Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit(?) Infection Got Me


  • This topic is locked This topic is locked
20 replies to this topic

#1 herohans1

herohans1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 27 December 2013 - 09:31 PM

Wish I could blame this on the dog but I did it.

 

Both Firefox and IE are popping open new windows and tabs recommending I install extra software.

Sure hope I get this fixed before the kids decide to click on them . . .

Excellent excuse to monopolize the 'puter playing Diablo III

 

Hans

 

Attached Files

  • Attached File  DDS.txt   33.89KB   3 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 PM

Posted 28 December 2013 - 11:43 AM


Hello herohans1

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 herohans1

herohans1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 28 December 2013 - 02:11 PM

Hey Gringo,  Mucho Gusto!!

 

Firefox and IE are still opening extra windows and tabs whenever I click in an active page.  Here are the logs.

 

# AdwCleaner v3.016 - Report created 28/12/2013 at 13:43:41
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hansome - MONSTER
# Running from : C:\Users\Hansome\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : BackupStack
Service Deleted : vToolbarUpdater17.1.3

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\GameTap Web Player
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\GameTap Web Player
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Hansome\AppData\Local\AskPartnerNetwork
[!] Folder Deleted : C:\Users\Hansome\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Hansome\AppData\Local\Conduit
Folder Deleted : C:\Users\Hansome\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Hansome\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Hansome\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Hansome\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Hansome\AppData\Local\Temp\CT3306061
Folder Deleted : C:\Users\Hansome\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Hansome\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hansome\AppData\LocalLow\Connect_DLC_5
Folder Deleted : C:\Users\Hansome\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Hansome\Documents\Mobogenie
Folder Deleted : C:\Users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\CT3306061
Folder Deleted : C:\Users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
Folder Deleted : C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Hansome\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Hansome\Desktop\MyPC Backup.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFC845F9-5D3E-43E5-960A-185FB358743B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACDE2FFC-C99C-4B15-A13E-C002AAC7E21D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Connect_DLC_5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN16370468293068629");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN16370468293068629.IN.20131227202200");
Line Deleted : user_pref("CT3306061.installDate", "27/12/2013 20:22:03");
Line Deleted : user_pref("CT3306061.installSessionId", "{6288D01B-B7AD-40A6-BC79-370266928B2C}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "about:home");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "27-12-2013 20:22:00");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.23.0.726");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN16370468293068629&UM=2&SearchSource=3&q={searchTerms}&sspv=S41A");
Line Deleted : user_pref("browser.search.selectedEngine", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN16370468293068629&UM=2&sspv=S41A&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN16370468293068629&UM=2&SearchSource=13&sspv=S41A,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&Se[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN16370468293068629&UM=2&sspv=S41A&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "VW80+P4UGRSLEINAPD7QWOIZC1AHACJTRKIELGCAKRRDAGOJAAYYBGY+NYFMGDAO6JRTTQJXHJF2LLTS3IR7DA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN16370468293068629&UM=2&SearchSource=13&sspv=S41A");

*************************

AdwCleaner[R0].txt - [25512 octets] - [28/12/2013 13:42:35]
AdwCleaner[S0].txt - [24652 octets] - [28/12/2013 13:43:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24713 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Hansome on Sat 12/28/2013 at 13:53:04.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{21FF4F61-0970-4EA6-B45C-0A26B646E1EA}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Hansome\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ FireFox

Successfully deleted: [File] C:\user.js

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/28/2013 at 13:58:36.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 PM

Posted 28 December 2013 - 05:39 PM


Hello herohans1

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 herohans1

herohans1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 28 December 2013 - 08:55 PM

I successfully ran Combofix on the second try.  First time I clicked too soon thinking the program was done.

The computer is still popping up a new window stating my IE is out of date and needs a new video player or that java is out of date.

 

Here's the log

 

ComboFix 13-12-26.01 - Hansome 12/28/2013  20:21:46.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6204 [GMT -5:00]
Running from: c:\users\Hansome\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\windows\SysWow64\frapsvid.dll
.
-- Previous Run --
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
--------
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-29  )))))))))))))))))))))))))))))))
.
.
2013-12-29 01:31 . 2013-12-29 01:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-29 01:19 . 2013-12-29 01:19 -------- d-----w- c:\programdata\AVG Security Toolbar
2013-12-29 01:18 . 2013-12-29 01:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-12-29 01:18 . 2013-12-29 01:19 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-12-29 01:18 . 2013-12-29 01:18 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-12-28 18:53 . 2013-12-28 18:53 -------- d-----w- c:\windows\ERUNT
2013-12-28 18:42 . 2013-12-28 18:44 -------- d-----w- C:\AdwCleaner
2013-12-28 01:44 . 2013-10-30 10:27 42808 ----a-w- c:\windows\system32\uxtuneup.dll
2013-12-28 01:44 . 2013-10-30 10:27 35640 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-12-28 01:43 . 2013-10-30 10:27 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2013-12-28 01:43 . 2013-10-30 10:27 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-12-28 01:43 . 2013-10-30 10:27 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-12-28 01:42 . 2013-12-28 01:42 -------- d-----w- c:\users\Hansome\AppData\Roaming\AVG
2013-12-28 01:40 . 2013-12-28 01:45 -------- d-----w- c:\programdata\AVG
2013-12-28 01:40 . 2013-12-28 01:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-28 01:24 . 2013-12-28 01:24 -------- d-----w- c:\users\Hansome\.android
2013-12-28 01:24 . 2013-12-28 01:25 -------- d-----w- c:\users\Hansome\AppData\Local\cache
2013-12-28 01:24 . 2013-12-28 15:57 -------- d-----w- c:\users\Hansome\AppData\Roaming\newnext.me
2013-12-28 01:24 . 2013-12-28 01:24 -------- d-----w- c:\users\Hansome\AppData\Local\genienext
2013-12-28 01:23 . 2013-12-28 01:23 -------- d-----w- c:\users\Hansome\AppData\Local\Local_Weather_LLC
2013-12-28 01:22 . 2013-12-29 01:17 -------- d-----w- c:\users\Hansome\AppData\Local\WeatherAlerts
2013-12-28 01:22 . 2013-12-28 01:22 -------- d-----w- c:\program files (x86)\PassShow
2013-12-28 01:22 . 2013-12-28 01:22 -------- d-----w- c:\users\Hansome\AppData\Local\GreatArcadeHits
2013-12-28 01:01 . 2013-12-28 01:01 -------- d-----w- c:\users\Hansome\AppData\Local\HP
2013-12-27 17:52 . 2013-12-27 17:52 -------- d-----w- c:\programdata\ATI
2013-12-27 17:51 . 2013-12-27 17:51 -------- d-----w- c:\program files (x86)\AMD AVT
2013-12-27 17:46 . 2013-12-27 17:46 -------- d-----w- c:\program files\AMD
2013-12-27 16:54 . 2013-12-27 17:59 -------- d-----w- c:\program files (x86)\Diablo III
2013-12-23 01:40 . 2013-12-23 01:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-23 01:40 . 2013-12-23 01:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-23 01:23 . 2013-12-23 01:23 -------- d-----w- c:\users\Hansome\AppData\Roaming\Oracle
2013-12-22 23:00 . 2013-12-22 23:03 -------- d-----w- c:\users\Hansome\AppData\Roaming\HpUpdate
2013-12-22 23:00 . 2013-12-22 23:00 -------- d-----w- c:\windows\Hewlett-Packard
2013-12-12 08:03 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 08:03 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:03 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:03 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 08:03 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 22:42 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:49 . 2013-12-06 21:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-12-06 21:44 . 2013-12-06 21:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 08:00 . 2011-09-06 08:28 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 22:52 . 2012-04-27 00:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 22:52 . 2011-09-06 11:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-06 22:04 . 2011-04-20 05:21 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2011-04-20 05:21 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2011-10-26 01:21 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2011-04-20 05:21 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2011-10-26 02:04 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2011-04-20 06:09 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2011-10-26 01:46 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2011-04-20 05:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2011-04-20 05:30 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2011-04-20 05:38 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2011-10-26 01:43 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2011-10-26 01:29 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 20:22 . 2011-10-26 01:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2013-11-27 08:04 . 2013-11-27 08:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 08:04 . 2013-11-27 08:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 08:03 . 2013-11-27 08:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 08:03 . 2013-11-27 08:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 08:03 . 2013-11-27 08:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 08:03 . 2013-11-27 08:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 08:03 . 2013-11-27 08:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 08:03 . 2013-11-27 08:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 08:03 . 2013-11-27 08:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 08:03 . 2013-11-27 08:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 08:03 . 2013-11-27 08:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 08:03 . 2013-11-27 08:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 08:03 . 2013-11-27 08:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 08:03 . 2013-11-27 08:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 08:03 . 2013-11-27 08:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 08:03 . 2013-11-27 08:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 08:03 . 2013-11-27 08:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 08:03 . 2013-11-27 08:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 08:03 . 2013-11-27 08:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 08:03 . 2013-11-27 08:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 08:03 . 2013-11-27 08:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 08:03 . 2013-11-27 08:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 08:03 . 2013-11-27 08:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 08:03 . 2013-11-27 08:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 08:03 . 2013-11-27 08:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 08:03 . 2013-11-27 08:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 08:03 . 2013-11-27 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 08:03 . 2013-11-27 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 08:03 . 2013-11-27 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 08:03 . 2013-11-27 08:03 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 08:03 . 2013-11-27 08:03 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 08:03 . 2013-11-27 08:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 08:03 . 2013-11-27 08:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 08:03 . 2013-11-27 08:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 08:03 . 2013-11-27 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 08:03 . 2013-11-27 08:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 08:03 . 2013-11-27 08:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 08:03 . 2013-11-27 08:03 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 08:03 . 2013-11-27 08:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 08:03 . 2013-11-27 08:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 08:03 . 2013-11-27 08:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 08:03 . 2013-11-27 08:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 08:03 . 2013-11-27 08:03 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 08:03 . 2013-11-27 08:03 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 08:03 . 2013-11-27 08:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 08:03 . 2013-11-27 08:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 08:03 . 2013-11-27 08:03 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-27 08:03 . 2013-11-27 08:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 08:03 . 2013-11-27 08:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 08:03 . 2013-11-27 08:03 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 08:03 . 2013-11-27 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 08:03 . 2013-11-27 08:03 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 08:03 . 2013-11-27 08:03 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 08:03 . 2013-11-27 08:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 08:03 . 2013-11-27 08:03 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 08:03 . 2013-11-27 08:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 08:03 . 2013-11-27 08:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 08:03 . 2013-11-27 08:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 08:03 . 2013-11-27 08:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-22 01:34 . 2013-09-13 21:58 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-11 17:08 . 2012-10-10 00:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-11-11 17:08 . 2012-10-10 00:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-11-11 17:08 . 2012-10-10 00:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-11-11 17:08 . 2012-10-10 00:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-11-06 02:55 . 2013-11-06 02:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-05 02:52 . 2013-11-05 02:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 04:00 . 2013-11-01 04:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-11-01 03:49 . 2013-11-01 03:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-25 03:25 . 2013-10-25 03:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-14 23:00 . 2013-11-27 08:07 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 00:49 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 00:49 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 00:49 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 00:49 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 00:49 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 00:49 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 00:49 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 00:49 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 00:49 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 00:49 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 00:49 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 00:49 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 00:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 00:49 404480 ----a-w- c:\windows\system32\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2d661e5b-7d7a-417c-b5b5-6479017bb314}]
2013-12-28 01:22 146432 ----a-w- c:\program files (x86)\PassShow\150.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-12-29 01:18 3333144 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}]
2013-12-06 10:54 324048 ----a-w- c:\users\Hansome\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll" [2013-12-29 3333144]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-06 39408]
"Amazon Cloud Player"="c:\users\Hansome\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-05-22 3113792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-09-21 2150400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-12-29 2471448]
.
c:\users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-1-21 0]
DesktopWeatherAlerts.lnk - c:\users\Hansome\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe [2013-11-13 546304]
Weather Alerts.lnk - c:\users\Hansome\AppData\Local\WeatherAlerts\WeatherAlerts.exe /restart [2013-11-13 166072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamingMsFltr;HP HDX Mouse;c:\windows\system32\drivers\gamingms.sys;c:\windows\SYSNATIVE\drivers\gamingms.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 NTG43XX;NETGEAR 802.11 Network Adapter Driver;c:\windows\system32\DRIVERS\WN311B64.sys;c:\windows\SYSNATIVE\DRIVERS\WN311B64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys;c:\windows\SYSNATIVE\drivers\BS_I2c64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
S2 WN311BFCS;Netgear WN311B Wireless Control Service;c:\windows\system32\WN311BFCS.exe;c:\windows\SYSNATIVE\WN311BFCS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 03:31 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 22:52]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 11:27]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 11:27]
.
2013-12-29 c:\windows\Tasks\PassShow Update.job
- c:\program files (x86)\PassShow\PsUP.exe [2013-12-28 01:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={FBC178CF-6314-49C0-A954-560EDFA81B06}&mid=23e0f44e3fd047d09aa8d1792158d4fb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-28 20:19&v=17.2.0.38&pid=safeguard&sg=&sap=hp
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll
Toolbar-Locked - (no file)
Toolbar-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Hansome\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\Hansome\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll
Toolbar-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll
WebBrowser-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll
AddRemove-IECT3306061 - c:\programdata\Conduit\IE\CT3306061\UninstallerUI.exe
AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
   18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
   8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{8CA5ED52-F3FB-4414-A105-2E3491156990}"=hex:51,66,7a,6c,4c,1d,38,12,3c,ee,b6,
   88,c9,bd,7a,01,de,13,6d,74,94,4b,2d,84
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
   bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,9c,55,
   1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,d1,c4,4a,e1,9d,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\WN311BFCS.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
.
**************************************************************************
.
Completion time: 2013-12-28  20:37:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-29 01:37
.
Pre-Run: 742,885,482,496 bytes free
Post-Run: 742,748,762,112 bytes free
.
- - End Of File - - 94FF0D581D5F11DDC0E522820DE43856
A36C5E4F47E84449FF07ED3517B43A31



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 PM

Posted 28 December 2013 - 10:21 PM





Hello herohans1

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 herohans1

herohans1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 29 December 2013 - 09:24 AM

Computer still popping up windows and tabs for extra software.

Here are the mbar and rk logs. 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8589205504, free: 6675812352

Downloaded database version: v2013.12.29.03
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     12/29/2013 08:33:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\BS_I2c64.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Windows\system32\drivers\BIOS64.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8008fa0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa8008f928c0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8008f9f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa8008fb8060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008f96060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa8008f91060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008f9b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa8008f81610
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008f9a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa8008f7d060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b02060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8007438060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b02060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b02060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006b66580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007438060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 78CE7145

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008f9a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f95b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f9a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f7d060, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008f9b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f9bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f9b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f81610, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008f96060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f96b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f96060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f91060, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8008f9f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f9fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f9f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008fb8060, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8008fa0060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008fa0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008fa0060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f928c0, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8589205504, free: 6881550336

=======================================
Initializing...
------------ Kernel report ------------
     12/29/2013 08:45:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\BS_I2c64.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Windows\system32\drivers\BIOS64.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8008fa0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa8008f928c0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8008f9f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa8008fb8060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008f96060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa8008f91060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008f9b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa8008f81610
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008f9a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa8008f7d060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b02060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8007438060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b02060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b02060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006b66580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007438060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 78CE7145

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008f9a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f95b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f9a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f7d060, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008f9b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f9bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f9b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f81610, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008f96060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f96b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f96060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f91060, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8008f9f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f9fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f9f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008fb8060, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8008fa0060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008fa0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008fa0060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f928c0, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

 

 

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hansome [Admin rights]
Mode : Remove -- Date : 12/29/2013 09:00:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] CurseClient.exe -- C:\Users\Hansome\AppData\Local\Apps\2.0\M4WRVH5R.4DH\XA6224EB.LAV\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 2b429b9953306fed69a5cd2d1cb2452f
[BSP] b5a26865daa8b761c52fcf745e3b1754 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_12292013_090054.txt >>
RKreport[0]_S_12292013_085940.txt



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 PM

Posted 29 December 2013 - 12:26 PM


Hello herohans1



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 herohans1

herohans1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 29 December 2013 - 02:17 PM

Here are the scan reports.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Hansome (administrator) on MONSTER on 29-12-2013 14:12:19
Running from C:\Users\Hansome\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
(NetGear) C:\Windows\SysWOW64\WN311BFCS.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
() C:\Users\Hansome\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Curse) C:\Users\Hansome\AppData\Local\Apps\2.0\M4WRVH5R.4DH\XA6224EB.LAV\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(NetGear) C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AS00_WN311B] - C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe [2150400 2007-09-21] (NetGear)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2471448 2013-12-28] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-06] (Google Inc.)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\Hansome\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3113792 2013-05-22] ()
Startup: C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBDB9B9987EFFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={FBC178CF-6314-49C0-A954-560EDFA81B06}&mid=23e0f44e3fd047d09aa8d1792158d4fb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-28 20:19:04&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll ()
BHO-x32: Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Hansome\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7B4aeba7ed-607d-440b-ae06-9fa76ecc310f%7D&mid=23e0f44e3fd047d09aa8d1792158d4fb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&coid=avgtbavg&cmpid=&v=17.2.0.38&lang=en&pr=fr&d=2013-12-28%2020%3A19%3A04&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Hansome\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hansome\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\Hansome\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\Hansome\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\Hansome\AppData\Local\GreatArcadeHits\gahff.xpi
FF HKCU\...\Firefox\Extensions: [{57c20073-e24b-4b2a-aa91-70d1ad526cbf}] - C:\Program Files (x86)\PassShow\150.xpi
FF Extension: PassShow - C:\Program Files (x86)\PassShow\150.xpi
FF Extension: PassShow - C:\Program Files (x86)\PassShow\150.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (PassShow) - C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.150_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (Gmail) - C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dhogjnnleghndloamdkljhnhdchpcijl] - C:\Program Files (x86)\PassShow\150.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.2.0.38\avg.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-09-06] (iWin Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-30] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-10-30] (AVG)
R2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-28] (AVG Secure Search)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WN311BFCS; C:\Windows\SysWow64\WN311BFCS.exe [393216 2007-09-21] (NetGear)
R2 WN311BFCS; C:\Windows\system32\WN311BFCS.exe [x]

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2010-02-11] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWow64\drivers\BIOS64.sys [14136 2010-02-11] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2c64.sys [15408 2010-05-17] (BIOSTAR Group)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 GamingMsFltr; C:\Windows\System32\drivers\gamingms.sys [11520 2009-12-07] (Primax Ltd)
S3 NTG43XX; C:\Windows\System32\DRIVERS\WN311B64.sys [3058168 2010-04-03] (Broadcom Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-29 14:12 - 2013-12-29 14:12 - 00020102 _____ C:\Users\Hansome\Downloads\FRST.txt
2013-12-29 14:12 - 2013-12-29 14:12 - 00000000 ____D C:\FRST
2013-12-29 14:11 - 2013-12-29 14:11 - 01931302 _____ (Farbar) C:\Users\Hansome\Downloads\FRST64.exe
2013-12-29 13:35 - 2013-12-29 13:37 - 00000000 ____D C:\Users\Hansome\Downloads\assets
2013-12-29 13:35 - 2013-12-29 13:35 - 00000000 ____D C:\Users\Hansome\Downloads\versions
2013-12-29 13:35 - 2013-12-29 13:35 - 00000000 ____D C:\Users\Hansome\Downloads\libraries
2013-12-29 13:32 - 2013-12-29 13:37 - 00000000 ____D C:\Users\Hansome\Downloads\Direwolf20_1_6_4
2013-12-29 09:30 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-12-29 09:30 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-12-29 09:30 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-12-29 09:30 - 2012-08-23 09:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-12-29 09:30 - 2012-08-23 08:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-12-29 09:30 - 2012-08-23 08:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-12-29 09:30 - 2012-08-23 08:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-12-29 09:30 - 2012-08-23 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-12-29 09:30 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-12-29 09:30 - 2012-08-23 08:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-12-29 09:30 - 2012-08-23 08:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-12-29 09:30 - 2012-08-23 08:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-12-29 09:30 - 2012-08-23 08:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-12-29 09:30 - 2012-08-23 07:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-12-29 09:30 - 2012-08-23 06:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-12-29 09:30 - 2012-08-23 06:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-12-29 09:30 - 2012-08-23 06:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-12-29 09:30 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-12-29 09:30 - 2012-08-23 05:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-12-29 09:30 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-12-29 09:30 - 2012-08-23 05:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-12-29 09:30 - 2012-08-23 05:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-12-29 09:30 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-12-29 09:30 - 2012-08-23 03:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-12-29 09:30 - 2012-08-23 03:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-29 09:29 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-12-29 09:29 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-12-29 09:00 - 2013-12-29 09:00 - 00002955 _____ C:\Users\Hansome\Desktop\RKreport[0]_D_12292013_090054.txt
2013-12-29 08:59 - 2013-12-29 08:59 - 03058168 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\WN311B64.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00412776 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00144464 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00105552 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00090704 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00068992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00067664 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00002860 _____ C:\Users\Hansome\Desktop\RKreport[0]_S_12292013_085940.txt
2013-12-29 08:58 - 2013-12-29 08:59 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 13207552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 01394688 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00626176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00369640 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00251192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00194872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00123704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00122856 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00094208 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015408 _____ (BIOSTAR Group) C:\Windows\system32\Drivers\BS_I2c64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014136 _____ (BIOSTAR Group) C:\Windows\system32\Drivers\BIOS64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00011520 _____ (Primax Ltd) C:\Windows\system32\Drivers\gamingms.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2013-12-29 08:57 - 2013-12-29 09:02 - 00000000 ____D C:\Users\Hansome\Desktop\RK_Quarantine
2013-12-29 08:33 - 2013-12-29 08:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-29 08:33 - 2013-12-29 08:45 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-29 08:33 - 2013-12-29 08:45 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-29 08:33 - 2013-12-29 08:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-29 08:32 - 2013-12-29 08:33 - 00000000 ____D C:\Users\Hansome\Downloads\Mbar
2013-12-29 08:30 - 2013-12-29 08:30 - 04406784 _____ C:\Users\Hansome\Downloads\RogueKillerX64.exe
2013-12-29 08:29 - 2013-12-29 08:29 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Hansome\Downloads\mbar-1.07.0.1008.exe
2013-12-28 20:37 - 2013-12-28 20:37 - 00037783 _____ C:\ComboFix.txt
2013-12-28 20:19 - 2013-12-28 20:19 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2013-12-28 20:18 - 2013-12-28 20:19 - 00003743 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-12-28 20:18 - 2013-12-28 20:19 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-28 20:18 - 2013-12-28 20:18 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-28 20:02 - 2013-12-28 20:37 - 00000000 ____D C:\Qoobox
2013-12-28 20:02 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-28 20:02 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-28 20:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-28 20:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-28 20:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-28 20:02 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-28 20:02 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-28 20:02 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-28 20:01 - 2013-12-28 20:36 - 00000000 ____D C:\Windows\erdnt
2013-12-28 20:01 - 2013-12-28 20:01 - 05158590 ____R (Swearware) C:\Users\Hansome\Downloads\ComboFix.exe
2013-12-28 13:58 - 2013-12-28 13:58 - 00001441 _____ C:\Users\Hansome\Desktop\JRT.txt
2013-12-28 13:53 - 2013-12-28 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-12-28 13:50 - 2013-12-28 13:50 - 01034531 _____ (Thisisu) C:\Users\Hansome\Downloads\JRT.exe
2013-12-28 13:42 - 2013-12-28 13:44 - 00000000 ____D C:\AdwCleaner
2013-12-28 13:38 - 2013-12-28 13:42 - 01233962 _____ C:\Users\Hansome\Downloads\AdwCleaner.exe
2013-12-28 13:22 - 2013-12-28 13:22 - 00002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-12-27 21:21 - 2013-12-27 21:21 - 00034703 _____ C:\Users\Hansome\Documents\DDS.txt
2013-12-27 21:21 - 2013-12-27 21:21 - 00009609 _____ C:\Users\Hansome\Documents\Attach.txt
2013-12-27 21:20 - 2013-12-27 21:20 - 00034703 _____ C:\Users\Hansome\Desktop\dds.txt
2013-12-27 21:20 - 2013-12-27 21:20 - 00009609 _____ C:\Users\Hansome\Desktop\attach.txt
2013-12-27 21:19 - 2013-12-27 21:19 - 00688992 ____R (Swearware) C:\Users\Hansome\Downloads\dds.com
2013-12-27 20:44 - 2013-10-30 05:27 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll
2013-12-27 20:44 - 2013-10-30 05:27 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll
2013-12-27 20:43 - 2013-12-27 20:45 - 02994416 _____ (Boost Software Inc.) C:\Users\Hansome\Downloads\PCHealthBoost-Setup.exe
2013-12-27 20:43 - 2013-10-30 05:27 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-12-27 20:43 - 2013-10-30 05:27 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-12-27 20:43 - 2013-10-30 05:27 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2013-12-27 20:42 - 2013-12-27 20:42 - 00002225 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2013-12-27 20:42 - 2013-12-27 20:42 - 00002199 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2013-12-27 20:42 - 2013-12-27 20:42 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\AVG
2013-12-27 20:40 - 2013-12-27 20:45 - 00000000 ____D C:\ProgramData\AVG
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-27 20:35 - 2013-12-27 21:26 - 00015198 _____ C:\Users\Hansome\Downloads\hijackthis.log
2013-12-27 20:34 - 2013-12-27 20:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hansome\Downloads\HijackThis.exe
2013-12-27 20:33 - 2013-12-27 20:33 - 78388136 _____ (AVG) C:\Users\Hansome\Downloads\avg_tuh_stf_all_2014_204_24c28.exe
2013-12-27 20:28 - 2013-12-27 20:28 - 00469392 _____ C:\Users\Hansome\Downloads\Setup(1).exe
2013-12-27 20:24 - 2013-12-28 10:57 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\newnext.me
2013-12-27 20:24 - 2013-12-27 20:25 - 00000000 ____D C:\Users\Hansome\AppData\Local\cache
2013-12-27 20:24 - 2013-12-27 20:24 - 00000000 ____D C:\Users\Hansome\AppData\Local\genienext
2013-12-27 20:24 - 2013-12-27 20:24 - 00000000 ____D C:\Users\Hansome\.android
2013-12-27 20:24 - 2013-12-27 20:24 - 00000000 _____ C:\Users\Hansome\daemonprocess.txt
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Local\Local_Weather_LLC
2013-12-27 20:22 - 2013-12-29 12:07 - 00000370 _____ C:\Windows\Tasks\PassShow Update.job
2013-12-27 20:22 - 2013-12-28 20:17 - 00000000 ____D C:\Users\Hansome\AppData\Local\WeatherAlerts
2013-12-27 20:22 - 2013-12-27 20:22 - 00003022 _____ C:\Windows\System32\Tasks\PassShow Update
2013-12-27 20:22 - 2013-12-27 20:22 - 00000000 ____D C:\Users\Hansome\AppData\Local\GreatArcadeHits
2013-12-27 20:22 - 2013-12-27 20:22 - 00000000 ____D C:\Program Files (x86)\PassShow
2013-12-27 20:01 - 2013-12-27 20:01 - 00000000 ____D C:\Users\Hansome\AppData\Local\HP
2013-12-27 12:59 - 2013-12-27 12:59 - 00000000 ____D C:\Users\Hansome\Documents\Diablo III
2013-12-27 12:52 - 2013-12-27 12:52 - 00000000 ____D C:\ProgramData\ATI
2013-12-27 12:51 - 2013-12-27 12:51 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201312271251160313.log
2013-12-27 12:51 - 2013-12-27 12:51 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-12-27 12:46 - 2013-12-27 12:46 - 00000000 ____D C:\Program Files\AMD
2013-12-27 12:34 - 2013-12-27 12:34 - 00791552 _____ (AMD) C:\Users\Hansome\Downloads\amddriverdownloader.exe
2013-12-27 11:56 - 2013-12-27 11:57 - 06018744 _____ (Blizzard Entertainment) C:\Users\Hansome\Downloads\Diablo-III-Setup-enUS.exe
2013-12-27 11:54 - 2013-12-27 12:59 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-12-27 11:54 - 2013-12-27 12:08 - 00001140 _____ C:\Users\Public\Desktop\Diablo III.lnk
2013-12-23 09:36 - 2013-12-23 09:36 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Mozilla
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Users\Hansome\AppData\Local\Mozilla
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Users\Hansome\AppData\Local\Macromedia
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 20:40 - 2013-12-22 20:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-22 20:40 - 2013-12-22 20:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-22 20:40 - 2013-12-22 20:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-22 20:40 - 2013-12-22 20:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-22 20:23 - 2013-12-22 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Oracle
2013-12-22 20:21 - 2013-12-22 20:21 - 00915368 _____ (Oracle Corporation) C:\Users\Hansome\Downloads\chromeinstall-7u45.exe
2013-12-22 18:00 - 2013-12-22 18:03 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\HpUpdate
2013-12-22 18:00 - 2013-12-22 18:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-22 18:00 - 2013-12-22 18:00 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-12-12 03:03 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:03 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:03 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:03 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:02 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:02 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:02 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:02 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:02 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:02 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:02 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:02 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:02 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:02 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:02 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:02 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:02 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:02 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:02 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 17:42 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 17:42 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 17:42 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 17:42 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 17:42 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 17:42 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 17:42 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 17:42 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 17:42 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 17:42 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 17:42 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 17:42 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 17:42 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 17:42 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 17:42 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 17:42 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 17:42 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 17:42 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 17:42 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-07 21:10 - 2013-12-07 21:10 - 00000000 ____D C:\Users\Hansome\Documents\ROBLOX
2013-12-06 17:07 - 2013-12-06 17:07 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-12-06 16:52 - 2013-12-06 16:52 - 13207552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-12-06 16:49 - 2013-12-06 16:49 - 00051200 _____ C:\Windows\system32\kdbsdk64.dll
2013-12-06 16:44 - 2013-12-06 16:44 - 00038912 _____ C:\Windows\SysWOW64\kdbsdk32.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00230912 _____ C:\Windows\system32\clinfo.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00099840 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-12-06 16:37 - 2013-12-06 16:37 - 29382144 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-12-06 16:35 - 2013-12-06 16:35 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2013-12-06 16:33 - 2013-12-06 16:33 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-06 16:33 - 2013-12-06 16:33 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-06 16:26 - 2013-12-06 16:26 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.251.dll
2013-12-06 16:16 - 2013-12-06 16:16 - 26352128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-12-06 16:13 - 2013-12-06 16:13 - 00550456 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-12-06 16:13 - 2013-12-06 16:13 - 00550456 _____ C:\Windows\system32\atiapfxx.blb
2013-12-06 16:13 - 2013-12-06 16:13 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-12-06 16:12 - 2013-12-06 16:12 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-12-06 16:09 - 2013-12-06 16:09 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-12-06 15:58 - 2013-12-06 15:58 - 22157824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-12-06 15:53 - 2013-12-06 15:53 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-12-06 15:53 - 2013-12-06 15:53 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-12-06 15:53 - 2013-12-06 15:53 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-12-06 15:52 - 2013-12-06 15:52 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-12-06 15:50 - 2013-12-06 15:50 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-12-06 15:42 - 2013-12-06 15:42 - 03426688 _____ C:\Windows\system32\atiumd6a.cap
2013-12-06 15:31 - 2013-12-06 15:31 - 03461040 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-12-06 15:22 - 2013-12-06 15:22 - 00825344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-12-06 15:21 - 2013-12-06 15:21 - 00626176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-12-06 15:21 - 2013-12-06 15:21 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2013-12-06 15:18 - 2013-12-06 15:18 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-12-04 19:16 - 2013-12-04 19:39 - 00345000 _____ C:\Users\Hansome\Documents\The Daring Jumping Spider.pptx
2013-12-03 21:25 - 2013-12-03 21:29 - 00000000 ____D C:\Users\Hansome\Desktop\Games

==================== One Month Modified Files and Folders =======

2013-12-29 14:12 - 2013-12-29 14:12 - 00020102 _____ C:\Users\Hansome\Downloads\FRST.txt
2013-12-29 14:12 - 2013-12-29 14:12 - 00000000 ____D C:\FRST
2013-12-29 14:11 - 2013-12-29 14:11 - 01931302 _____ (Farbar) C:\Users\Hansome\Downloads\FRST64.exe
2013-12-29 14:07 - 2013-05-12 17:29 - 00233759 _____ C:\Users\Hansome\Downloads\server.log
2013-12-29 13:52 - 2012-04-26 19:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-29 13:37 - 2013-12-29 13:35 - 00000000 ____D C:\Users\Hansome\Downloads\assets
2013-12-29 13:37 - 2013-12-29 13:32 - 00000000 ____D C:\Users\Hansome\Downloads\Direwolf20_1_6_4
2013-12-29 13:35 - 2013-12-29 13:35 - 00000000 ____D C:\Users\Hansome\Downloads\versions
2013-12-29 13:35 - 2013-12-29 13:35 - 00000000 ____D C:\Users\Hansome\Downloads\libraries
2013-12-29 13:32 - 2013-05-12 17:07 - 00765101 _____ () C:\Users\Hansome\Downloads\FTB_Launcher (1).exe
2013-12-29 13:32 - 2013-05-12 13:06 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\ftblauncher
2013-12-29 13:24 - 2011-09-06 06:27 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 13:23 - 2011-08-28 00:28 - 01280118 _____ C:\Windows\WindowsUpdate.log
2013-12-29 12:14 - 2009-07-13 23:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-29 12:14 - 2009-07-13 23:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-29 12:11 - 2009-07-14 00:13 - 00876764 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-29 12:08 - 2012-06-08 15:56 - 00000000 ____D C:\Users\Hansome\AppData\Local\Deployment
2013-12-29 12:07 - 2013-12-27 20:22 - 00000370 _____ C:\Windows\Tasks\PassShow Update.job
2013-12-29 12:07 - 2011-09-06 06:27 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 12:05 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-29 12:05 - 2009-07-13 23:51 - 00152790 _____ C:\Windows\setupact.log
2013-12-29 12:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-29 09:34 - 2011-11-20 11:44 - 00868886 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-29 09:02 - 2013-12-29 08:57 - 00000000 ____D C:\Users\Hansome\Desktop\RK_Quarantine
2013-12-29 09:00 - 2013-12-29 09:00 - 00002955 _____ C:\Users\Hansome\Desktop\RKreport[0]_D_12292013_090054.txt
2013-12-29 08:59 - 2013-12-29 08:59 - 03058168 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\WN311B64.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00412776 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00144464 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00105552 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00090704 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00068992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00067664 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2013-12-29 08:59 - 2013-12-29 08:59 - 00002860 _____ C:\Users\Hansome\Desktop\RKreport[0]_S_12292013_085940.txt
2013-12-29 08:59 - 2013-12-29 08:58 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 13207552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 01394688 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00626176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00369640 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00251192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00194872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00123704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00122856 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00094208 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00015408 _____ (BIOSTAR Group) C:\Windows\system32\Drivers\BS_I2c64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00014136 _____ (BIOSTAR Group) C:\Windows\system32\Drivers\BIOS64.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00011520 _____ (Primax Ltd) C:\Windows\system32\Drivers\gamingms.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2013-12-29 08:58 - 2013-12-29 08:58 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2013-12-29 08:56 - 2013-12-29 08:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-29 08:45 - 2013-12-29 08:33 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-29 08:45 - 2013-12-29 08:33 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-29 08:33 - 2013-12-29 08:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-29 08:33 - 2013-12-29 08:32 - 00000000 ____D C:\Users\Hansome\Downloads\Mbar
2013-12-29 08:30 - 2013-12-29 08:30 - 04406784 _____ C:\Users\Hansome\Downloads\RogueKillerX64.exe
2013-12-29 08:29 - 2013-12-29 08:29 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Hansome\Downloads\mbar-1.07.0.1008.exe
2013-12-29 08:16 - 2012-09-28 20:06 - 00000000 ____D C:\ProgramData\MFAData
2013-12-28 20:53 - 2011-08-27 21:33 - 00000000 ___RD C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-28 20:39 - 2013-09-13 16:59 - 00000000 ____D C:\Users\Hansome\AppData\Local\AVG SafeGuard toolbar
2013-12-28 20:37 - 2013-12-28 20:37 - 00037783 _____ C:\ComboFix.txt
2013-12-28 20:37 - 2013-12-28 20:02 - 00000000 ____D C:\Qoobox
2013-12-28 20:37 - 2012-06-08 15:56 - 00000000 ____D C:\Users\Hansome\AppData\Local\Apps\2.0
2013-12-28 20:37 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-12-28 20:36 - 2013-12-28 20:01 - 00000000 ____D C:\Windows\erdnt
2013-12-28 20:33 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-12-28 20:32 - 2010-11-20 22:47 - 00573768 _____ C:\Windows\PFRO.log
2013-12-28 20:19 - 2013-12-28 20:19 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2013-12-28 20:19 - 2013-12-28 20:18 - 00003743 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-12-28 20:19 - 2013-12-28 20:18 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-28 20:19 - 2012-10-27 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 20:18 - 2013-12-28 20:18 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-28 20:17 - 2013-12-27 20:22 - 00000000 ____D C:\Users\Hansome\AppData\Local\WeatherAlerts
2013-12-28 20:01 - 2013-12-28 20:01 - 05158590 ____R (Swearware) C:\Users\Hansome\Downloads\ComboFix.exe
2013-12-28 13:58 - 2013-12-28 13:58 - 00001441 _____ C:\Users\Hansome\Desktop\JRT.txt
2013-12-28 13:53 - 2013-12-28 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-12-28 13:50 - 2013-12-28 13:50 - 01034531 _____ (Thisisu) C:\Users\Hansome\Downloads\JRT.exe
2013-12-28 13:44 - 2013-12-28 13:42 - 00000000 ____D C:\AdwCleaner
2013-12-28 13:42 - 2013-12-28 13:38 - 01233962 _____ C:\Users\Hansome\Downloads\AdwCleaner.exe
2013-12-28 13:22 - 2013-12-28 13:22 - 00002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-12-28 11:52 - 2013-11-22 22:38 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-12-28 10:57 - 2013-12-27 20:24 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\newnext.me
2013-12-27 21:26 - 2013-12-27 20:35 - 00015198 _____ C:\Users\Hansome\Downloads\hijackthis.log
2013-12-27 21:21 - 2013-12-27 21:21 - 00034703 _____ C:\Users\Hansome\Documents\DDS.txt
2013-12-27 21:21 - 2013-12-27 21:21 - 00009609 _____ C:\Users\Hansome\Documents\Attach.txt
2013-12-27 21:20 - 2013-12-27 21:20 - 00034703 _____ C:\Users\Hansome\Desktop\dds.txt
2013-12-27 21:20 - 2013-12-27 21:20 - 00009609 _____ C:\Users\Hansome\Desktop\attach.txt
2013-12-27 21:19 - 2013-12-27 21:19 - 00688992 ____R (Swearware) C:\Users\Hansome\Downloads\dds.com
2013-12-27 20:45 - 2013-12-27 20:43 - 02994416 _____ (Boost Software Inc.) C:\Users\Hansome\Downloads\PCHealthBoost-Setup.exe
2013-12-27 20:45 - 2013-12-27 20:40 - 00000000 ____D C:\ProgramData\AVG
2013-12-27 20:42 - 2013-12-27 20:42 - 00002225 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2013-12-27 20:42 - 2013-12-27 20:42 - 00002199 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2013-12-27 20:42 - 2013-12-27 20:42 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\AVG
2013-12-27 20:42 - 2012-09-28 20:16 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-27 20:34 - 2013-12-27 20:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hansome\Downloads\HijackThis.exe
2013-12-27 20:33 - 2013-12-27 20:33 - 78388136 _____ (AVG) C:\Users\Hansome\Downloads\avg_tuh_stf_all_2014_204_24c28.exe
2013-12-27 20:28 - 2013-12-27 20:28 - 00469392 _____ C:\Users\Hansome\Downloads\Setup(1).exe
2013-12-27 20:25 - 2013-12-27 20:24 - 00000000 ____D C:\Users\Hansome\AppData\Local\cache
2013-12-27 20:24 - 2013-12-27 20:24 - 00000000 ____D C:\Users\Hansome\AppData\Local\genienext
2013-12-27 20:24 - 2013-12-27 20:24 - 00000000 ____D C:\Users\Hansome\.android
2013-12-27 20:24 - 2013-12-27 20:24 - 00000000 _____ C:\Users\Hansome\daemonprocess.txt
2013-12-27 20:24 - 2011-08-27 21:33 - 00000000 ____D C:\Users\Hansome
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Local\Local_Weather_LLC
2013-12-27 20:22 - 2013-12-27 20:22 - 00003022 _____ C:\Windows\System32\Tasks\PassShow Update
2013-12-27 20:22 - 2013-12-27 20:22 - 00000000 ____D C:\Users\Hansome\AppData\Local\GreatArcadeHits
2013-12-27 20:22 - 2013-12-27 20:22 - 00000000 ____D C:\Program Files (x86)\PassShow
2013-12-27 20:09 - 2013-11-20 17:16 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\HP
2013-12-27 20:01 - 2013-12-27 20:01 - 00000000 ____D C:\Users\Hansome\AppData\Local\HP
2013-12-27 12:59 - 2013-12-27 12:59 - 00000000 ____D C:\Users\Hansome\Documents\Diablo III
2013-12-27 12:59 - 2013-12-27 11:54 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-12-27 12:52 - 2013-12-27 12:52 - 00000000 ____D C:\ProgramData\ATI
2013-12-27 12:51 - 2013-12-27 12:51 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201312271251160313.log
2013-12-27 12:51 - 2013-12-27 12:51 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-12-27 12:51 - 2011-12-03 18:15 - 00000000 ____D C:\ProgramData\AMD
2013-12-27 12:50 - 2011-12-03 18:14 - 00000000 ____D C:\Program Files\ATI Technologies
2013-12-27 12:46 - 2013-12-27 12:46 - 00000000 ____D C:\Program Files\AMD
2013-12-27 12:44 - 2013-11-11 12:07 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-27 12:34 - 2013-12-27 12:34 - 00791552 _____ (AMD) C:\Users\Hansome\Downloads\amddriverdownloader.exe
2013-12-27 12:08 - 2013-12-27 11:54 - 00001140 _____ C:\Users\Public\Desktop\Diablo III.lnk
2013-12-27 11:57 - 2013-12-27 11:56 - 06018744 _____ (Blizzard Entertainment) C:\Users\Hansome\Downloads\Diablo-III-Setup-enUS.exe
2013-12-23 20:51 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-23 15:41 - 2011-11-27 16:17 - 00002306 _____ C:\Windows\hegames.ini
2013-12-23 14:04 - 2011-11-27 19:34 - 00000000 ____D C:\hegames
2013-12-23 09:36 - 2013-12-23 09:36 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Mozilla
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Users\Hansome\AppData\Local\Mozilla
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Users\Hansome\AppData\Local\Macromedia
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 20:40 - 2013-12-22 20:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-22 20:40 - 2013-12-22 20:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-22 20:40 - 2013-12-22 20:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-22 20:40 - 2013-12-22 20:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-22 20:40 - 2013-11-01 19:21 - 00000000 ____D C:\ProgramData\Oracle
2013-12-22 20:30 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-22 20:23 - 2013-12-22 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Oracle
2013-12-22 20:21 - 2013-12-22 20:21 - 00915368 _____ (Oracle Corporation) C:\Users\Hansome\Downloads\chromeinstall-7u45.exe
2013-12-22 19:16 - 2011-09-08 20:39 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-22 18:03 - 2013-12-22 18:00 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\HpUpdate
2013-12-22 18:00 - 2013-12-22 18:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-22 18:00 - 2013-12-22 18:00 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-12-22 18:00 - 2013-11-20 17:10 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-20 17:30 - 2011-11-20 17:15 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\.minecraft
2013-12-16 03:02 - 2013-08-01 02:04 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 03:00 - 2011-09-06 03:28 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 12:10 - 2013-10-25 18:05 - 00001361 _____ C:\Users\Hansome\Desktop\ROBLOX Studio 2013.lnk
2013-12-14 12:10 - 2013-10-25 18:05 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2013-12-13 17:34 - 2011-09-06 06:27 - 00000000 ____D C:\Users\Hansome\AppData\Local\Google
2013-12-12 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 17:44 - 2013-10-25 18:05 - 00001349 _____ C:\Users\Hansome\Desktop\ROBLOX Player.lnk
2013-12-12 03:21 - 2009-07-13 23:45 - 00417200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:03 - 2011-11-15 19:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:52 - 2012-04-26 19:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:52 - 2012-04-26 19:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:52 - 2011-09-06 06:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-07 21:10 - 2013-12-07 21:10 - 00000000 ____D C:\Users\Hansome\Documents\ROBLOX
2013-12-07 09:19 - 2011-09-06 06:27 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 09:19 - 2011-09-06 06:27 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 17:07 - 2013-12-06 17:07 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-12-06 17:04 - 2011-04-20 00:21 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2013-12-06 17:03 - 2011-10-25 20:21 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2013-12-06 17:03 - 2011-04-20 00:21 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2013-12-06 17:02 - 2011-04-20 00:21 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2013-12-06 17:01 - 2011-10-25 21:04 - 01318552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2013-12-06 17:01 - 2011-04-20 01:09 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2013-12-06 17:00 - 2011-10-25 20:46 - 09753752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2013-12-06 16:59 - 2011-04-20 00:59 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2013-12-06 16:59 - 2011-04-20 00:30 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2013-12-06 16:58 - 2011-04-20 00:38 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2013-12-06 16:57 - 2011-10-25 20:43 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-12-06 16:56 - 2011-10-25 20:29 - 07751920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2013-12-06 16:52 - 2013-12-06 16:52 - 13207552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-12-06 16:49 - 2013-12-06 16:49 - 00051200 _____ C:\Windows\system32\kdbsdk64.dll
2013-12-06 16:44 - 2013-12-06 16:44 - 00038912 _____ C:\Windows\SysWOW64\kdbsdk32.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00230912 _____ C:\Windows\system32\clinfo.exe
2013-12-06 16:38 - 2013-12-06 16:38 - 00099840 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-12-06 16:38 - 2013-12-06 16:38 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-12-06 16:37 - 2013-12-06 16:37 - 29382144 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-12-06 16:35 - 2013-12-06 16:35 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2013-12-06 16:33 - 2013-12-06 16:33 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-06 16:33 - 2013-12-06 16:33 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-06 16:26 - 2013-12-06 16:26 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.251.dll
2013-12-06 16:16 - 2013-12-06 16:16 - 26352128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-12-06 16:13 - 2013-12-06 16:13 - 00550456 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-12-06 16:13 - 2013-12-06 16:13 - 00550456 _____ C:\Windows\system32\atiapfxx.blb
2013-12-06 16:13 - 2013-12-06 16:13 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-12-06 16:12 - 2013-12-06 16:12 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-12-06 16:12 - 2013-12-06 16:12 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-12-06 16:09 - 2013-12-06 16:09 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-12-06 15:58 - 2013-12-06 15:58 - 22157824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-12-06 15:53 - 2013-12-06 15:53 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-12-06 15:53 - 2013-12-06 15:53 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-12-06 15:53 - 2013-12-06 15:53 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-12-06 15:52 - 2013-12-06 15:52 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-12-06 15:50 - 2013-12-06 15:50 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-12-06 15:42 - 2013-12-06 15:42 - 03426688 _____ C:\Windows\system32\atiumd6a.cap
2013-12-06 15:31 - 2013-12-06 15:31 - 03461040 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-12-06 15:22 - 2013-12-06 15:22 - 00825344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-12-06 15:22 - 2013-12-06 15:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-12-06 15:22 - 2011-10-25 20:22 - 01144320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-12-06 15:21 - 2013-12-06 15:21 - 00626176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-12-06 15:21 - 2013-12-06 15:21 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2013-12-06 15:18 - 2013-12-06 15:18 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-12-05 17:25 - 2012-08-28 15:09 - 00034304 ___SH C:\Users\Hansome\Documents\Thumbs.db
2013-12-04 19:39 - 2013-12-04 19:16 - 00345000 _____ C:\Users\Hansome\Documents\The Daring Jumping Spider.pptx
2013-12-04 19:39 - 2012-01-14 14:38 - 00000000 ____D C:\Users\Hansome\Documents\Outlook Files
2013-12-03 21:29 - 2013-12-03 21:25 - 00000000 ____D C:\Users\Hansome\Desktop\Games
2013-11-30 13:58 - 2011-09-08 18:31 - 00109288 _____ C:\Users\Hansome\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-30 13:58 - 2011-08-27 21:34 - 00001413 _____ C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Some content of TEMP:
====================
C:\Users\Hansome\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-20 18:22

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Hansome at 2013-12-29 14:13:09
Running from C:\Users\Hansome\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard)
Ace of Spades (x32 Version:  - )
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard)
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard)
Amazon Cloud Player (HKCU Version: 1.0.2.314 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.)
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.)
Application Profiles (x32 Version: 2.0.4337.36028 - Advanced Micro Devices, Inc.)
Ask Toolbar (x32 Version: 12.7.0.15 - APN, LLC) <==== ATTENTION
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.4.5.0 - Asmedia Technology)
AVG 2013 (Version: 13.0.3408 - AVG Technologies)
AVG 2014 (Version: 14.0.3658 - AVG Technologies)
AVG 2014 (Version: 14.0.4259 - AVG Technologies)
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.229 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.229 - AVG)
AVG SafeGuard toolbar (x32 Version: 17.2.0.38 - AVG Technologies)
BiosNotice (x32 Version:  - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard)
Castle Crashers (x32 Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.)
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.)
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.)
Click to Call with Skype (x32 Version: 5.6.8153 - Skype Technologies S.A.)
Coby Media Manager (x32 Version: 1.0.4717 - Coby)
Connect DLC 5 Toolbar for IE (x32 Version: 6.17.2.8 - Connect DLC 5) <==== ATTENTION
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard)
Cradle of Egypt (remove only) (x32 Version:  - )
Curse Client (HKCU Version: 5.1.1.792 - Curse)
Daemonica (x32 Version: 1.1 - Meridian4)
Dark Void Zero (x32 Version: 1.0 - Capcom)
Defense Grid: The Awakening Demo (x32 Version:  - Hidden Path Entertainment)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
DesktopWeatherAlerts (HKCU Version: 1.0.13.0 - Local Weather LLC)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard)
Diablo III (x32 Version:  - Blizzard Entertainment)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard)
F300 (x32 Version: 130.0.365.000 - Hewlett-Packard)
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard)
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard)
Fraps (x32 Version:  - )
GameFly (x32 Version: 1.2.378 - GameFly, Inc.)
Gametap Player (x32 Version:  - )
GameTap Player (x32 Version:  - Metaboli)
Gardenscapes:  Mansion Makeover (x32 Version:  - Pogo.com)
Garry's Mod (x32 Version:  - Garry)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard)
GreatArcadeHits (HKCU Version: 1.0 - GreatArcadeHits) <==== ATTENTION
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard)
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard)
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
MONOPOLY (x32 Version: 1.1.1.0 - Pogo.com)
Monument Builders: Eiffel Tower (x32 Version: 3.5.0.43509 - Pogo.com)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard)
Network64 (Version: 140.0.221.000 - Hewlett-Packard)
NVIDIA PhysX (x32 Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OpenAL (x32 Version:  - )
OpenProj (x32 Version: 1.4.0 - Serena Software Inc.)
PassShow (x32 Version:  - PassShow Software)
Plants Vs Zombies: Game of the Year Edition (remove only) (x32 Version:  - )
Pogo Games (x32 Version: 1.0 - )
RangeMax™ NEXT Wireless Adapter WN311B (x32 Version:  - )
Rayman 3 Hoodlum Havoc (x32 Version: 1.0 - Ubisoft)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010 - Realtek)
ROBLOX Player for Hansome (HKCU Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Hansome (HKCU Version:  - ROBLOX Corporation)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Shop for HP Supplies (Version: 13.0 - HP)
Sid Meier’s Ace Patrol: Pacific Skies (x32 Version:  - Firaxis)
Sid Meier's Ace Patrol (x32 Version:  - Firaxis Games)
Sid Meiers Civilization 4 (x32 Version: 1.74 - 2K Games)
Sid Meier's Civilization V (x32 Version:  - 2K Games, Inc.)
Sid Meiers Pirates (x32 Version: 1.0.2 - 2K Games)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard)
SMPlayer 0.6.9 (x32 Version: 0.6.9 - RVM)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard)
StarCraft II (x32 Version:  - Blizzard Entertainment)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
The GAME of LIFE (x32 Version:  - Pogo.com)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wallace and Gromits Grand Adventures - Episode 1 (x32 Version: 2009.3.19.22137 - Telltale Games)
Wallace and Gromits Grand Adventures - Episode 2 (x32 Version: 2009.4.29.25188 - Telltale Games)
Wallace and Gromits Grand Adventures - Episode 3 (x32 Version: 1.0 - Telltale Games)
Wallace and Gromits Grand Adventures - Episode 4 (x32 Version: 1.0 - Telltale Games)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)
Yahoo! Toolbar (x32 Version:  - )

==================== Restore Points  =========================

27-12-2013 17:38:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
27-12-2013 17:44:39 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
28-12-2013 01:40:31 Installed AVG PC TuneUp 2014
29-12-2013 08:00:31 Windows Update
29-12-2013 14:29:26 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-12-28 20:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1F9ADCE2-9238-4798-99C6-7C68B3FC5F8A} - System32\Tasks\PassShow Update => C:\Program Files (x86)\PassShow\PsUP.exe [2013-12-27] ()
Task: {27586557-328C-41C5-937E-30CD01DB1739} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)
Task: {72C83F67-33D0-43F0-820E-0436DA018C46} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {924A8CE4-99CA-410E-BDAA-F9EDA8CC7456} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-10-30] (AVG)
Task: {9CE95E52-AFFC-4EE2-B062-87F24E5356CE} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-09-06] (iWin Inc.)
Task: {AE3AA3BE-C78B-43BB-8856-044A475EB005} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06] (Google Inc.)
Task: {BDF0F39D-F78C-450E-BED4-0AF6A2D275E5} - \BackgroundContainer Startup Task No Task File
Task: {C2EFE0AE-64FB-4015-99F7-B366FC8AA19A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {EC1C07F4-ABFF-4340-B398-E285F9E9748D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files (x86)\PassShow\PsUP.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-29 08:25 - 2013-12-29 08:25 - 00014848 _____ () C:\Users\Hansome\AppData\Local\Apps\2.0\M4WRVH5R.4DH\XA6224EB.LAV\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll
2013-12-29 08:25 - 2013-12-29 08:25 - 00035840 _____ () C:\Users\Hansome\AppData\Local\Apps\2.0\M4WRVH5R.4DH\XA6224EB.LAV\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-11-01 15:11 - 2013-11-01 15:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-12-28 20:18 - 2013-12-28 20:18 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
2013-12-27 20:22 - 2013-12-27 20:22 - 00146432 _____ () C:\Program Files (x86)\PassShow\150.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1C678466
AlternateDataStreams: C:\ProgramData\TEMP:C1291836

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2013 00:07:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 09:05:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 03:32:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 08:34:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 08:17:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 08:12:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (12/29/2013 00:05:56 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (12/29/2013 00:04:08 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/29/2013 09:04:22 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (12/29/2013 09:04:09 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (12/29/2013 03:31:25 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (12/29/2013 03:31:25 AM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error:
%%14

Error: (12/29/2013 03:31:13 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (12/29/2013 03:00:11 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/28/2013 08:32:41 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (12/28/2013 08:31:15 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (12/29/2013 00:07:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 09:05:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 03:32:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 08:34:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 08:17:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 08:12:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-12-28 20:08:46.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-28 20:08:46.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8191.3 MB
Available physical RAM: 5675.47 MB
Total Pagefile: 16380.79 MB
Available Pagefile: 13510.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:693.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 78CE7145)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 PM

Posted 29 December 2013 - 08:28 PM

Hello herohans1



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.16KB   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 herohans1

herohans1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 29 December 2013 - 09:09 PM

The log is below.  I'm not getting pop-ups anymore in IE or Firefox.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01
Ran by Hansome at 2013-12-29 21:01:24 Run:1
Running from C:\Users\Hansome\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Hansome\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
FF Extension: GreatArcadeHits Add-on - C:\Users\Hansome\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\Hansome\AppData\Local\GreatArcadeHits\gahff.xpi
C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Hansome\AppData\Local\Local_Weather_LLC
2013-12-27 20:22 - 2013-12-29 12:07 - 00000370 _____ C:\Windows\Tasks\PassShow Update.job
2013-12-27 20:22 - 2013-12-28 20:17 - 00000000 ____D C:\Users\Hansome\AppData\Local\WeatherAlerts
2013-12-27 20:22 - 2013-12-27 20:22 - 00003022 _____ C:\Windows\System32\Tasks\PassShow Update
2013-12-27 20:22 - 2013-12-27 20:22 - 00000000 ____D C:\Users\Hansome\AppData\Local\GreatArcadeHits
2013-12-27 20:22 - 2013-12-27 20:22 - 00000000 ____D C:\Program Files (x86)\PassShow
C:\Users\Hansome\AppData\Local\Temp\ntdll_dump.dll

*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} => Key deleted successfully.
C:\Users\Hansome\AppData\Local\GreatArcadeHits\gahff.xpi => Moved successfully.
C:\Users\Hansome\AppData\Local\GreatArcadeHits\gahff.xpi not found.
C:\Users\Hansome\AppData\Local\Google\Chrome\User Data\Default => Moved successfully.
C:\Users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts => Moved successfully.
C:\Users\Hansome\AppData\Local\Local_Weather_LLC => Moved successfully.
C:\Windows\Tasks\PassShow Update.job => Moved successfully.
C:\Users\Hansome\AppData\Local\WeatherAlerts => Moved successfully.
C:\Windows\System32\Tasks\PassShow Update => Moved successfully.
C:\Users\Hansome\AppData\Local\GreatArcadeHits => Moved successfully.
C:\Program Files (x86)\PassShow => Moved successfully.
C:\Users\Hansome\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

==== End of Fixlog ====



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 PM

Posted 29 December 2013 - 09:17 PM

Hello herohans1

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 
ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo

Edited by gringo_pr, 29 December 2013 - 09:26 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 herohans1

herohans1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 30 December 2013 - 12:47 AM

IE and Firefox are still behaving.

 

Here's combofix log file with the CFscript. 

 

ComboFix 13-12-29.01 - Hansome 12/29/2013  22:29:25.3.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6363 [GMT -5:00]
Running from: c:\users\Hansome\Downloads\ComboFix.exe
Command switches used :: c:\users\Hansome\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-30  )))))))))))))))))))))))))))))))
.
.
2013-12-30 03:38 . 2013-12-30 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-29 19:12 . 2013-12-29 19:12 -------- d-----w- C:\FRST
2013-12-29 14:32 . 2013-12-29 14:32 -------- d-----w- c:\windows\Migration
2013-12-29 14:29 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-12-29 14:29 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-12-29 13:58 . 2013-12-29 13:58 8192 ----a-w- c:\windows\system32\drivers\mshidkmdf.sys.bak
2013-12-29 13:33 . 2013-12-29 13:33 -------- d-----w- c:\programdata\Malwarebytes
2013-12-29 13:33 . 2013-12-29 13:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-29 13:33 . 2013-12-29 13:45 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-29 13:33 . 2013-12-29 13:45 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-29 01:19 . 2013-12-29 01:19 -------- d-----w- c:\programdata\AVG Security Toolbar
2013-12-29 01:18 . 2013-12-29 01:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-12-29 01:18 . 2013-12-29 01:19 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-12-29 01:18 . 2013-12-29 01:18 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-12-28 18:53 . 2013-12-28 18:53 -------- d-----w- c:\windows\ERUNT
2013-12-28 18:42 . 2013-12-28 18:44 -------- d-----w- C:\AdwCleaner
2013-12-28 01:44 . 2013-10-30 10:27 42808 ----a-w- c:\windows\system32\uxtuneup.dll
2013-12-28 01:44 . 2013-10-30 10:27 35640 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-12-28 01:43 . 2013-10-30 10:27 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2013-12-28 01:43 . 2013-10-30 10:27 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-12-28 01:43 . 2013-10-30 10:27 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-12-28 01:42 . 2013-12-28 01:42 -------- d-----w- c:\users\Hansome\AppData\Roaming\AVG
2013-12-28 01:40 . 2013-12-28 01:45 -------- d-----w- c:\programdata\AVG
2013-12-28 01:40 . 2013-12-28 01:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-28 01:24 . 2013-12-28 01:24 -------- d-----w- c:\users\Hansome\.android
2013-12-28 01:24 . 2013-12-28 01:25 -------- d-----w- c:\users\Hansome\AppData\Local\cache
2013-12-28 01:24 . 2013-12-28 15:57 -------- d-----w- c:\users\Hansome\AppData\Roaming\newnext.me
2013-12-28 01:24 . 2013-12-28 01:24 -------- d-----w- c:\users\Hansome\AppData\Local\genienext
2013-12-28 01:01 . 2013-12-28 01:01 -------- d-----w- c:\users\Hansome\AppData\Local\HP
2013-12-27 17:52 . 2013-12-27 17:52 -------- d-----w- c:\programdata\ATI
2013-12-27 17:51 . 2013-12-27 17:51 -------- d-----w- c:\program files (x86)\AMD AVT
2013-12-27 17:46 . 2013-12-27 17:46 -------- d-----w- c:\program files\AMD
2013-12-27 16:54 . 2013-12-27 17:59 -------- d-----w- c:\program files (x86)\Diablo III
2013-12-23 01:40 . 2013-12-23 01:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-23 01:40 . 2013-12-23 01:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-23 01:23 . 2013-12-23 01:23 -------- d-----w- c:\users\Hansome\AppData\Roaming\Oracle
2013-12-22 23:00 . 2013-12-29 23:12 -------- d-----w- c:\users\Hansome\AppData\Roaming\HpUpdate
2013-12-22 23:00 . 2013-12-22 23:00 -------- d-----w- c:\windows\Hewlett-Packard
2013-12-12 08:03 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 08:03 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:03 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:03 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 08:03 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 22:42 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:49 . 2013-12-06 21:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-12-06 21:44 . 2013-12-06 21:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 08:00 . 2011-09-06 08:28 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 22:52 . 2012-04-27 00:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 22:52 . 2011-09-06 11:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-06 22:04 . 2011-04-20 05:21 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2011-04-20 05:21 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2011-10-26 01:21 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2011-04-20 05:21 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2011-10-26 02:04 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2011-04-20 06:09 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2011-10-26 01:46 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2011-04-20 05:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2011-04-20 05:30 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2011-04-20 05:38 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2011-10-26 01:43 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2011-10-26 01:29 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 20:22 . 2011-10-26 01:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2013-11-27 08:04 . 2013-11-27 08:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 08:04 . 2013-11-27 08:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 08:03 . 2013-11-27 08:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 08:03 . 2013-11-27 08:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 08:03 . 2013-11-27 08:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 08:03 . 2013-11-27 08:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 08:03 . 2013-11-27 08:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 08:03 . 2013-11-27 08:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 08:03 . 2013-11-27 08:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 08:03 . 2013-11-27 08:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 08:03 . 2013-11-27 08:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 08:03 . 2013-11-27 08:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 08:03 . 2013-11-27 08:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 08:03 . 2013-11-27 08:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 08:03 . 2013-11-27 08:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 08:03 . 2013-11-27 08:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 08:03 . 2013-11-27 08:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 08:03 . 2013-11-27 08:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 08:03 . 2013-11-27 08:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 08:03 . 2013-11-27 08:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 08:03 . 2013-11-27 08:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 08:03 . 2013-11-27 08:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 08:03 . 2013-11-27 08:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 08:03 . 2013-11-27 08:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 08:03 . 2013-11-27 08:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 08:03 . 2013-11-27 08:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 08:03 . 2013-11-27 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 08:03 . 2013-11-27 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 08:03 . 2013-11-27 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 08:03 . 2013-11-27 08:03 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 08:03 . 2013-11-27 08:03 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 08:03 . 2013-11-27 08:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 08:03 . 2013-11-27 08:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 08:03 . 2013-11-27 08:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 08:03 . 2013-11-27 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 08:03 . 2013-11-27 08:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 08:03 . 2013-11-27 08:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 08:03 . 2013-11-27 08:03 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 08:03 . 2013-11-27 08:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 08:03 . 2013-11-27 08:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 08:03 . 2013-11-27 08:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 08:03 . 2013-11-27 08:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 08:03 . 2013-11-27 08:03 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 08:03 . 2013-11-27 08:03 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 08:03 . 2013-11-27 08:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 08:03 . 2013-11-27 08:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 08:03 . 2013-11-27 08:03 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-27 08:03 . 2013-11-27 08:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 08:03 . 2013-11-27 08:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 08:03 . 2013-11-27 08:03 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 08:03 . 2013-11-27 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 08:03 . 2013-11-27 08:03 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 08:03 . 2013-11-27 08:03 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 08:03 . 2013-11-27 08:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 08:03 . 2013-11-27 08:03 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 08:03 . 2013-11-27 08:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 08:03 . 2013-11-27 08:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 08:03 . 2013-11-27 08:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 08:03 . 2013-11-27 08:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-22 01:34 . 2013-09-13 21:58 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-11 17:08 . 2012-10-10 00:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-11-11 17:08 . 2012-10-10 00:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-11-11 17:08 . 2012-10-10 00:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-11-11 17:08 . 2012-10-10 00:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-11-06 02:55 . 2013-11-06 02:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-05 02:52 . 2013-11-05 02:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 04:00 . 2013-11-01 04:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-11-01 03:49 . 2013-11-01 03:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-25 03:25 . 2013-10-25 03:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-14 23:00 . 2013-11-27 08:07 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 00:49 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 00:49 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 00:49 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 00:49 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 00:49 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 00:49 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 00:49 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 00:49 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 00:49 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 00:49 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 00:49 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 00:49 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 00:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 00:49 404480 ----a-w- c:\windows\system32\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}]
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-12-29 01:18 3333144 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5637-4300-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll" [2013-12-29 3333144]
.
[HKEY_CLASSES_ROOT\clsid\{4f524a2d-5637-4300-76a7-7a786e7484d7}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-06 39408]
"Amazon Cloud Player"="c:\users\Hansome\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-05-22 3113792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-09-21 2150400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-12-29 2471448]
.
c:\users\Hansome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-1-21 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamingMsFltr;HP HDX Mouse;c:\windows\system32\drivers\gamingms.sys;c:\windows\SYSNATIVE\drivers\gamingms.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 NTG43XX;NETGEAR 802.11 Network Adapter Driver;c:\windows\system32\DRIVERS\WN311B64.sys;c:\windows\SYSNATIVE\DRIVERS\WN311B64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys;c:\windows\SYSNATIVE\drivers\BS_I2c64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
S2 WN311BFCS;Netgear WN311B Wireless Control Service;c:\windows\system32\WN311BFCS.exe;c:\windows\SYSNATIVE\WN311BFCS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 03:31 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 22:52]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 11:27]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 11:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\Hansome\AppData\Roaming\Mozilla\Firefox\Profiles\8amnahm8.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7B4aeba7ed-607d-440b-ae06-9fa76ecc310f%7D&mid=23e0f44e3fd047d09aa8d1792158d4fb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&coid=avgtbavg&cmpid=&v=17.2.0.38&lang=en&pr=fr&d=2013-12-28%2020%3A19%3A04&sap=hp
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2d661e5b-7d7a-417c-b5b5-6479017bb314} - c:\program files (x86)\PassShow\150.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-1efa552d-e5a6-4610-a9d1-8cd285646842 - c:\program files (x86)\PassShow\Uninstall.exe
AddRemove-IECT3306061 - c:\programdata\Conduit\IE\CT3306061\UninstallerUI.exe
AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-DesktopWeatherAlerts - c:\users\Hansome\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe
AddRemove-{856AD396-519D-4C7A-BED6-6785F64924BC} - c:\users\Hansome\AppData\Local\GreatArcadeHits\GAHUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
   18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
   8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{8CA5ED52-F3FB-4414-A105-2E3491156990}"=hex:51,66,7a,6c,4c,1d,38,12,3c,ee,b6,
   88,c9,bd,7a,01,de,13,6d,74,94,4b,2d,84
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
   bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,9c,55,
   1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,d1,c4,4a,e1,9d,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-29  22:40:13
ComboFix-quarantined-files.txt  2013-12-30 03:40
ComboFix2.txt  2013-12-29 01:37
.
Pre-Run: 744,300,236,800 bytes free
Post-Run: 743,845,699,584 bytes free
.
- - End Of File - - BFDE8EFD66FFB5D92D004071B286F25A
A36C5E4F47E84449FF07ED3517B43A31
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 PM

Posted 30 December 2013 - 02:53 AM


Hello herohans1

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 herohans1

herohans1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warner Robins, GA
  • Local time:08:20 PM

Posted 30 December 2013 - 05:22 PM

That was easy enough.

 

Ace of Spades
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Amazon Cloud Player
Amazon MP3 Downloader 1.0.17
Amazon Music Importer
AMD Catalyst Control Center
Application Profiles
Ask Toolbar
Asmedia ASM104x USB 3.0 Host Controller Driver
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
AVG SafeGuard toolbar
BiosNotice
BufferChm
Castle Crashers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to Call with Skype
Coby Media Manager
Connect DLC 5 Toolbar for IE
Copy
Cradle of Egypt (remove only)
Curse Client
Daemonica
Dark Void Zero
Defense Grid: The Awakening Demo
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesktopWeatherAlerts
Destinations
DeviceDiscovery
Diablo III
DocProc
F300
F300_Help
F300Trb
Fax
Fraps
GameFly
Gametap Player
Gardenscapes:  Mansion Makeover
Garry's Mod
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
GreatArcadeHits
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.1
MarketResearch
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 3.1
MONOPOLY
Monument Builders: Eiffel Tower
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
OpenAL
OpenProj
PassShow
Plants Vs Zombies: Game of the Year Edition (remove only)
Pogo Games
RangeMax™ NEXT Wireless Adapter WN311B
Rayman 3 Hoodlum Havoc
Realtek Ethernet Controller Driver
ROBLOX Player for Hansome
ROBLOX Studio 2013 for Hansome
Scan
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sid Meier's Ace Patrol
Sid Meier's Civilization V
Sid Meier’s Ace Patrol: Pacific Skies
Sid Meiers Civilization 4
Sid Meiers Pirates
Skype™ 5.10
SmartWebPrinting
SMPlayer 0.6.9
SolutionCenter
StarCraft II
Status
Steam
The GAME of LIFE
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Visual Studio 2012 x86 Redistributables
Wallace and Gromits Grand Adventures - Episode 1
Wallace and Gromits Grand Adventures - Episode 2
Wallace and Gromits Grand Adventures - Episode 3
Wallace and Gromits Grand Adventures - Episode 4
WebReg
WinRAR 4.20 (32-bit)
Yahoo! Messenger
Yahoo! Toolbar
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users