ C:\Users\Nick\Desktop\attach.zip
2013-12-21 18:30 - 2013-12-21 18:31 - 00019079 _____ C:\Users\Nick\Desktop\attach.txt
2013-12-21 18:30 - 2013-12-21 18:30 - 00031563 _____ C:\Users\Nick\Desktop\dds.txt
2013-12-21 17:55 - 2013-12-21 17:55 - 00003672 _____ C:\Users\Nick\Desktop\RKreport[0]_S_12212013_175552.txt
2013-12-21 15:12 - 2013-12-21 15:12 - 00000000 ____D C:\Users\Nick\Desktop\iy
2013-12-21 14:45 - 2013-12-21 17:55 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 01913192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00313696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0150.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00184960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00172104 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00151656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00141384 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdserd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00136264 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00109696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00085104 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00082816 _____ (VSO Software) C:\Windows\system32\Drivers\pcouffin.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00070256 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00067224 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00056208 _____ (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00052080 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\vpnva64-6.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00046728 _____ C:\Windows\system32\Drivers\ren2cap.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00045720 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00038632 _____ (AnchorFree Inc) C:\Windows\system32\Drivers\taphss.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00037680 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00036736 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00036352 _____ (Elaborate Bytes AG) C:\Windows\system32\Drivers\VClone.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00030720 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapoas.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00030360 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00026112 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\PulseUsb.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00024216 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WSDPrint.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00020120 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00019016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00015944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00015944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwh.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00015432 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00015432 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcm.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-21 14:45 - 2013-12-21 17:55 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2013-12-21 14:45 - 2013-12-21 14:45 - 00004882 _____ C:\Users\Nick\Desktop\RKreport[0]_S_12212013_144523.txt
2013-12-21 14:44 - 2013-12-21 17:55 - 12534784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 03058168 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 01115648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btkrnl.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00619008 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00458704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00437272 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00317440 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00158976 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00151920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00112496 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00063744 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwusb.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00052376 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00045600 _____ () C:\Windows\system32\Drivers\npusbio_x64.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00041704 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00040816 _____ (Elaborate Bytes AG) C:\Windows\system32\Drivers\ElbyCDIO.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00036720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nx6000.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00030568 _____ (GARMIN Corp.) C:\Windows\system32\Drivers\grmngen.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00029184 _____ (CSR, plc) C:\Windows\system32\Drivers\BthAvrcp.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00028008 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dfx11_1x64.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00022528 _____ (Apple Inc.) C:\Windows\system32\Drivers\netaapl64.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00021992 _____ (CPUID) C:\Windows\system32\Drivers\cpuz135_x64.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00019304 _____ (GARMIN Corp.) C:\Windows\system32\Drivers\grmnusb.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2013-12-21 14:44 - 2013-12-21 17:55 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2013-12-21 14:43 - 2013-12-21 14:56 - 00000000 ____D C:\Users\Nick\Desktop\RK_Quarantine
2013-12-21 14:26 - 2013-12-21 14:26 - 00000000 ____D C:\Users\Nick\Documents\win_k57_x64-15.6.0.10
2013-12-21 12:39 - 2013-12-21 12:39 - 00262144 _____ C:\Windows\Minidump\122113-13759-01.dmp
2013-12-21 12:18 - 2013-12-21 12:18 - 00000000 ____D C:\Users\Nick\Desktop\64-bit
2013-12-19 20:48 - 2011-11-07 16:18 - 00046728 _____ C:\Windows\system32\Drivers\ren2cap.sys
2013-12-19 17:38 - 2013-12-19 17:38 - 00000000 ____D C:\Users\Nick\AppData\Local\DFX
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Guest
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Administrator
2013-12-19 09:34 - 2013-12-19 11:31 - 00000000 ____D C:\Program Files\EqualizerAPO
2013-12-17 21:02 - 2013-12-17 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 15:38 - 2013-12-14 15:38 - 02604032 _____ C:\Users\Nick\Documents\Lect_c3.ppt
2013-12-14 10:31 - 2013-12-14 10:31 - 00001012 _____ C:\Users\Nick\Desktop\run - Shortcut.lnk
2013-12-13 20:51 - 2013-12-13 20:51 - 01148049 _____ C:\Users\Nick\Desktop\HB (2).zip
2013-12-13 16:50 - 2013-12-13 16:50 - 00000000 ____D C:\Users\Nick\AppData\Local\{4419B67C-BDED-4384-92DB-120C7EFF6287}
2013-12-13 15:59 - 2013-12-13 16:14 - 1143973376 _____ C:\Users\Nick\Documents\hb2.avi
2013-12-10 20:00 - 2013-12-10 20:00 - 02785686 _____ C:\Users\Nick\Documents\SYNCPLEX-I7Q5CG (356 169 643)_2013-12-10 19.56.tvs
2013-12-10 13:52 - 2013-12-10 13:52 - 00000000 ____D C:\Users\Nick\AppData\Local\{335B2562-40BE-44E4-A45B-FDDE1AFF502A}
2013-12-10 13:35 - 2013-12-10 13:47 - 3129827328 _____ C:\Users\Nick\Documents\hb.avi
2013-12-10 09:44 - 2013-12-10 09:44 - 00001178 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Screen To Video.lnk
2013-12-10 09:43 - 2013-12-21 14:36 - 00000000 ____D C:\Users\Nick\AppData\Roaming\FreeScreenToVideo
2013-12-10 09:43 - 2013-12-21 14:36 - 00000000 ____D C:\Program Files (x86)\Free Screen To Video
2013-12-09 19:55 - 2013-12-09 20:34 - 00000000 ____D C:\Users\Nick\AppData\Local\Screencast-O-Matic
2013-12-08 11:51 - 2013-12-21 12:39 - 775574321 _____ C:\Windows\MEMORY.DMP
2013-12-08 11:51 - 2013-12-21 12:39 - 00000000 ____D C:\Windows\Minidump
2013-12-08 11:51 - 2013-12-08 11:51 - 00275208 _____ C:\Windows\Minidump\120813-17206-01.dmp
2013-12-06 20:59 - 2013-12-06 20:59 - 52334842 _____ C:\Users\Nick\Documents\SYNCPLEX-I7Q5CG (356 169 643)_2013-12-06 19.51.tvs
2013-12-03 21:48 - 2013-12-03 21:48 - 00000000 ____D C:\Users\Nick\Documents\KryptonSuite440
2013-11-22 21:59 - 2013-11-22 21:59 - 00002030 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

==================== One Month Modified Files and Folders =======

2013-12-22 10:53 - 2013-12-22 10:53 - 00000000 ____D C:\FRST
2013-12-22 10:53 - 2012-09-04 15:30 - 00000000 ____D C:\Users\Nick\AppData\Roaming\uTorrent
2013-12-22 10:26 - 2011-07-27 19:30 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890433738-410265934-2192807752-1000UA.job
2013-12-22 10:02 - 2012-04-04 13:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 10:00 - 2011-08-07 13:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 09:28 - 2013-03-30 18:29 - 02303908 _____ () C:\Users\Nick\Desktop\TechnicLauncher.exe
2013-12-22 09:28 - 2013-03-30 18:29 - 00000000 ____D C:\Users\Nick\AppData\Roaming\.technic
2013-12-22 08:47 - 2011-07-28 09:13 - 00000000 ____D C:\Users\Nick\AppData\Local\Adobe
2013-12-22 08:44 - 2011-10-20 18:19 - 00000000 ____D C:\Users\Nick\AppData\Roaming\.minecraft
2013-12-22 08:43 - 2009-07-14 00:13 - 00882672 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 08:43 - 2009-07-13 23:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 08:43 - 2009-07-13 23:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 08:41 - 2011-06-14 23:28 - 01874543 _____ C:\Windows\WindowsUpdate.log
2013-12-22 08:38 - 2012-09-23 16:19 - 00000000 ____D C:\ProgramData\i2p
2013-12-22 08:38 - 2012-03-21 19:51 - 00003508 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-22 08:37 - 2011-09-05 16:10 - 00000000 ____D C:\ProgramData\VMware
2013-12-22 08:37 - 2011-08-07 13:42 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 08:37 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-22 08:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 08:36 - 2013-08-01 13:24 - 00012806 _____ C:\Windows\setupact.log
2013-12-21 18:37 - 2013-12-21 18:37 - 00000000 ____D C:\AdwCleaner
2013-12-21 18:31 - 2013-12-21 18:31 - 00005760 _____ C:\Users\Nick\Desktop\attach.zip
2013-12-21 18:31 - 2013-12-21 18:30 - 00019079 _____ C:\Users\Nick\Desktop\attach.txt
2013-12-21 18:30 - 2013-12-21 18:30 - 00031563 _____ C:\Users\Nick\Desktop\dds.txt
2013-12-21 17:55 - 2013-12-21 17:55 - 00003672 _____ C:\Users\Nick\Desktop\RKreport[0]_S_12212013_175552.txt
2013-12-21 17:55 - 2013-12-21 14:45 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 01913192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00313696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0150.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00184960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00172104 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00151656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00141384 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdserd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00136264 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00109696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00085104 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00082816 _____ (VSO Software) C:\Windows\system32\Drivers\pcouffin.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00070256 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00067224 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00056208 _____ (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00052080 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\vpnva64-6.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00046728 _____ C:\Windows\system32\Drivers\ren2cap.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00045720 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00038632 _____ (AnchorFree Inc) C:\Windows\system32\Drivers\taphss.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00037680 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00036736 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00036352 _____ (Elaborate Bytes AG) C:\Windows\system32\Drivers\VClone.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00030720 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapoas.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00030360 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00026112 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\PulseUsb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00024216 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WSDPrint.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00020120 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00019016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00015944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00015944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwh.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00015432 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00015432 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-21 17:55 - 2013-12-21 14:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 12534784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 03058168 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 01115648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btkrnl.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00619008 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00458704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00437272 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00317440 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00158976 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00151920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00112496 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00063744 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwusb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00052376 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00045600 _____ () C:\Windows\system32\Drivers\npusbio_x64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00041704 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00040816 _____ (Elaborate Bytes AG) C:\Windows\system32\Drivers\ElbyCDIO.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00036720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nx6000.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00030568 _____ (GARMIN Corp.) C:\Windows\system32\Drivers\grmngen.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00029184 _____ (CSR, plc) C:\Windows\system32\Drivers\BthAvrcp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00028008 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dfx11_1x64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00022528 _____ (Apple Inc.) C:\Windows\system32\Drivers\netaapl64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00021992 _____ (CPUID) C:\Windows\system32\Drivers\cpuz135_x64.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00019304 _____ (GARMIN Corp.) C:\Windows\system32\Drivers\grmnusb.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2013-12-21 17:55 - 2013-12-21 14:44 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2013-12-21 16:26 - 2011-07-27 19:30 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890433738-410265934-2192807752-1000Core.job
2013-12-21 15:50 - 2013-09-14 14:56 - 00000000 ____D C:\Users\Nick\Desktop\Mc server
2013-12-21 15:12 - 2013-12-21 15:12 - 00000000 ____D C:\Users\Nick\Desktop\iy
2013-12-21 14:56 - 2013-12-21 14:43 - 00000000 ____D C:\Users\Nick\Desktop\RK_Quarantine
2013-12-21 14:45 - 2013-12-21 14:45 - 00004882 _____ C:\Users\Nick\Desktop\RKreport[0]_S_12212013_144523.txt
2013-12-21 14:36 - 2013-12-10 09:43 - 00000000 ____D C:\Users\Nick\AppData\Roaming\FreeScreenToVideo
2013-12-21 14:36 - 2013-12-10 09:43 - 00000000 ____D C:\Program Files (x86)\Free Screen To Video
2013-12-21 14:26 - 2013-12-21 14:26 - 00000000 ____D C:\Users\Nick\Documents\win_k57_x64-15.6.0.10
2013-12-21 13:33 - 2012-12-16 12:01 - 00000000 ____D C:\Users\Nick\Documents\Visual Studio 2010
2013-12-21 12:39 - 2013-12-21 12:39 - 00262144 _____ C:\Windows\Minidump\122113-13759-01.dmp
2013-12-21 12:39 - 2013-12-08 11:51 - 775574321 _____ C:\Windows\MEMORY.DMP
2013-12-21 12:39 - 2013-12-08 11:51 - 00000000 ____D C:\Windows\Minidump
2013-12-21 12:18 - 2013-12-21 12:18 - 00000000 ____D C:\Users\Nick\Desktop\64-bit
2013-12-21 10:53 - 2013-06-21 11:26 - 00002006 ____H C:\Users\Nick\Documents\Default.rdp
2013-12-20 08:38 - 2013-08-18 09:10 - 00499186 _____ C:\Windows\PFRO.log
2013-12-19 21:23 - 2011-08-31 14:52 - 00000000 ____D C:\Users\Nick\AppData\Roaming\vlc
2013-12-19 19:59 - 2013-10-17 18:51 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-19 17:38 - 2013-12-19 17:38 - 00000000 ____D C:\Users\Nick\AppData\Local\DFX
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Guest
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-12-19 17:37 - 2013-12-19 17:37 - 00000000 ____D C:\Users\Administrator
2013-12-19 11:31 - 2013-12-19 09:34 - 00000000 ____D C:\Program Files\EqualizerAPO
2013-12-18 14:35 - 2013-06-05 10:13 - 00000000 ____D C:\Users\Nick\AppData\Roaming\CouchPotato
2013-12-18 10:39 - 2012-03-17 08:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-17 21:03 - 2013-12-17 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 18:19 - 2011-07-27 19:30 - 00000000 ____D C:\Users\Nick\AppData\Local\Deployment
2013-12-16 15:52 - 2011-09-30 10:48 - 00132424 _____ C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 15:51 - 2011-10-01 07:56 - 05219840 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 13:55 - 2011-07-30 13:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-14 15:38 - 2013-12-14 15:38 - 02604032 _____ C:\Users\Nick\Documents\Lect_c3.ppt
2013-12-14 15:35 - 2011-07-28 09:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 10:31 - 2013-12-14 10:31 - 00001012 _____ C:\Users\Nick\Desktop\run - Shortcut.lnk
2013-12-14 10:29 - 2013-09-14 16:02 - 00000000 ____D C:\Users\Nick\Desktop\forge
2013-12-14 10:01 - 2011-08-07 13:42 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-13 20:51 - 2013-12-13 20:51 - 01148049 _____ C:\Users\Nick\Desktop\HB (2).zip
2013-12-13 20:51 - 2013-05-06 16:50 - 00000000 ____D C:\Users\Nick\Documents\SQL Server Management Studio
2013-12-13 16:50 - 2013-12-13 16:50 - 00000000 ____D C:\Users\Nick\AppData\Local\{4419B67C-BDED-4384-92DB-120C7EFF6287}
2013-12-13 16:14 - 2013-12-13 15:59 - 1143973376 _____ C:\Users\Nick\Documents\hb2.avi
2013-12-12 22:28 - 2011-08-24 15:24 - 00000000 ____D C:\Users\Nick\Documents\Outlook Files
2013-12-10 20:00 - 2013-12-10 20:00 - 02785686 _____ C:\Users\Nick\Documents\SYNCPLEX-I7Q5CG (356 169 643)_2013-12-10 19.56.tvs
2013-12-10 17:02 - 2012-04-04 13:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 17:02 - 2012-04-04 13:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 17:02 - 2011-07-28 08:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 13:52 - 2013-12-10 13:52 - 00000000 ____D C:\Users\Nick\AppData\Local\{335B2562-40BE-44E4-A45B-FDDE1AFF502A}
2013-12-10 13:47 - 2013-12-10 13:35 - 3129827328 _____ C:\Users\Nick\Documents\hb.avi
2013-12-10 09:44 - 2013-12-10 09:44 - 00001178 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Screen To Video.lnk
2013-12-09 20:34 - 2013-12-09 19:55 - 00000000 ____D C:\Users\Nick\AppData\Local\Screencast-O-Matic
2013-12-08 12:39 - 2013-03-11 16:01 - 00000000 ____D C:\ProgramData\TechSmith
2013-12-08 11:51 - 2013-12-08 11:51 - 00275208 _____ C:\Windows\Minidump\120813-17206-01.dmp
2013-12-07 17:19 - 2013-03-14 10:00 - 00000000 ____D C:\Users\Nick\AppData\Local\CrashDumps
2013-12-07 16:09 - 2011-09-29 08:17 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-06 20:59 - 2013-12-06 20:59 - 52334842 _____ C:\Users\Nick\Documents\SYNCPLEX-I7Q5CG (356 169 643)_2013-12-06 19.51.tvs
2013-12-04 16:43 - 2011-09-06 16:51 - 00000000 ____D C:\Users\Nick\AppData\Roaming\VMware
2013-12-04 16:43 - 2011-09-06 16:51 - 00000000 ____D C:\Users\Nick\AppData\Local\VMware
2013-12-04 16:21 - 2011-07-27 19:30 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890433738-410265934-2192807752-1000UA
2013-12-04 16:21 - 2011-07-27 19:30 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890433738-410265934-2192807752-1000Core
2013-12-03 21:48 - 2013-12-03 21:48 - 00000000 ____D C:\Users\Nick\Documents\KryptonSuite440
2013-12-03 19:55 - 2011-08-07 13:42 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 19:55 - 2011-08-07 13:42 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 20:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-02 19:41 - 2013-02-22 10:55 - 00000426 _____ C:\Windows\BRWMARK.INI
2013-11-22 21:59 - 2013-11-22 21:59 - 00002030 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

ZeroAccess:
C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c}

ZeroAccess:
C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}
C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}\@

Files to move or delete:
====================
C:\Users\Nick\AppData\Roaming\Camdata.ini
C:\Users\Nick\AppData\Roaming\CamLayout.ini
C:\Users\Nick\AppData\Roaming\CamShapes.ini
C:\Users\Nick\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\5kzgbb51.dll
C:\Users\Nick\AppData\Local\Temp\cpuz160.exe
C:\Users\Nick\AppData\Local\Temp\dateinj01.dll
C:\Users\Nick\AppData\Local\Temp\exehpq15.dll
C:\Users\Nick\AppData\Local\Temp\hd52n0mx.dll
C:\Users\Nick\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Nick\AppData\Local\Temp\k4xprkoa.dll
C:\Users\Nick\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Nick\AppData\Local\Temp\pi.exe
C:\Users\Nick\AppData\Local\Temp\sonarinst.exe
C:\Users\Nick\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Nick\AppData\Local\Temp\update.exe
C:\Users\Nick\AppData\Local\Temp\uttF79F.tmp.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Nick\AppData\Local\Temp\vtt0ijjg.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 12:14

==================== End Of Log ============================

Attached Files



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 22 December 2013 - 04:02 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c}
C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c}
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • Fixlog.txt Report
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 December 2013 - 04:40 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2013 01
Ran by Nick at 2013-12-22 16:05:56 Run:1
Running from C:\Users\Nick\.netbeans-derby\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c}
C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c)
*****************

C:\Windows\Installer\{d9173d69-4760-711b-ce45-773b0af1ad5c} => Moved successfully.
"C:\Users\Nick\AppData\Local\{d9173d69-4760-711b-ce45-773b0af1ad5c)" => File/Directory not found.

==== End of Fixlog ====

 

ComboFix 13-12-21.01 - Nick 12/22/2013  16:13:08.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.4825 [GMT -5:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Nick\AppData\Local\Temp\dateinj01.dll
c:\users\Nick\AppData\Roaming\inst.exe
c:\users\Nick\AppData\Roaming\poclbm
c:\users\Nick\AppData\Roaming\poclbm\poclbm.ini
c:\users\Nick\AppData\Roaming\technic-launcher.jar
c:\users\Nick\AppData\Roaming\vso_ts_preview.xml
c:\users\Nick\Documents\~WRL1377.tmp
c:\users\Nick\Documents\~WRL3174.tmp
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-22 to 2013-12-22  )))))))))))))))))))))))))))))))
.
.
2013-12-22 21:21 . 2013-12-22 21:21    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-12-22 21:21 . 2013-12-22 21:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-22 20:42 . 2013-12-22 21:03    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-22 20:41 . 2013-12-22 20:41    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-22 15:53 . 2013-12-22 21:05    --------    d-----w-    C:\FRST
2013-12-21 23:37 . 2013-12-21 23:37    --------    d-----w-    C:\AdwCleaner
2013-12-21 19:44 . 2013-12-21 22:55    75120    ----a-w-    c:\windows\system32\drivers\partmgr.sys.bak
2013-12-20 01:48 . 2011-11-07 21:18    46728    ----a-w-    c:\windows\system32\drivers\ren2cap.sys
2013-12-19 22:38 . 2013-12-19 22:38    --------    d-----w-    c:\users\Nick\AppData\Local\DFX
2013-12-19 22:37 . 2013-12-19 22:37    --------    d-----w-    c:\users\Guest
2013-12-19 22:37 . 2013-12-19 22:37    --------    d-----w-    c:\users\Administrator
2013-12-19 14:34 . 2013-12-19 16:31    --------    d-----w-    c:\program files\EqualizerAPO
2013-12-10 14:43 . 2013-12-21 19:36    --------    d-----w-    c:\users\Nick\AppData\Roaming\FreeScreenToVideo
2013-12-10 14:43 . 2013-12-21 19:36    --------    d-----w-    c:\program files (x86)\Free Screen To Video
2013-12-10 00:55 . 2013-12-10 01:34    --------    d-----w-    c:\users\Nick\AppData\Local\Screencast-O-Matic
2013-12-01 01:31 . 2013-12-01 01:31    --------    d-----w-    c:\users\Nick\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 22:02 . 2012-04-04 18:17    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:02 . 2011-07-28 13:38    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-21 21:05 . 2011-07-28 17:33    281872    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-11-21 21:05 . 2011-07-28 17:33    281872    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-11-21 21:05 . 2011-07-28 17:33    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-10-31 23:07 . 2013-09-06 00:18    2379616    ----a-w-    c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-10-31 22:58 . 2011-08-13 15:58    205984    ----a-w-    c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2013-10-31 22:50 . 2012-02-25 16:08    112832    ----a-w-    c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2013-10-30 17:55 . 2013-10-30 17:55    458960    ----a-w-    c:\windows\system32\drivers\k57nd60a.sys
2013-10-10 21:48 . 2013-10-10 21:48    11152    ----a-w-    c:\windows\SysWow64\vpncategories.dll
2013-10-10 21:48 . 2013-10-10 21:48    34192    ----a-w-    c:\windows\SysWow64\vpnevents.dll
2013-10-10 21:31 . 2013-10-10 21:31    52080    ----a-w-    c:\windows\system32\drivers\vpnva64-6.sys
2013-10-10 21:29 . 2013-10-10 21:29    112496    ----a-r-    c:\windows\system32\drivers\acsock64.sys
2013-10-08 14:50 . 2013-10-08 14:50    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2013-10-08 14:45 . 2013-10-08 14:45    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2013-10-08 14:01 . 2013-10-08 14:01    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2013-10-08 14:01 . 2013-10-08 14:01    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2013-10-08 14:01 . 2013-10-08 14:01    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2013-10-08 14:01 . 2013-10-08 14:01    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2013-10-08 14:01 . 2013-03-29 02:37    142792    ----a-w-    c:\windows\system32\atiuxp64.dll
2013-10-08 14:01 . 2013-03-29 02:37    125824    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2013-10-08 14:01 . 2013-03-29 02:37    97984    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2013-10-08 14:01 . 2012-12-19 19:31    114488    ----a-w-    c:\windows\system32\atiu9p64.dll
2013-10-08 14:01 . 2012-04-06 02:20    1237200    ----a-w-    c:\windows\system32\aticfx64.dll
2013-10-08 14:01 . 2013-03-29 02:37    1030128    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2013-10-08 14:00 . 2013-03-29 02:36    9464840    ----a-w-    c:\windows\system32\atidxx64.dll
2013-10-08 14:00 . 2013-03-29 02:36    8215992    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2013-10-08 14:00 . 2013-10-08 14:00    6176008    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2013-10-08 14:00 . 2013-10-08 14:00    6189416    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2013-10-08 14:00 . 2012-12-19 19:59    6767240    ----a-w-    c:\windows\system32\atiumd6a.dll
2013-10-08 14:00 . 2012-12-19 19:44    7256496    ----a-w-    c:\windows\system32\atiumd64.dll
2013-10-08 13:58 . 2013-10-08 13:58    12534784    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2013-10-08 13:39 . 2013-10-08 13:39    229376    ----a-w-    c:\windows\system32\clinfo.exe
2013-10-08 13:39 . 2013-10-08 13:39    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2013-10-08 13:38 . 2013-10-08 13:38    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2013-10-08 13:38 . 2013-10-08 13:38    127488    ----a-w-    c:\windows\system32\coinst_13.152.1.8.dll
2013-10-08 13:38 . 2013-10-08 13:38    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2013-10-08 13:38 . 2013-10-08 13:38    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2013-10-08 13:38 . 2013-10-08 13:38    28192256    ----a-w-    c:\windows\system32\amdocl64.dll
2013-10-08 13:36 . 2013-10-08 13:36    23761408    ----a-w-    c:\windows\SysWow64\amdocl.dll
2013-10-08 13:34 . 2013-10-08 13:34    63488    ----a-w-    c:\windows\system32\OpenCL.dll
2013-10-08 13:34 . 2013-10-08 13:34    57344    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-10-08 13:17 . 2013-10-08 13:17    25385984    ----a-w-    c:\windows\system32\atio6axx.dll
2013-10-08 13:13 . 2013-10-08 13:13    368640    ----a-w-    c:\windows\system32\atiapfxx.exe
2013-10-08 13:13 . 2013-10-08 13:13    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2013-10-08 13:13 . 2013-10-08 13:13    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2013-10-08 13:13 . 2013-10-08 13:13    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2013-10-08 13:13 . 2013-10-08 13:13    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2013-10-08 13:13 . 2013-10-08 13:13    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2013-10-08 13:09 . 2013-10-08 13:09    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2013-10-08 13:00 . 2013-10-08 13:00    21400064    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2013-10-08 12:54 . 2013-03-29 01:35    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2013-10-08 12:53 . 2013-10-08 12:53    26112    ----a-w-    c:\windows\system32\atimuixx.dll
2013-10-08 12:53 . 2013-10-08 12:53    576512    ----a-w-    c:\windows\system32\atieclxx.exe
2013-10-08 12:52 . 2013-10-08 12:52    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2013-10-08 12:51 . 2013-10-08 12:51    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2013-10-08 12:50 . 2013-11-17 14:26    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 12:28 . 2013-03-29 01:10    784384    ----a-w-    c:\windows\system32\atiadlxx.dll
2013-10-08 12:28 . 2013-10-08 12:28    594944    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2013-10-08 12:28 . 2013-10-08 12:28    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2013-10-08 12:28 . 2013-10-08 12:28    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28    100352    ----a-w-    c:\windows\system32\atig6txx.dll
2013-10-08 12:27 . 2013-10-08 12:27    96768    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2013-10-08 12:27 . 2013-10-08 12:27    619008    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2013-10-08 12:24 . 2013-10-08 12:24    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-03-29 00:55 . 2012-03-28 23:06    3993600    ----a-w-    c:\program files (x86)\GUT5EC7.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 20:29    194928    ----a-w-    c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-02 00:38    1720976    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-02 00:38    1720976    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-02 00:38    1720976    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NaturalPoint"="c:\program files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe" [2011-02-18 387072]
"MusicManager"="c:\users\Nick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-11-12 7380992]
"696975F877CEE120328F887DF7C10CABCB6D4EB5._service_run"="c:\users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
"Akamai NetSession Interface"="c:\users\Nick\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe -b0 [2013-6-2 103424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys;c:\windows\SYSNATIVE\drivers\dhahelper.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/14 23:43;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]
R3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys;c:\windows\SYSNATIVE\drivers\ren2cap.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 i2p;I2P Service;c:\program files\i2p\I2Psvc.exe;c:\program files\i2p\I2Psvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys;c:\windows\SYSNATIVE\Drivers\npusbio_x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:02]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 18:42]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 18:42]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890433738-410265934-2192807752-1000Core.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-28 00:30]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890433738-410265934-2192807752-1000UA.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-28 00:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DDDEE9C7-E36E-4EEE-B325-989049DE534D}: NameServer = 95.211.10.3
TCP: Interfaces\{E8380213-C326-4117-9BF9-5743F2AB801A}: NameServer = 95.211.10.3
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&CUI=UN26981515773296221&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&SearchSource=2&CUI=UN26981515773296221&UM=2&q=
FF - prefs.js: network.proxy.ftp - 46.23.68.179
FF - prefs.js: network.proxy.ftp_port - 39431
FF - prefs.js: network.proxy.socks - 46.23.68.179
FF - prefs.js: network.proxy.socks_port - 39431
FF - prefs.js: network.proxy.ssl - 46.23.68.179
FF - prefs.js: network.proxy.ssl_port - 39431
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.id - f60770ed000000000000ccaf780f63f5
FF - user.js: extensions.BabylonToolbar.instlDay - 15577
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.611:21
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.instlRef - std
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113931&tt=201208_mnt_n_3512_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f60770ed000000000000ccaf780f63f5&q=
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - c6836263-21ef-4e3b-bc94-e6ba46b3f5c5
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
   9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
   2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1c,e8,eb,18,d1,99,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\04\1c\0f\18\0dE"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\SABnzbd\SABnzbd.exe
c:\program files (x86)\NaturalPoint\SmartNAV\DwellClicker.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2013-12-22  16:37:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-22 21:37
ComboFix2.txt  2012-07-17 17:58
.
Pre-Run: 1,494,286,995,456 bytes free
Post-Run: 1,545,898,610,688 bytes free
.
- - End Of File - - 34E8EFB4719F7C101C7ED2F45C78C77A



#7 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 December 2013 - 04:48 PM

And as for every boot up, MBAM popped up and said something like 'Blocked and quarantined Trojan.Bitcoin' so I know I'm not cured.



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 22 December 2013 - 05:57 PM

Please do this next:

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 23 December 2013 - 10:23 AM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nick :: NICK-PC [administrator]

Protection: Enabled

12/23/2013 8:50:04 AM
mbam-log-2013-12-23 (08-50-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 700324
Time elapsed: 1 hour(s), 31 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

(end)
 



#10 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 23 December 2013 - 10:30 AM

They come back after every reboot.



#11 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 23 December 2013 - 12:23 PM

I went ahead and ran Adw:

# AdwCleaner v3.016 - Report created 23/12/2013 at 12:15:46
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nick - NICK-PC
# Running from : C:\Users\Nick\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Users\Nick\AppData\Local\Conduit
Folder Deleted : C:\Users\Nick\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Nick\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nick\AppData\Roaming\yourfiledownloader
File Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\searchplugins\Conduit.xml
File Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\user.js
File Deleted : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Your File Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\YourFileDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2pkoe4p9.Default User\prefs.js ]

Line Deleted : user_pref("CT3299568_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1371600453438,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3299568&CUI=UN26981515773296221&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "entrusted11 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&SearchSource=2&CUI=UN26981515773296221&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299568");
Line Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxps://mail.google.com/mail/u/0/?tab=wm#inbox\",\"title\":\"Inbox - n.tyler1092@gmail.com - Gmail\"},{\"url\":\"hxxps://twitter.com/\",\"title\":\"[...]
Line Deleted : user_pref("browser.search.defaultthis.engineName", "entrusted11 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&CUI=UN26981515773296221&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babclient");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=113931&tt=201208_mnt_n_3512_6");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "SE");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "newBlk");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "C7C26C45BB27490B0E19DD1B14240349");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "f60770ed000000000000ccaf780f63f5");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15577");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "std");
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.611:21:04");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f60770ed000000000000ccaf780f63f5&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.611:21:04");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113931&tt=201208_mnt_n_3512_6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.611:21:04");
Line Deleted : user_pref("extensions.crossrider.bic", "13a671c0dec17361be90b19eb59658d3");
Line Deleted : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,ietab@ip.cn:1.94.20100904,personas@christopher.beard:1.5.3,testpilot@labs.mozilla.com:1.0.1,{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.wmn.accounts.gmail.n.tyler1092.inboxOnly", true);
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "BestVideoDownloader");
Line Deleted : user_pref("extentions.y2layers.installId", "c6836263-21ef-4e3b-bc94-e6ba46b3f5c5");
Line Deleted : user_pref("gm-notifier.ui.counter.showInbox", true);
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&SearchSource=2&CUI=UN26981515773296221&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3299568");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299568");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3299568");
Line Deleted : user_pref("smartbar.machineId", "AK+4DOL2OWBQ5DJV5AJ5F8EVLPZGQPB7SE2SMVMSPSRXNV2XGDGS+JLWXPGFTG+MJBICAF7HMEKN6GH+YASXNW");

-\\ Google Chrome v

[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15157 octets] - [23/12/2013 12:14:06]
AdwCleaner[S0].txt - [15136 octets] - [23/12/2013 12:15:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15197 octets] ##########
 



#12 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 23 December 2013 - 03:42 PM

Ran RogueKiller and it fixed everything. Double checked with MBAM/RK/FRST. Thanks for your help.



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 23 December 2013 - 04:46 PM

I'd like to see one more scan just to be sure we have it all.  Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 Devsfan4

Devsfan4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 23 December 2013 - 06:46 PM

all good! thanks again!



#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 24 December 2013 - 01:14 PM

Then all I have left for you is some important cleanup:

icon11.gif  Uninstall this older, unsecure version of Java keeping only Java 7 Update 45:

Java 7 Update 17 (64-bit) (Version: 7.0.170)

icon11.gif  Your Adobe reader needs to be updated.  Please visit Adobe's site and grab the newest version.  Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Delete the following tools along with any other logs you saved from our work:
  • RogueKiller
  • FRST (also delete the c:\FRST folder

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users