Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello IM Infected with win32/patched and cant run windows in normal mode


  • This topic is locked This topic is locked
20 replies to this topic

#1 bradford789

bradford789

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 04 June 2014 - 12:02 PM

Hello i got this laptop from my brother to start my online business everything was going good until i downloaded AVG and ran a scan on the system not even 2 mins in the scan it popped up saying i was infected with win32/patched i took its recommendation of cleaning the virus but once i did the computer screen started to flicker and than it froze the computer up had to hard boot the system to reboot when it got back to normal windows again avg just started popping up saying i was infected with win32/patched and would not stop this time i hit ignore but avg just kept popping up every 10 seconds so i disabled avg and ran malwarebytes it found nothing in my system.
 
Now this is where it goes really bad the display keeps going out to where i have to hard boot the system every time it happens now i cant even run windows in normal mode any more because it wont show the screen i hear it boot up fine but its a black screen everytime I am now running windows in safe mode with networking but have had 4 time now windows explore has stopped working and its restarts the explore.exe
 
 
windows vista home premium
 
i have tried to run the avg scan but cant get it to finish computer frezze up on me
i ran malware bytes but it did not find the virus this is the log from that i dont have a log for avg i cant find it or it didnt make one im not sure
 
here is the malwarebytes log
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/3/2014
Scan Time: 9:35:03 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.04.01
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Harry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260962
Time Elapsed: 15 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
PUP.Optional.Conduit.A, C:\Users\Harry\AppData\Local\Temp\nsdD918.exe, Quarantined, [77fa0371f289c86e067fbac971902bd5],
PUP.Optional.Conduit.A, C:\Users\Harry\AppData\Local\Temp\nsnD8B.exe, Quarantined, [86eb2b499cdf70c6bdc8acd7c73a936d],
PUP.Optional.Conduit.A, C:\Users\Harry\AppData\Local\Temp\nso53A.exe, Quarantined, [0c65ef85d5a66dc992f39ce72fd2ca36],
PUP.Optional.Conduit.A, C:\Users\Harry\AppData\Local\Temp\nso895.exe, Quarantined, [98d9b0c4205b191dc5c011721ce525db],
PUP.Optional.Conduit.A, C:\Users\Harry\AppData\Local\Temp\nstD57F.exe, Quarantined, [6f02bdb7bac13afcd5b06122b150ac54],
PUP.Optional.Conduit.A, C:\Users\Harry\AppData\Local\Temp\nsdB744\SpSetup.exe, Quarantined, [3041542095e671c5d1b4d7acab56cf31],
PUP.Optional.InstallIQ, C:\Users\Harry\AppData\Local\Temp\Phx7B17\OfferBrokerage_14163.exe, Quarantined, [d69b63112d4ec96d340c111be0209a66],
PUP.Optional.Conduit.A, C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\prefs.js, Good: (), Bad: (user_pref("CT2438727.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");), Replaced,[531e502490eb94a2a237e2b32ed6fc04]

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by Queen-Evie, 06 June 2014 - 11:46 AM.
moved from Am I Infected to MRL as requested by xXToffeeXx


BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:10:57 PM

Posted 04 June 2014 - 12:09 PM

 Try booting to Safe Mode and running AVG.  That will bypass most infections.  If that doesn't fix it, I'd uninstall & reinstall AVG in Safe Mode, boot to normal mode and get AVG up to date, then go back & try it in Safe mode again.  There's also a free version of Avast if you can't get AVG to work.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 bradford789

bradford789
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 04 June 2014 - 12:15 PM

i will run avg again in safe mode with networking because i cant get windows to run in normal mode no display just black screen once the scan is done i will post the log of the results here avg is up to date i updated it last night when i downloaded the program



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:57 AM

Posted 04 June 2014 - 12:16 PM

Hi bradford789,
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

After the tool has finished running, a text file named Rkill.txt should be located on the desktop. Please copy and paste the contents into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 bradford789

bradford789
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 04 June 2014 - 12:28 PM

im getting this error

 

Microsoft Windows

 

terminates Malware processes so that you can run your normal security programs. has stopped working

 

A problem caused the program to stop working correctly.

windows will close the program and notify you if a solution is available

 

this is the log from

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/04/2014 12:19:51 PM in x86 mode. (Safe Mode)
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * C:\Windows\System32\rpcss.dll : 551,936 : 04/11/2009 01:28 AM : 16ab8f1afe099b554dda5724065061d8 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll : 545,792 : 11/02/2006 04:46 AM : b46d8ea6dd30baa49f674dacdc4c491f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll : 549,888 : 02/07/2010 03:20 PM : 7b981222a257d076885bffb66f19b7ce [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll : 550,400 : 02/07/2010 03:20 PM : b1bb45e24717a7f790b4411c4446ef5e [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll : 547,328 : 01/19/2008 02:36 AM : 33fb1f0193ee2051067441492d56113c [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll : 551,424 : 02/07/2010 03:20 PM : 301ae00e12408650baddc04dbc832830 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll : 551,424 : 02/07/2010 03:20 PM : 4dfcbdef3ccaa98f99038ded78945253 [Pos Repl]
 



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:57 AM

Posted 04 June 2014 - 12:32 PM

Hi bradford789,
 
No worries on the error, the malware your computer is infected with is interfering. I got the information I needed though.
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 bradford789

bradford789
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 04 June 2014 - 12:39 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Harry (administrator) on HARRY-LAPTOP on 04-06-2014 12:37:01
Running from C:\Users\Harry\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1800073338-346714301-1003437155-1000\...\Run: [Google Update] => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-25] (Google Inc.)
HKU\S-1-5-21-1800073338-346714301-1003437155-1000\...\Run: [FreeDesktopTimer] => C:\Program Files\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()
HKU\S-1-5-21-1800073338-346714301-1003437155-1000\...\MountPoints2: {023aa3bc-e066-11e3-9f96-002186307a09} - E:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kasamba Messenger.lnk
ShortcutTarget: Kasamba Messenger.lnk -> C:\Program Files\Kasamba\Psychic\ExpertMessenger.exe (LivePerson Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x467228AD87A8CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Harry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Harry\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Harry\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Harry\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (WebEx Communications, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Harry\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Harry\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-03]
FF Extension: Faark's Grepolis Bericht 2 Image - Exporter - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09} [2010-03-23]
FF Extension: Zynga  - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-05-20]
FF Extension: Better Torrent - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\jid0-HVSBDzuc3UFGvmtex3x0IZzgCM8@jetpack.xpi [2014-05-23]
FF Extension: Multiple Tab Handler - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2014-05-19]
FF Extension: Speed Dial - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-05-20]
FF Extension: Greasemonkey - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-05-09]
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google Search) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (Astro Empires Observer) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagmnkfeenobbgeeilbfjkgihcbnjeai [2014-05-29]
CHR Extension: (AstroScanner) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmdomggfogjjkpinjpbknaofindgje [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]
CHR Extension: (Gmail) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-05] (Perfect World Entertainment Inc)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
S2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)

==================== Drivers (Whitelisted) ====================

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 12:35 - 2014-06-04 12:37 - 00015740 _____ () C:\Users\Harry\Desktop\FRST.txt
2014-06-04 12:19 - 2014-06-04 12:29 - 00005674 _____ () C:\Users\Harry\Desktop\Rkill.txt
2014-06-04 12:19 - 2014-06-04 12:19 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Harry\Desktop\rkill.exe
2014-06-04 12:14 - 2014-06-04 12:16 - 00000533 _____ () C:\Windows\avgrep.txt
2014-06-03 23:49 - 2014-06-03 23:50 - 00003554 _____ () C:\Users\Harry\Downloads\Activate Sound in SafeMode.reg
2014-06-03 22:13 - 2014-06-04 12:37 - 00000000 ____D () C:\FRST
2014-06-03 22:13 - 2014-06-04 12:33 - 01059840 _____ (Farbar) C:\Users\Harry\Desktop\FRST.exe
2014-06-03 21:54 - 2014-06-03 21:54 - 00002193 _____ () C:\Users\Harry\Desktop\malware.txt
2014-06-03 21:30 - 2014-06-03 21:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 21:28 - 2014-06-03 21:28 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-03 21:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 21:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 21:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 21:16 - 2014-06-03 21:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harry\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 20:39 - 2014-06-03 20:39 - 00157664 _____ () C:\Windows\Minidump\Mini060314-01.dmp
2014-06-03 20:27 - 2014-06-03 20:27 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\AVG2014
2014-06-03 20:26 - 2014-06-03 20:26 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TuneUp Software
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-03 20:24 - 2014-06-03 20:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-03 20:24 - 2014-06-03 20:24 - 00000000 ___HD () C:\$AVG
2014-06-03 20:22 - 2014-06-03 20:22 - 00000000 ____D () C:\Program Files\AVG
2014-06-03 20:08 - 2014-06-03 20:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-03 20:08 - 2014-06-03 20:31 - 00000000 ____D () C:\Users\Harry\AppData\Local\Avg2014
2014-06-03 20:08 - 2014-06-03 20:08 - 00000000 ____D () C:\Users\Harry\AppData\Local\MFAData
2014-06-03 20:07 - 2014-06-03 20:07 - 04485528 _____ (AVG Technologies) C:\Users\Harry\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-01 19:11 - 2014-06-01 19:11 - 18309318 _____ () C:\Users\Harry\Downloads\net2ftp-1401667906.zip
2014-06-01 18:21 - 2014-06-01 18:21 - 00000940 _____ () C:\Users\Harry\Desktop\kompozer - Shortcut.lnk
2014-06-01 18:13 - 2014-06-01 18:13 - 00000062 _____ () C:\Windows\wininit.ini
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Program Files\3Dize
2014-06-01 18:10 - 2014-06-01 18:10 - 00929416 _____ (CNET Download.com) C:\Users\Harry\Downloads\cbsidlm-cbsi188-Cool_Page-SEO-10024827.exe
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\Downloads\kompozer-0.7.10-win32
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\KompoZer
2014-06-01 17:44 - 2014-06-01 17:45 - 07949158 _____ () C:\Users\Harry\Downloads\kompozer-0.7.10-win32.zip
2014-06-01 16:57 - 2014-06-01 16:58 - 00000000 ____D () C:\Users\Harry\Desktop\fankit
2014-05-30 01:53 - 2014-05-30 01:53 - 00000000 ____D () C:\Users\Harry\Documents\OneNote Notebooks
2014-05-30 01:50 - 2014-05-30 01:50 - 00981688 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\setuponenotefreeretail.x86.en-us_.exe
2014-05-30 01:45 - 2014-05-30 01:45 - 00000000 ____D () C:\Program Files\Babylon
2014-05-30 01:44 - 2014-05-30 01:44 - 00682616 _____ (Babylon Ltd.) C:\Users\Harry\Downloads\Babylon10_setup.exe
2014-05-29 22:51 - 2014-05-29 22:51 - 00000642 _____ () C:\Users\Harry\Downloads\google.csv
2014-05-29 21:44 - 2014-05-29 21:44 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup (1).exe
2014-05-29 21:39 - 2014-05-29 21:39 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-29 21:39 - 2014-05-29 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 21:38 - 2014-06-03 21:23 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 21:38 - 2014-06-03 19:43 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 21:38 - 2014-05-29 21:38 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 02128896 _____ () C:\Users\Harry\Downloads\Jumpgate Network Program.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 00000000 _____ () C:\Users\Harry\Downloads\Jumpgate List.JG
2014-05-29 19:40 - 2014-05-29 19:41 - 12012032 _____ () C:\Users\Harry\Downloads\AE Base Simulator 1.2.2.exe
2014-05-29 14:45 - 2014-05-29 14:48 - 00000000 ____D () C:\Users\Harry\Desktop\New Folder
2014-05-29 11:11 - 2014-05-29 11:11 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\FreeLanguageTranslator
2014-05-29 11:09 - 2014-05-29 11:09 - 00006184 _____ () C:\Users\Harry\Documents\LanguageTranslatorInstall.log
2014-05-29 11:09 - 2014-05-29 11:09 - 00005608 _____ () C:\Users\Harry\Documents\fdb22442-29e6-4dce-b18e-b9ae40310f6dLanguageTranslatorInstall.log
2014-05-29 11:08 - 2014-05-29 11:08 - 00001982 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Free Language Translator.lnk
2014-05-29 11:08 - 2014-05-29 11:08 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator3
2014-05-29 11:06 - 2014-05-29 11:06 - 02431271 _____ () C:\Users\Harry\Downloads\FreeTranslatorSetup_3.3.zip
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\Documents\gegl-0.0
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\.gimp-2.6
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Program Files\GIMP-2.0
2014-05-28 18:41 - 2014-05-28 18:41 - 00349160 _____ () C:\Users\Harry\Downloads\MediaPlayerClassic.exe
2014-05-28 15:08 - 2014-05-28 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 15:07 - 2014-05-28 15:08 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 15:04 - 2014-05-28 15:04 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-05-28 15:02 - 2014-05-28 15:02 - 41945432 _____ (Apple Inc.) C:\Users\Harry\Downloads\QuickTimeInstaller.exe
2014-05-27 23:47 - 2014-05-27 23:48 - 13224834 _____ () C:\Users\Harry\Downloads\htmlunit-2.14-bin.zip
2014-05-27 23:25 - 2014-05-27 23:26 - 26908896 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\Windows-KB890830-V5.12.exe
2014-05-27 15:54 - 2014-05-27 16:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TypingTrainer8
2014-05-27 15:54 - 2013-01-07 11:04 - 00000037 _____ () C:\ProgramData\ttrainer8.data
2014-05-27 15:49 - 2014-05-27 15:49 - 00644864 _____ (Typing Innovation Group Ltd) C:\Users\Harry\Downloads\TypingTrainer.exe
2014-05-27 03:15 - 2014-05-27 03:15 - 00814778 _____ (Drive Software Company ) C:\Users\Harry\Downloads\desktoptimer.exe
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Desktop Timer
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\Program Files\Free Desktop Timer
2014-05-27 02:10 - 2014-05-27 02:10 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\betonline
2014-05-27 01:52 - 2014-06-03 16:30 - 00000928 _____ () C:\Users\Public\Desktop\BetOnline Poker 8.2.lnk
2014-05-27 01:52 - 2014-05-27 01:52 - 00001816 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BetOnline Poker 8.2.lnk
2014-05-27 01:52 - 2014-05-27 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnline Poker 8.2
2014-05-27 01:51 - 2014-05-27 01:52 - 00000000 ____D () C:\Program Files\BetOnline Poker 8.2
2014-05-27 01:50 - 2014-05-27 01:50 - 24969919 _____ (Hero Poker Network) C:\Users\Harry\Downloads\BetOnlinePokerSetup.exe
2014-05-27 01:48 - 2014-06-01 20:50 - 00000000 ___HD () C:\BOL
2014-05-27 01:48 - 2014-05-27 01:48 - 00001722 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00001710 _____ () C:\Users\Public\Desktop\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00000000 ____D () C:\Program Files\BetOnline Client
2014-05-27 01:47 - 2014-05-27 01:47 - 03643430 _____ () C:\Users\Harry\Downloads\betonlineinstaller.exe
2014-05-24 17:44 - 2014-05-24 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kasamba Messenger
2014-05-24 17:44 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2014-05-24 17:43 - 2014-05-24 17:43 - 00000000 ____D () C:\Program Files\Kasamba
2014-05-24 17:40 - 2014-05-24 17:42 - 05764600 _____ () C:\Users\Harry\Downloads\KasambaExpertSetup.exe
2014-05-24 17:40 - 2014-05-24 17:40 - 00093527 _____ () C:\Users\Harry\Documents\Recommended steps.htm
2014-05-24 17:40 - 2014-05-24 17:40 - 00000000 ____D () C:\Users\Harry\Documents\Recommended steps_files
2014-05-24 00:53 - 2014-05-24 00:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ___RD () C:\Program Files\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Users\Harry\AppData\Local\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-24 00:52 - 2014-05-24 00:52 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Harry\Downloads\SkypeSetup.exe
2014-05-23 21:58 - 2014-05-24 21:07 - 00000000 ____D () C:\Users\Harry\Documents\Youcam
2014-05-23 20:29 - 2014-05-23 20:29 - 00000896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000890 _____ () C:\Users\Public\Desktop\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2014-05-23 20:27 - 2014-05-23 20:29 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM(1).exe
2014-05-23 20:25 - 2014-05-23 20:27 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM.exe
2014-05-23 02:41 - 2014-05-23 02:41 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\NVIDIA
2014-05-23 02:10 - 2014-06-03 20:47 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\BitTorrent
2014-05-23 02:10 - 2014-05-23 02:10 - 01639760 _____ (BitTorrent Inc.) C:\Users\Harry\Downloads\BitTorrent.exe
2014-05-23 00:48 - 2014-05-23 00:48 - 00000000 ____D () C:\Users\Harry\AppData\Local\cache
2014-05-23 00:47 - 2014-05-23 01:26 - 00000000 ____D () C:\Users\Harry\AppData\Local\FullTiltPoker
2014-05-23 00:47 - 2014-05-23 01:26 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-05-23 00:47 - 2014-05-23 00:47 - 00000860 _____ () C:\Users\Public\Desktop\Full Tilt Poker.lnk
2014-05-23 00:47 - 2014-05-23 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-05-23 00:37 - 2014-05-23 00:42 - 50741784 _____ () C:\Users\Harry\Downloads\FullTiltSetup.exe
2014-05-22 22:28 - 2014-05-22 22:28 - 00000000 ____D () C:\Crash
2014-05-22 20:43 - 2014-05-22 20:43 - 00002051 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00002021 _____ () C:\Users\Harry\Desktop\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Windows\system32\directx
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Harry\AppData\Local\SCE
2014-05-22 20:41 - 2014-05-22 20:42 - 23978024 _____ () C:\Users\Harry\Downloads\PS2_setup.exe
2014-05-22 18:12 - 2014-05-27 06:14 - 00000000 ____D () C:\Users\Harry\Documents\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:12 - 00001839 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00001815 _____ () C:\Users\Harry\Desktop\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:11 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\WSOP.com
2014-05-22 18:11 - 2014-05-22 18:12 - 00000000 ____D () C:\Program Files\WSOP.com
2014-05-21 03:07 - 2014-05-21 03:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-20 16:27 - 2014-05-20 16:27 - 00001908 _____ () C:\Users\Public\Desktop\SpaceFight.lnk
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Noserver
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\Program Files\Noserver
2014-05-20 16:25 - 2014-05-20 16:26 - 54744474 _____ (Igor Pavlov) C:\Users\Harry\Downloads\spacefight_setup.exe
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\Users\Harry\AppData\Local\Macromedia
2014-05-20 10:45 - 2014-06-03 21:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 10:45 - 2014-05-20 12:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-20 03:25 - 2014-05-20 16:33 - 00000000 ____D () C:\ProgramData\Overwolf
2014-05-20 01:06 - 2014-05-20 01:06 - 00001756 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-05-20 01:06 - 2014-05-20 01:06 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-05-20 01:05 - 2014-05-20 01:06 - 00000000 ____D () C:\Program Files\Overwolf
2014-05-20 01:05 - 2014-05-20 01:05 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-05-20 01:03 - 2014-05-20 16:33 - 00000000 ____D () C:\Users\Harry\AppData\Local\Overwolf
2014-05-20 01:03 - 2014-05-20 01:22 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TS3Client
2014-05-20 01:03 - 2014-05-20 01:03 - 00000959 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-20 01:02 - 2014-05-20 01:03 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-05-20 00:59 - 2014-05-20 01:01 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Harry\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-05-19 21:34 - 2014-06-03 21:05 - 00000000 ____D () C:\Users\Harry\AppData\Local\Nvidia Corporation
2014-05-19 21:33 - 2014-05-24 14:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-19 21:33 - 2014-05-19 21:33 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-19 21:33 - 2014-05-19 21:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-19 21:31 - 2014-05-19 21:31 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-05-19 21:25 - 2012-12-29 05:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-19 21:25 - 2012-12-29 05:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2014-05-19 21:20 - 2014-05-19 21:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-19 21:20 - 2014-05-19 21:21 - 00000000 ____D () C:\Users\Harry\AppData\Local\NVIDIA
2014-05-19 21:20 - 2014-05-19 21:20 - 00001140 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-05-19 21:18 - 2014-05-19 21:18 - 28033792 _____ (NVIDIA Corporation) C:\Users\Harry\Downloads\GeForce_Experience_v2.0.1.0.exe
2014-05-19 19:23 - 2014-05-19 19:24 - 00159584 _____ () C:\Windows\Minidump\Mini051914-01.dmp
2014-05-19 19:05 - 2014-06-01 18:21 - 00000000 ____D () C:\Users\Harry\Desktop\everything
2014-05-19 19:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-05-19 18:56 - 2014-05-19 18:58 - 00000000 ___HD () C:\ArcTemp
2014-05-19 18:53 - 2014-05-19 22:01 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Arc
2014-05-19 18:53 - 2014-05-19 18:57 - 00000000 ____D () C:\Program Files\Perfect World Entertainment
2014-05-19 18:53 - 2014-05-19 18:53 - 00001635 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-05-19 18:53 - 2014-05-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-05-19 18:52 - 2014-05-19 18:52 - 09514088 _____ (Perfect World Entertainment) C:\Users\Harry\Downloads\ArcInstall_v20140404a.exe
2014-05-18 23:36 - 2014-05-18 23:50 - 00009075 _____ () C:\Users\Harry\AppData\Roaming\.freeciv-client-rc-2.4
2014-05-18 23:33 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\.freeciv
2014-05-18 23:25 - 2014-05-18 23:27 - 00000000 ____D () C:\Users\Harry\Documents\FreeCol
2014-05-18 23:17 - 2014-05-18 23:17 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Awem
2014-05-16 03:01 - 2014-05-05 18:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 03:00 - 2014-05-05 18:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 03:00 - 2014-05-05 18:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:48 - 2014-05-15 22:48 - 00019365 _____ () C:\Users\Harry\Downloads\oneos_installer.txt
2014-05-15 22:33 - 2014-05-15 22:33 - 00000898 _____ () C:\Users\Harry\Desktop\Real Poker.lnk
2014-05-15 22:26 - 2014-05-15 22:26 - 02582796 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Real_Poker.exe
2014-05-15 22:25 - 2014-05-15 22:25 - 12970507 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Star-Defender4.exe
2014-05-15 22:24 - 2014-05-15 22:24 - 10547174 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\StarGunner.exe
2014-05-15 22:12 - 2014-05-15 22:12 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-05-15 22:05 - 2014-05-22 20:43 - 00001106 _____ () C:\END
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeciv 2.4.2 (GTK+2 client)
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\freecol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\Freeciv-2.4.2-gtk2
2014-05-15 22:03 - 2014-05-15 22:03 - 79454664 _____ () C:\Users\Harry\Downloads\virtualcity-setup.exe
2014-05-15 21:59 - 2014-05-15 22:01 - 37739520 _____ () C:\Users\Harry\Downloads\freecol-0.10.7-installer.exe
2014-05-15 21:59 - 2014-05-15 22:00 - 28215140 _____ () C:\Users\Harry\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-05-15 20:42 - 2014-05-15 20:42 - 00654317 _____ () C:\Users\Harry\Downloads\asterion-launcher-bootstrap.jar
2014-05-15 18:50 - 2014-05-15 18:50 - 00114942 _____ () C:\Users\Harry\Downloads\ModTools.zip
2014-05-15 18:35 - 2014-03-25 08:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 20:25 - 2014-05-14 20:44 - 00000000 ____D () C:\Users\Harry\Downloads\aaaa
2014-05-14 15:48 - 2014-05-14 15:48 - 00000000 ____D () C:\Users\Harry\Downloads\ragetech
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-06-04 12:37 - 2014-06-04 12:35 - 00015740 _____ () C:\Users\Harry\Desktop\FRST.txt
2014-06-04 12:37 - 2014-06-03 22:13 - 00000000 ____D () C:\FRST
2014-06-04 12:37 - 2010-02-06 14:52 - 00000000 ____D () C:\Users\Harry\AppData\Local\Temp
2014-06-04 12:33 - 2014-06-03 22:13 - 01059840 _____ (Farbar) C:\Users\Harry\Desktop\FRST.exe
2014-06-04 12:29 - 2014-06-04 12:19 - 00005674 _____ () C:\Users\Harry\Desktop\Rkill.txt
2014-06-04 12:19 - 2014-06-04 12:19 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Harry\Desktop\rkill.exe
2014-06-04 12:16 - 2014-06-04 12:14 - 00000533 _____ () C:\Windows\avgrep.txt
2014-06-04 11:48 - 2010-02-06 14:52 - 00001356 _____ () C:\Users\Harry\AppData\Local\d3d9caps.dat
2014-06-04 11:40 - 2014-02-17 20:02 - 00000075 _____ () C:\Windows\system32\ywotbx.tyd
2014-06-03 23:57 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 23:50 - 2014-06-03 23:49 - 00003554 _____ () C:\Users\Harry\Downloads\Activate Sound in SafeMode.reg
2014-06-03 23:43 - 2014-04-30 14:44 - 00056376 _____ () C:\Windows\PFRO.log
2014-06-03 21:54 - 2014-06-03 21:54 - 00002193 _____ () C:\Users\Harry\Desktop\malware.txt
2014-06-03 21:31 - 2014-06-03 21:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 21:28 - 2014-06-03 21:28 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-03 21:23 - 2014-05-29 21:38 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 21:23 - 2010-10-20 05:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-03 21:22 - 2010-02-07 03:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 21:22 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 21:22 - 2006-11-02 07:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 21:22 - 2006-11-02 07:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 21:16 - 2014-06-03 21:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harry\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 21:09 - 2014-05-20 10:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 21:05 - 2014-05-19 21:34 - 00000000 ____D () C:\Users\Harry\AppData\Local\Nvidia Corporation
2014-06-03 21:05 - 2006-11-02 07:52 - 01174518 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 20:47 - 2014-05-23 02:10 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\BitTorrent
2014-06-03 20:47 - 2014-02-06 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2014-06-03 20:39 - 2014-06-03 20:39 - 00157664 _____ () C:\Windows\Minidump\Mini060314-01.dmp
2014-06-03 20:39 - 2010-03-14 06:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 20:38 - 2014-05-01 14:25 - 367590363 _____ () C:\Windows\MEMORY.DMP
2014-06-03 20:32 - 2014-06-03 20:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-03 20:31 - 2014-06-03 20:08 - 00000000 ____D () C:\Users\Harry\AppData\Local\Avg2014
2014-06-03 20:31 - 2010-10-25 19:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000UA.job
2014-06-03 20:27 - 2014-06-03 20:27 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\AVG2014
2014-06-03 20:26 - 2014-06-03 20:26 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TuneUp Software
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-03 20:26 - 2014-06-03 20:24 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-03 20:26 - 2010-02-06 14:52 - 00000000 ____D () C:\Users\Harry
2014-06-03 20:24 - 2014-06-03 20:24 - 00000000 ___HD () C:\$AVG
2014-06-03 20:22 - 2014-06-03 20:22 - 00000000 ____D () C:\Program Files\AVG
2014-06-03 20:08 - 2014-06-03 20:08 - 00000000 ____D () C:\Users\Harry\AppData\Local\MFAData
2014-06-03 20:07 - 2014-06-03 20:07 - 04485528 _____ (AVG Technologies) C:\Users\Harry\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-03 19:43 - 2014-05-29 21:38 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 18:31 - 2010-10-25 19:27 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000Core.job
2014-06-03 16:33 - 2010-03-27 02:52 - 00000000 ____D () C:\Users\Harry\AppData\Local\PokerStars.NET
2014-06-03 16:32 - 2010-03-27 02:47 - 00000000 ____D () C:\Program Files\PokerStars.NET
2014-06-03 16:30 - 2014-05-27 01:52 - 00000928 _____ () C:\Users\Public\Desktop\BetOnline Poker 8.2.lnk
2014-06-01 20:50 - 2014-05-27 01:48 - 00000000 ___HD () C:\BOL
2014-06-01 19:11 - 2014-06-01 19:11 - 18309318 _____ () C:\Users\Harry\Downloads\net2ftp-1401667906.zip
2014-06-01 18:21 - 2014-06-01 18:21 - 00000940 _____ () C:\Users\Harry\Desktop\kompozer - Shortcut.lnk
2014-06-01 18:21 - 2014-05-19 19:05 - 00000000 ____D () C:\Users\Harry\Desktop\everything
2014-06-01 18:13 - 2014-06-01 18:13 - 00000062 _____ () C:\Windows\wininit.ini
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Program Files\3Dize
2014-06-01 18:13 - 2010-02-06 11:10 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-06-01 18:13 - 2006-11-02 08:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-01 18:13 - 2006-11-02 05:23 - 00000240 _____ () C:\Windows\system.ini
2014-06-01 18:10 - 2014-06-01 18:10 - 00929416 _____ (CNET Download.com) C:\Users\Harry\Downloads\cbsidlm-cbsi188-Cool_Page-SEO-10024827.exe
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\Downloads\kompozer-0.7.10-win32
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\KompoZer
2014-06-01 17:49 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-01 17:48 - 2010-11-08 22:09 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Apple Computer
2014-06-01 17:45 - 2014-06-01 17:44 - 07949158 _____ () C:\Users\Harry\Downloads\kompozer-0.7.10-win32.zip
2014-06-01 16:58 - 2014-06-01 16:57 - 00000000 ____D () C:\Users\Harry\Desktop\fankit
2014-05-31 11:54 - 2010-07-19 07:26 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Skype
2014-05-30 01:53 - 2014-05-30 01:53 - 00000000 ____D () C:\Users\Harry\Documents\OneNote Notebooks
2014-05-30 01:50 - 2014-05-30 01:50 - 00981688 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\setuponenotefreeretail.x86.en-us_.exe
2014-05-30 01:45 - 2014-05-30 01:45 - 00000000 ____D () C:\Program Files\Babylon
2014-05-30 01:44 - 2014-05-30 01:44 - 00682616 _____ (Babylon Ltd.) C:\Users\Harry\Downloads\Babylon10_setup.exe
2014-05-29 22:51 - 2014-05-29 22:51 - 00000642 _____ () C:\Users\Harry\Downloads\google.csv
2014-05-29 21:44 - 2014-05-29 21:44 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup (1).exe
2014-05-29 21:39 - 2014-05-29 21:39 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-29 21:39 - 2014-05-29 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 21:39 - 2010-10-25 19:27 - 00000000 ____D () C:\Users\Harry\AppData\Local\Google
2014-05-29 21:39 - 2010-07-19 07:26 - 00000000 ____D () C:\Program Files\Google
2014-05-29 21:38 - 2014-05-29 21:38 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 02128896 _____ () C:\Users\Harry\Downloads\Jumpgate Network Program.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 00000000 _____ () C:\Users\Harry\Downloads\Jumpgate List.JG
2014-05-29 19:41 - 2014-05-29 19:40 - 12012032 _____ () C:\Users\Harry\Downloads\AE Base Simulator 1.2.2.exe
2014-05-29 14:48 - 2014-05-29 14:45 - 00000000 ____D () C:\Users\Harry\Desktop\New Folder
2014-05-29 11:11 - 2014-05-29 11:11 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\FreeLanguageTranslator
2014-05-29 11:09 - 2014-05-29 11:09 - 00006184 _____ () C:\Users\Harry\Documents\LanguageTranslatorInstall.log
2014-05-29 11:09 - 2014-05-29 11:09 - 00005608 _____ () C:\Users\Harry\Documents\fdb22442-29e6-4dce-b18e-b9ae40310f6dLanguageTranslatorInstall.log
2014-05-29 11:08 - 2014-05-29 11:08 - 00001982 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Free Language Translator.lnk
2014-05-29 11:08 - 2014-05-29 11:08 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator3
2014-05-29 11:06 - 2014-05-29 11:06 - 02431271 _____ () C:\Users\Harry\Downloads\FreeTranslatorSetup_3.3.zip
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\Documents\gegl-0.0
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\.gimp-2.6
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Program Files\GIMP-2.0
2014-05-28 18:41 - 2014-05-28 18:41 - 00349160 _____ () C:\Users\Harry\Downloads\MediaPlayerClassic.exe
2014-05-28 15:08 - 2014-05-28 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 15:08 - 2014-05-28 15:07 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 15:04 - 2014-05-28 15:04 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-05-28 15:04 - 2010-11-06 05:25 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-05-28 15:02 - 2014-05-28 15:02 - 41945432 _____ (Apple Inc.) C:\Users\Harry\Downloads\QuickTimeInstaller.exe
2014-05-27 23:48 - 2014-05-27 23:47 - 13224834 _____ () C:\Users\Harry\Downloads\htmlunit-2.14-bin.zip
2014-05-27 23:26 - 2014-05-27 23:25 - 26908896 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\Windows-KB890830-V5.12.exe
2014-05-27 16:12 - 2014-05-27 15:54 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TypingTrainer8
2014-05-27 15:49 - 2014-05-27 15:49 - 00644864 _____ (Typing Innovation Group Ltd) C:\Users\Harry\Downloads\TypingTrainer.exe
2014-05-27 06:14 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\Documents\WSOP.com
2014-05-27 03:15 - 2014-05-27 03:15 - 00814778 _____ (Drive Software Company ) C:\Users\Harry\Downloads\desktoptimer.exe
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Desktop Timer
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\Program Files\Free Desktop Timer
2014-05-27 02:10 - 2014-05-27 02:10 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\betonline
2014-05-27 01:52 - 2014-05-27 01:52 - 00001816 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BetOnline Poker 8.2.lnk
2014-05-27 01:52 - 2014-05-27 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnline Poker 8.2
2014-05-27 01:52 - 2014-05-27 01:51 - 00000000 ____D () C:\Program Files\BetOnline Poker 8.2
2014-05-27 01:50 - 2014-05-27 01:50 - 24969919 _____ (Hero Poker Network) C:\Users\Harry\Downloads\BetOnlinePokerSetup.exe
2014-05-27 01:48 - 2014-05-27 01:48 - 00001722 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00001710 _____ () C:\Users\Public\Desktop\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00000000 ____D () C:\Program Files\BetOnline Client
2014-05-27 01:47 - 2014-05-27 01:47 - 03643430 _____ () C:\Users\Harry\Downloads\betonlineinstaller.exe
2014-05-24 21:07 - 2014-05-23 21:58 - 00000000 ____D () C:\Users\Harry\Documents\Youcam
2014-05-24 17:44 - 2014-05-24 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kasamba Messenger
2014-05-24 17:43 - 2014-05-24 17:43 - 00000000 ____D () C:\Program Files\Kasamba
2014-05-24 17:42 - 2014-05-24 17:40 - 05764600 _____ () C:\Users\Harry\Downloads\KasambaExpertSetup.exe
2014-05-24 17:40 - 2014-05-24 17:40 - 00093527 _____ () C:\Users\Harry\Documents\Recommended steps.htm
2014-05-24 17:40 - 2014-05-24 17:40 - 00000000 ____D () C:\Users\Harry\Documents\Recommended steps_files
2014-05-24 14:53 - 2014-05-19 21:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-24 00:53 - 2014-05-24 00:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ___RD () C:\Program Files\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Users\Harry\AppData\Local\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-24 00:53 - 2010-07-19 07:26 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 00:52 - 2014-05-24 00:52 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Harry\Downloads\SkypeSetup.exe
2014-05-23 22:02 - 2010-10-10 03:24 - 00030208 _____ () C:\Users\Harry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-23 20:29 - 2014-05-23 20:29 - 00000896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000890 _____ () C:\Users\Public\Desktop\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2014-05-23 20:29 - 2014-05-23 20:27 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM(1).exe
2014-05-23 20:27 - 2014-05-23 20:25 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM.exe
2014-05-23 03:30 - 2014-04-08 20:23 - 00000000 ____D () C:\Users\Harry\Downloads\pc
2014-05-23 02:41 - 2014-05-23 02:41 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\NVIDIA
2014-05-23 02:10 - 2014-05-23 02:10 - 01639760 _____ (BitTorrent Inc.) C:\Users\Harry\Downloads\BitTorrent.exe
2014-05-23 01:54 - 2010-02-10 07:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-23 01:26 - 2014-05-23 00:47 - 00000000 ____D () C:\Users\Harry\AppData\Local\FullTiltPoker
2014-05-23 01:26 - 2014-05-23 00:47 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-05-23 00:48 - 2014-05-23 00:48 - 00000000 ____D () C:\Users\Harry\AppData\Local\cache
2014-05-23 00:47 - 2014-05-23 00:47 - 00000860 _____ () C:\Users\Public\Desktop\Full Tilt Poker.lnk
2014-05-23 00:47 - 2014-05-23 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-05-23 00:42 - 2014-05-23 00:37 - 50741784 _____ () C:\Users\Harry\Downloads\FullTiltSetup.exe
2014-05-22 22:28 - 2014-05-22 22:28 - 00000000 ____D () C:\Crash
2014-05-22 20:43 - 2014-05-22 20:43 - 00002051 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00002021 _____ () C:\Users\Harry\Desktop\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Windows\system32\directx
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Harry\AppData\Local\SCE
2014-05-22 20:43 - 2014-05-15 22:05 - 00001106 _____ () C:\END
2014-05-22 20:43 - 2010-10-09 20:43 - 00000000 ____D () C:\Temp
2014-05-22 20:43 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-05-22 20:42 - 2014-05-22 20:41 - 23978024 _____ () C:\Users\Harry\Downloads\PS2_setup.exe
2014-05-22 18:12 - 2014-05-22 18:12 - 00001839 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00001815 _____ () C:\Users\Harry\Desktop\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:11 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:11 - 00000000 ____D () C:\Program Files\WSOP.com
2014-05-21 04:32 - 2010-02-10 07:46 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Mozilla
2014-05-21 03:12 - 2010-10-09 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-21 03:07 - 2014-05-21 03:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-20 21:35 - 2014-03-11 20:13 - 00002127 _____ () C:\Windows\setupact.log
2014-05-20 16:33 - 2014-05-20 03:25 - 00000000 ____D () C:\ProgramData\Overwolf
2014-05-20 16:33 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Harry\AppData\Local\Overwolf
2014-05-20 16:27 - 2014-05-20 16:27 - 00001908 _____ () C:\Users\Public\Desktop\SpaceFight.lnk
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Noserver
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\Program Files\Noserver
2014-05-20 16:26 - 2014-05-20 16:25 - 54744474 _____ (Igor Pavlov) C:\Users\Harry\Downloads\spacefight_setup.exe
2014-05-20 12:11 - 2014-05-20 10:45 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-20 12:11 - 2011-10-30 14:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\Users\Harry\AppData\Local\Macromedia
2014-05-20 10:49 - 2010-02-08 02:13 - 00000000 ____D () C:\Users\Harry\AppData\Local\Adobe
2014-05-20 03:05 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-20 03:03 - 2006-11-02 05:23 - 00000254 _____ () C:\Windows\win.ini
2014-05-20 01:22 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TS3Client
2014-05-20 01:06 - 2014-05-20 01:06 - 00001756 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-05-20 01:06 - 2014-05-20 01:06 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-05-20 01:06 - 2014-05-20 01:05 - 00000000 ____D () C:\Program Files\Overwolf
2014-05-20 01:05 - 2014-05-20 01:05 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-05-20 01:03 - 2014-05-20 01:03 - 00000959 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-20 01:03 - 2014-05-20 01:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-05-20 01:01 - 2014-05-20 00:59 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Harry\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-05-19 22:03 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-19 22:01 - 2014-05-19 18:53 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Arc
2014-05-19 21:33 - 2014-05-19 21:33 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-19 21:33 - 2014-05-19 21:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-19 21:31 - 2014-05-19 21:31 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-05-19 21:31 - 2010-02-10 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-19 21:31 - 2010-02-10 07:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-19 21:28 - 2014-05-19 21:20 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-19 21:21 - 2014-05-19 21:20 - 00000000 ____D () C:\Users\Harry\AppData\Local\NVIDIA
2014-05-19 21:20 - 2014-05-19 21:20 - 00001140 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-05-19 21:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-19 21:18 - 2014-05-19 21:18 - 28033792 _____ (NVIDIA Corporation) C:\Users\Harry\Downloads\GeForce_Experience_v2.0.1.0.exe
2014-05-19 21:13 - 2010-02-11 02:15 - 00158128 _____ () C:\ProgramData\nvModes.001
2014-05-19 19:25 - 2010-02-10 07:42 - 00158128 _____ () C:\ProgramData\nvModes.dat
2014-05-19 19:24 - 2014-05-19 19:23 - 00159584 _____ () C:\Windows\Minidump\Mini051914-01.dmp
2014-05-19 18:58 - 2014-05-19 18:56 - 00000000 ___HD () C:\ArcTemp
2014-05-19 18:57 - 2014-05-19 18:53 - 00000000 ____D () C:\Program Files\Perfect World Entertainment
2014-05-19 18:53 - 2014-05-19 18:53 - 00001635 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-05-19 18:53 - 2014-05-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-05-19 18:53 - 2010-04-12 02:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-19 18:52 - 2014-05-19 18:52 - 09514088 _____ (Perfect World Entertainment) C:\Users\Harry\Downloads\ArcInstall_v20140404a.exe
2014-05-18 23:50 - 2014-05-18 23:36 - 00009075 _____ () C:\Users\Harry\AppData\Roaming\.freeciv-client-rc-2.4
2014-05-18 23:44 - 2014-05-18 23:33 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\.freeciv
2014-05-18 23:27 - 2014-05-18 23:25 - 00000000 ____D () C:\Users\Harry\Documents\FreeCol
2014-05-18 23:17 - 2014-05-18 23:17 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Awem
2014-05-18 23:16 - 2014-02-06 17:04 - 00000000 ____D () C:\Program Files\GameTop.com
2014-05-16 03:08 - 2014-05-02 03:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:48 - 2014-05-15 22:48 - 00019365 _____ () C:\Users\Harry\Downloads\oneos_installer.txt
2014-05-15 22:33 - 2014-05-15 22:33 - 00000898 _____ () C:\Users\Harry\Desktop\Real Poker.lnk
2014-05-15 22:26 - 2014-05-15 22:26 - 02582796 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Real_Poker.exe
2014-05-15 22:25 - 2014-05-15 22:25 - 12970507 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Star-Defender4.exe
2014-05-15 22:24 - 2014-05-15 22:24 - 10547174 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\StarGunner.exe
2014-05-15 22:12 - 2014-05-15 22:12 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-05-15 22:05 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Resources
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeciv 2.4.2 (GTK+2 client)
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\freecol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\Freeciv-2.4.2-gtk2
2014-05-15 22:03 - 2014-05-15 22:03 - 79454664 _____ () C:\Users\Harry\Downloads\virtualcity-setup.exe
2014-05-15 22:01 - 2014-05-15 21:59 - 37739520 _____ () C:\Users\Harry\Downloads\freecol-0.10.7-installer.exe
2014-05-15 22:00 - 2014-05-15 21:59 - 28215140 _____ () C:\Users\Harry\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-05-15 21:33 - 2014-03-28 15:28 - 00000000 ____D () C:\Users\Harry\Downloads\Horizons
2014-05-15 20:53 - 2014-03-28 15:28 - 00000000 ____D () C:\Users\Harry\Downloads\Unleashed
2014-05-15 20:42 - 2014-05-15 20:42 - 00654317 _____ () C:\Users\Harry\Downloads\asterion-launcher-bootstrap.jar
2014-05-15 20:21 - 2014-03-28 15:30 - 00000000 ____D () C:\Users\Harry\Downloads\Infamy
2014-05-15 20:13 - 2014-04-30 14:53 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\.minecraft
2014-05-15 18:59 - 2014-02-17 20:04 - 00000000 ____D () C:\Users\Harry\Downloads\authlib
2014-05-15 18:59 - 2014-02-06 18:07 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\ftblauncher
2014-05-15 18:59 - 2014-02-06 18:06 - 04588972 _____ () C:\Users\Harry\Desktop\launcher^FTB_Launcher.exe
2014-05-15 18:50 - 2014-05-15 18:50 - 00114942 _____ () C:\Users\Harry\Downloads\ModTools.zip
2014-05-14 20:44 - 2014-05-14 20:25 - 00000000 ____D () C:\Users\Harry\Downloads\aaaa
2014-05-14 15:48 - 2014-05-14 15:48 - 00000000 ____D () C:\Users\Harry\Downloads\ragetech
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 07:26 - 2014-06-03 21:28 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 21:28 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-03 21:28 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 18:32 - 2014-05-16 03:00 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 18:14 - 2014-05-16 03:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 18:14 - 2014-05-16 03:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Some content of TEMP:
====================
C:\Users\Harry\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Harry\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Harry\AppData\Local\Temp\skype_x863765623139085603410.dll
C:\Users\Harry\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2010-02-08 07:03] - [2009-04-11 01:28] - 0551936 ____A (Microsoft Corporation) 16AB8F1AFE099B554DDA5724065061D8

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-04 12:09

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by Harry at 2014-06-04 12:37:45
Running from C:\Users\Harry\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2350 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
2350_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
2350Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS4 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - )
Ancient Rome 2 (HKLM\...\Ancient Rome 2_is1) (Version: 1.0 - Media Contact LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
BetOnline Client (remove only) (HKLM\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BetOnline Poker 8.2 (HKLM\...\BetOnline Poker 8.2) (Version: 8.2.12.201404151600 - Hero Poker Network)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.34 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Cool Page 2.72 (HKLM\...\Cool Page 2.72) (Version:  - )
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.2117 - CyberLink Corp.)
CyberLink YouCam (Version: 1.0.2117 - CyberLink Corp.) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ezManagerMax 2.0.14 (HKLM\...\ezManagerMax 2.0.14) (Version:  - Animas Corporation)
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Free Desktop Timer 1.2 (HKLM\...\Free Desktop Timer_is1) (Version:  - Drive Software Company)
Free YouTube Downloader 3.5.187 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Freeciv 2.4.2 (GTK+2 client) (HKLM\...\Freeciv-2.4.2-gtk2) (Version:  - )
FreeLanguageTranslator 3.3 (HKLM\...\{725FD707-4A64-49F8-9C76-86ED20342E56}) (Version: 3.3 - Decebal Mihailescu)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.10.15.WIN.FullTilt.COM - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Talk Plugin (HKLM\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Broadband Wireless Modules (HKLM\...\{AA0CBF76-BD8E-48C0-AE32-31684A629836}) (Version: 18.14.1715.1 - Sierra Wireless Inc)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.006 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kasamba Messenger (HKLM\...\Kasamba Messenger) (Version:  - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Meter Drivers for OneTouch® Software (Version: 1.8.0 - LifeScan) Hidden
Meter Drivers for OneTouch® Software v1.8.0 (HKLM\...\InstallShield_{CAD1F8CC-E6C7-41A1-84CD-0407A5D18240}) (Version: 1.8.0 - LifeScan)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Msxml4 for LDCF (HKLM\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
Network Recording Player (HKLM\...\{D12CD09C-BFEE-4B6F-A7F7-054AEA2E369C}) (Version: 2.3.1109 - WebEx Communications Inc.)
NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
OneTouch Software (HKLM\...\{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}) (Version:  - )
Online Vegas Casino (HKLM\...\{7A2459F3-718C-4D9D-BCF0-24F4BFF21823}) (Version: 1.00.0000 - Online Vegas Casino)
Overwolf (HKLM\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PokerStars.net (HKLM\...\PokerStars.net) (Version:  - PokerStars.net)
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Real Poker (HKLM\...\RealPoker_is1) (Version: 1.0 - Media Contact LLC)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
SpaceFight (HKLM\...\{06B386D5-6F9D-46F9-B3C3-14DF21B3FB06}) (Version: 1.0.0 - NoserverStudios)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WSOP.com (HKLM\...\WSOP.com) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 05:23 - 2010-02-07 14:26 - 00001205 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {17905E0C-867D-4D7D-9ABC-F60BBE90607D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-20] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A4B0D4B-925A-4813-9A97-56EE87446A9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000UA => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5BAB4647-0557-4CA1-AEB2-E5583495B9CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {677177BB-4E06-491D-ADF4-7EF789BB9C68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {6FF9BE8D-0F98-4C07-AFDF-AD2BEAA10E1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000Core => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25] (Google Inc.)
Task: {74A17FB4-D85B-42F6-B7DA-915CC138C9A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AF87F44E-0015-490A-8488-23C591529BA3} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {BEAA8E33-A3FB-4083-8EFE-C989A9991F39} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CED285DD-8386-4BEF-8D91-463530BCD19F} - System32\Tasks\{3259CD0A-19E6-4126-A8E9-557623659215} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {DDA591C0-7DE0-45E0-B0A5-ED13D0003149} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-02-07] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000Core.job => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000UA.job => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-19 21:33 - 2014-05-23 01:54 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:EA029835

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BfC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Harry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitWineTaskbar.lnk => C:\Windows\pss\BitWineTaskbar.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Harry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: Akamai NetSession Interface => C:\Users\Harry\AppData\Local\Akamai\netsession_win.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 00:29:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rkill.exe, version 2.6.6.0, time stamp 0x537b9044, faulting module rkill.exe, version 2.6.6.0, time stamp 0x537b9044, exception code 0xc0000417, fault offset 0x00061b95,
process id 0x156c, application start time 0xrkill.exe0.

Error: (06/04/2014 00:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rkill.exe, version 2.6.6.0, time stamp 0x537b9044, faulting module rkill.exe, version 2.6.6.0, time stamp 0x537b9044, exception code 0xc0000417, fault offset 0x00061b95,
process id 0x16dc, application start time 0xrkill.exe0.

Error: (06/04/2014 10:29:14 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/04/2014 10:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0675b7a2,
process id 0x11c8, application start time 0xExplorer.EXE0.

Error: (06/04/2014 10:27:38 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/04/2014 10:27:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x067eb7a2,
process id 0x698, application start time 0xExplorer.EXE0.

Error: (06/03/2014 11:53:03 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2014 11:44:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2014 10:45:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0292b7a2,
process id 0x9c4, application start time 0xrundll32.exe0.

Error: (06/03/2014 10:45:24 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (06/03/2014 11:53:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Avgdiskx
AVGIDSDriver
AVGIDSShim
Avgldx86
cdrom
spldr
Wanarpv6

Error: (06/03/2014 11:53:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: AVGIDSAgentAVGIDSDriver%%31

Error: (06/03/2014 11:53:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068

Error: (06/03/2014 11:53:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/03/2014 11:53:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/03/2014 11:53:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/03/2014 11:52:54 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/03/2014 11:44:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Avgdiskx
AVGIDSDriver
AVGIDSShim
Avgldx86
cdrom
spldr
Wanarpv6

Error: (06/03/2014 11:44:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: AVGIDSAgentAVGIDSDriver%%31

Error: (06/03/2014 11:44:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-04 12:37:35.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:35.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:35.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:34.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:34.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:34.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:34.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:33.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:33.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 12:37:33.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3069.61 MB
Available physical RAM: 1850.79 MB
Total Pagefile: 6341.5 MB
Available Pagefile: 5537.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.62 GB) (Free:107.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.26 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 64B664B6)
Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 bradford789

bradford789
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 04 June 2014 - 12:48 PM

i just noticed this C:\Windows\system32\rpcss.dll when i was able to run in normal mode this is what avg said was infected that is could not clean it as it is a important file than it just kept popping up all the time than thats when my display stopped working and that is why im now in safe mode only with networking



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:57 AM

Posted 04 June 2014 - 02:30 PM

Hi bradford789,
 
Yes, that system file has been infected.
 
Uninstalling a Program:

  • Click the windows logo on the taskbar and then click Control Panel.
  • Underneath Programs category, is Uninstall a program, click on that.
  • A list of programs installed will be populated, this may take a bit of time.
  • If the following programs exist, uninstall them by clicking on the following entries and selecting remove:
Free YouTube Downloader 3.5.187
  • Additional instructions can be found here if needed.

--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [] => [X]
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-06-04 11:40 - 2014-02-17 20:02 - 00000075 _____ () C:\Windows\system32\ywotbx.tyd
AlternateDataStreams: C:\ProgramData\TEMP:EA029835
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll C:\Windows\System32\rpcss.dll
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
Please run the fixit from here.
 
--------------
 
How is your computer running now?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log
  • Fixlog.txt
  • How your computer is running

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 bradford789

bradford789
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 04 June 2014 - 03:06 PM

do you want me to reboot my system because i cant run the fixit in safe mode it wont let me install it

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
Ran by Harry at 2014-06-04 14:53:10 Run:1
Running from C:\Users\Harry\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-06-04 11:40 - 2014-02-17 20:02 - 00000075 _____ () C:\Windows\system32\ywotbx.tyd
AlternateDataStreams: C:\ProgramData\TEMP:EA029835
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll C:\Windows\System32\rpcss.dll
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Windows\system32\ywotbx.tyd => Moved successfully.
C:\ProgramData\TEMP => ":EA029835" ADS removed successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

==== End of Fixlog ====

 

 

# AdwCleaner v3.211 - Report created 04/06/2014 at 14:55:08
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Harry - HARRY-LAPTOP
# Running from : C:\Users\Harry\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\user.js
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Conduit
Folder Found : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\CT2438727
Folder Found : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\prefs.js ]

Line Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2438727.CTID", "CT2438727");
Line Found : user_pref("CT2438727.CurrentServerDate", "5-11-2010");
Line Found : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2438727.DownloadReferralCookieData", "");
Line Found : user_pref("CT2438727.FirstServerDate", "1-11-2010");
Line Found : user_pref("CT2438727.FirstTime", true);
Line Found : user_pref("CT2438727.FirstTimeFF3", true);
Line Found : user_pref("CT2438727.FirstTimeSettingsDone", true);
Line Found : user_pref("CT2438727.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2438727.Initialize", true);
Line Found : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2438727.InstalledDate", "Sun Oct 31 2010 22:31:57 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2438727.IsGrouping", false);
Line Found : user_pref("CT2438727.IsMulticommunity", false);
Line Found : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Found : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Nov 04 2010 03:30:22 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2438727.LastLogin_2.7.1.3", "Thu Nov 04 2010 22:08:35 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Line Found : user_pref("CT2438727.Locale", "en");
Line Found : user_pref("CT2438727.LoginCache", 4);
Line Found : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
Line Found : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Fri Nov 05 2010 03:30:20 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2438727.SettingsLastCheckTime", "Thu Nov 04 2010 19:21:31 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2438727.SettingsLastUpdate", "1287517459");
Line Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sun Oct 31 2010 22:31:55 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2438727.UserID", "UN54548135275174749");
Line Found : user_pref("CT2438727.ValidationData_Search", 0);
Line Found : user_pref("CT2438727.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2438727.alertChannelId", "832836");
Line Found : user_pref("CT2438727.clientLogIsEnabled", true);
Line Found : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2438727.myStuffEnabled", true);
Line Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 720);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Nov 05 2010 15:30:15 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Nov 05 2010 03:30:19 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{26c44405-24f3-460c-9abb-93cd4aaea1fa}");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8759 octets] - [04/06/2014 14:55:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8819 octets] ##########
 



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:57 AM

Posted 04 June 2014 - 03:29 PM

Hi bradford789,

Yes, please restart and see if you can boot normally.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 bradford789

bradford789
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 04 June 2014 - 04:21 PM

ok im finally back first the computer had to run chdisk at the start that took for ever it moved files and restored stuff not sure what it was then i ran that fixit program from microsoft that you wanted me to run

now on the second reboot i got a windows alert saying Malwarebytes anit-malware stopped working and was closed not sure if that was suppose to happen but avg has not popped up yet and i dont have a black screen anymore

 

the malwarebytes still wont load though should i uninstall and reinstall it


Edited by bradford789, 04 June 2014 - 04:58 PM.


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:57 AM

Posted 05 June 2014 - 10:41 AM

Hi bradford789,
 
Okay, good to hear that it did manage to start normally.
Yes, please reinstall Malwarebytes and see if that makes any difference.
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Is Malwarebytes working after a reinstall?
  • AdwCleaner clean log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 bradford789

bradford789
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:topeka kansas
  • Local time:09:57 PM

Posted 05 June 2014 - 12:47 PM

no Malwarebytes wont reinstall i get alot of kernal error messages on the install

 

but other than that my pc just got a lot faster on boot up and loading

 

# AdwCleaner v3.211 - Report created 05/06/2014 at 12:38:39
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Harry - HARRY-LAPTOP
# Running from : C:\Users\Harry\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.0

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\AVG SafeGuard toolbar
[x] Not Deleted : C:\ProgramData\AVG Secure Search
[x] Not Deleted : C:\ProgramData\AVG Security Toolbar
[x] Not Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Babylon
[x] Not Deleted : C:\Program Files\Common Files\AVG Secure Search
[x] Not Deleted : C:\Users\Harry\AppData\Local\AVG SafeGuard toolbar
[x] Not Deleted : C:\Users\Harry\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Conduit
Folder Deleted : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\CT2438727
Folder Deleted : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
File Deleted : C:\END
[x] Not Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[x] Not Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Ask.com
[x] Not Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software
[x] Not Deleted : HKLM\Software\AVG SafeGuard toolbar
[x] Not Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\prefs.js ]

Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2438727.CTID", "CT2438727");
Line Deleted : user_pref("CT2438727.CurrentServerDate", "5-11-2010");
Line Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2438727.FirstServerDate", "1-11-2010");
Line Deleted : user_pref("CT2438727.FirstTime", true);
Line Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Line Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2438727.Initialize", true);
Line Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2438727.InstalledDate", "Sun Oct 31 2010 22:31:57 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2438727.IsGrouping", false);
Line Deleted : user_pref("CT2438727.IsMulticommunity", false);
Line Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Nov 04 2010 03:30:22 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Thu Nov 04 2010 22:08:35 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Line Deleted : user_pref("CT2438727.Locale", "en");
Line Deleted : user_pref("CT2438727.LoginCache", 4);
Line Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
Line Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Fri Nov 05 2010 03:30:20 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Thu Nov 04 2010 19:21:31 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2438727.SettingsLastUpdate", "1287517459");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sun Oct 31 2010 22:31:55 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2438727.UserID", "UN54548135275174749");
Line Deleted : user_pref("CT2438727.ValidationData_Search", 0);
Line Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2438727.alertChannelId", "832836");
Line Deleted : user_pref("CT2438727.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2438727.myStuffEnabled", true);
Line Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 720);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Nov 05 2010 15:30:15 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Nov 05 2010 03:30:19 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{26c44405-24f3-460c-9abb-93cd4aaea1fa}");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8899 octets] - [04/06/2014 14:55:08]
AdwCleaner[R1].txt - [11711 octets] - [05/06/2014 12:32:38]
AdwCleaner[S0].txt - [11865 octets] - [05/06/2014 12:38:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11926 octets] ##########

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Harry (administrator) on HARRY-LAPTOP on 05-06-2014 12:43:53
Running from C:\Users\Harry\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\Free Desktop Timer\DesktopTimer.exe
(LivePerson Inc.) C:\Program Files\Kasamba\Psychic\ExpertMessenger.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1800073338-346714301-1003437155-1000\...\Run: [Google Update] => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-25] (Google Inc.)
HKU\S-1-5-21-1800073338-346714301-1003437155-1000\...\Run: [FreeDesktopTimer] => C:\Program Files\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()
HKU\S-1-5-21-1800073338-346714301-1003437155-1000\...\MountPoints2: {023aa3bc-e066-11e3-9f96-002186307a09} - E:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kasamba Messenger.lnk
ShortcutTarget: Kasamba Messenger.lnk -> C:\Program Files\Kasamba\Psychic\ExpertMessenger.exe (LivePerson Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x467228AD87A8CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Harry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Harry\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Harry\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Harry\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (WebEx Communications, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Harry\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Harry\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-03]
FF Extension: Faark's Grepolis Bericht 2 Image - Exporter - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09} [2010-03-23]
FF Extension: Better Torrent - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\jid0-HVSBDzuc3UFGvmtex3x0IZzgCM8@jetpack.xpi [2014-05-23]
FF Extension: Multiple Tab Handler - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2014-05-19]
FF Extension: Speed Dial - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-05-20]
FF Extension: Greasemonkey - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\3ofzn8jb.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-05-09]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google Search) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (Astro Empires Observer) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagmnkfeenobbgeeilbfjkgihcbnjeai [2014-05-29]
CHR Extension: (AstroScanner) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmdomggfogjjkpinjpbknaofindgje [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]
CHR Extension: (Gmail) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-05] (Perfect World Entertainment Inc)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-06-04] (AVG Technologies)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 12:31 - 2014-06-05 12:31 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 12:31 - 2014-06-05 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 12:31 - 2014-06-05 12:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-05 12:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 12:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 12:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-04 22:17 - 2014-06-05 02:17 - 00000000 ____D () C:\Users\Harry\AppData\Local\AVG SafeGuard toolbar
2014-06-04 22:17 - 2014-06-04 22:17 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-06-04 22:17 - 2014-06-04 22:17 - 00000000 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-06-04 22:16 - 2014-06-04 22:17 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-06-04 22:16 - 2014-06-04 22:17 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-06-04 22:16 - 2014-06-04 22:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-04 22:16 - 2014-06-04 22:16 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-06-04 22:16 - 2014-06-04 22:15 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-06-04 18:03 - 2014-06-04 18:03 - 00159584 _____ () C:\Windows\Minidump\Mini060414-01.dmp
2014-06-04 15:04 - 2014-06-04 15:04 - 00991232 _____ () C:\Users\Harry\Downloads\MicrosoftFixit50267(1).msi
2014-06-04 15:02 - 2014-06-04 15:02 - 00991232 _____ () C:\Users\Harry\Downloads\MicrosoftFixit50267.msi
2014-06-04 14:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-04 14:55 - 2014-06-05 12:38 - 00000000 ____D () C:\AdwCleaner
2014-06-04 14:54 - 2014-06-04 14:54 - 01327971 _____ () C:\Users\Harry\Desktop\AdwCleaner.exe
2014-06-04 12:37 - 2014-06-04 12:37 - 00041993 _____ () C:\Users\Harry\Desktop\Addition.txt
2014-06-04 12:35 - 2014-06-05 12:43 - 00016882 _____ () C:\Users\Harry\Desktop\FRST.txt
2014-06-04 12:19 - 2014-06-04 12:29 - 00005674 _____ () C:\Users\Harry\Desktop\Rkill.txt
2014-06-04 12:19 - 2014-06-04 12:19 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Harry\Desktop\rkill.exe
2014-06-04 12:14 - 2014-06-04 12:16 - 00000533 _____ () C:\Windows\avgrep.txt
2014-06-03 23:49 - 2014-06-03 23:50 - 00003554 _____ () C:\Users\Harry\Downloads\Activate Sound in SafeMode.reg
2014-06-03 22:13 - 2014-06-05 12:44 - 00000000 ____D () C:\FRST
2014-06-03 22:13 - 2014-06-04 12:33 - 01059840 _____ (Farbar) C:\Users\Harry\Desktop\FRST.exe
2014-06-03 21:54 - 2014-06-03 21:54 - 00002193 _____ () C:\Users\Harry\Desktop\malware.txt
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 21:16 - 2014-06-03 21:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harry\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 20:39 - 2014-06-03 20:39 - 00157664 _____ () C:\Windows\Minidump\Mini060314-01.dmp
2014-06-03 20:27 - 2014-06-03 20:27 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\AVG2014
2014-06-03 20:26 - 2014-06-03 20:26 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TuneUp Software
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-03 20:24 - 2014-06-03 20:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-03 20:24 - 2014-06-03 20:24 - 00000000 ___HD () C:\$AVG
2014-06-03 20:22 - 2014-06-03 20:22 - 00000000 ____D () C:\Program Files\AVG
2014-06-03 20:08 - 2014-06-05 12:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-03 20:08 - 2014-06-03 20:31 - 00000000 ____D () C:\Users\Harry\AppData\Local\Avg2014
2014-06-03 20:08 - 2014-06-03 20:08 - 00000000 ____D () C:\Users\Harry\AppData\Local\MFAData
2014-06-03 20:07 - 2014-06-03 20:07 - 04485528 _____ (AVG Technologies) C:\Users\Harry\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-01 19:11 - 2014-06-01 19:11 - 18309318 _____ () C:\Users\Harry\Downloads\net2ftp-1401667906.zip
2014-06-01 18:21 - 2014-06-01 18:21 - 00000940 _____ () C:\Users\Harry\Desktop\kompozer - Shortcut.lnk
2014-06-01 18:13 - 2014-06-01 18:13 - 00000062 _____ () C:\Windows\wininit.ini
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Program Files\3Dize
2014-06-01 18:10 - 2014-06-01 18:10 - 00929416 _____ (CNET Download.com) C:\Users\Harry\Downloads\cbsidlm-cbsi188-Cool_Page-SEO-10024827.exe
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\Downloads\kompozer-0.7.10-win32
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\KompoZer
2014-06-01 17:44 - 2014-06-01 17:45 - 07949158 _____ () C:\Users\Harry\Downloads\kompozer-0.7.10-win32.zip
2014-06-01 16:57 - 2014-06-01 16:58 - 00000000 ____D () C:\Users\Harry\Desktop\fankit
2014-05-30 01:53 - 2014-05-30 01:53 - 00000000 ____D () C:\Users\Harry\Documents\OneNote Notebooks
2014-05-30 01:50 - 2014-05-30 01:50 - 00981688 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\setuponenotefreeretail.x86.en-us_.exe
2014-05-30 01:44 - 2014-05-30 01:44 - 00682616 _____ (Babylon Ltd.) C:\Users\Harry\Downloads\Babylon10_setup.exe
2014-05-29 22:51 - 2014-05-29 22:51 - 00000642 _____ () C:\Users\Harry\Downloads\google.csv
2014-05-29 21:44 - 2014-05-29 21:44 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup (1).exe
2014-05-29 21:39 - 2014-05-29 21:39 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-29 21:39 - 2014-05-29 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 21:38 - 2014-06-05 12:43 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 21:38 - 2014-06-05 12:41 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 21:38 - 2014-05-29 21:38 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 02128896 _____ () C:\Users\Harry\Downloads\Jumpgate Network Program.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 00000000 _____ () C:\Users\Harry\Downloads\Jumpgate List.JG
2014-05-29 19:40 - 2014-05-29 19:41 - 12012032 _____ () C:\Users\Harry\Downloads\AE Base Simulator 1.2.2.exe
2014-05-29 14:45 - 2014-05-29 14:48 - 00000000 ____D () C:\Users\Harry\Desktop\New Folder
2014-05-29 11:11 - 2014-05-29 11:11 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\FreeLanguageTranslator
2014-05-29 11:09 - 2014-05-29 11:09 - 00006184 _____ () C:\Users\Harry\Documents\LanguageTranslatorInstall.log
2014-05-29 11:09 - 2014-05-29 11:09 - 00005608 _____ () C:\Users\Harry\Documents\fdb22442-29e6-4dce-b18e-b9ae40310f6dLanguageTranslatorInstall.log
2014-05-29 11:08 - 2014-05-29 11:08 - 00001982 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Free Language Translator.lnk
2014-05-29 11:08 - 2014-05-29 11:08 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator3
2014-05-29 11:06 - 2014-05-29 11:06 - 02431271 _____ () C:\Users\Harry\Downloads\FreeTranslatorSetup_3.3.zip
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\Documents\gegl-0.0
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\.gimp-2.6
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Program Files\GIMP-2.0
2014-05-28 15:08 - 2014-05-28 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 15:07 - 2014-05-28 15:08 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 15:04 - 2014-05-28 15:04 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-05-28 15:02 - 2014-05-28 15:02 - 41945432 _____ (Apple Inc.) C:\Users\Harry\Downloads\QuickTimeInstaller.exe
2014-05-27 23:47 - 2014-05-27 23:48 - 13224834 _____ () C:\Users\Harry\Downloads\htmlunit-2.14-bin.zip
2014-05-27 23:25 - 2014-05-27 23:26 - 26908896 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\Windows-KB890830-V5.12.exe
2014-05-27 15:54 - 2014-05-27 16:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TypingTrainer8
2014-05-27 15:54 - 2013-01-07 11:04 - 00000037 _____ () C:\ProgramData\ttrainer8.data
2014-05-27 15:49 - 2014-05-27 15:49 - 00644864 _____ (Typing Innovation Group Ltd) C:\Users\Harry\Downloads\TypingTrainer.exe
2014-05-27 03:15 - 2014-05-27 03:15 - 00814778 _____ (Drive Software Company ) C:\Users\Harry\Downloads\desktoptimer.exe
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Desktop Timer
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\Program Files\Free Desktop Timer
2014-05-27 02:10 - 2014-05-27 02:10 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\betonline
2014-05-27 01:52 - 2014-06-04 22:37 - 00000928 _____ () C:\Users\Public\Desktop\BetOnline Poker 8.2.lnk
2014-05-27 01:52 - 2014-05-27 01:52 - 00001816 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BetOnline Poker 8.2.lnk
2014-05-27 01:52 - 2014-05-27 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnline Poker 8.2
2014-05-27 01:51 - 2014-05-27 01:52 - 00000000 ____D () C:\Program Files\BetOnline Poker 8.2
2014-05-27 01:50 - 2014-05-27 01:50 - 24969919 _____ (Hero Poker Network) C:\Users\Harry\Downloads\BetOnlinePokerSetup.exe
2014-05-27 01:48 - 2014-06-01 20:50 - 00000000 ___HD () C:\BOL
2014-05-27 01:48 - 2014-05-27 01:48 - 00001722 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00001710 _____ () C:\Users\Public\Desktop\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00000000 ____D () C:\Program Files\BetOnline Client
2014-05-27 01:47 - 2014-05-27 01:47 - 03643430 _____ () C:\Users\Harry\Downloads\betonlineinstaller.exe
2014-05-24 17:44 - 2014-05-24 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kasamba Messenger
2014-05-24 17:44 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2014-05-24 17:43 - 2014-05-24 17:43 - 00000000 ____D () C:\Program Files\Kasamba
2014-05-24 17:40 - 2014-05-24 17:42 - 05764600 _____ () C:\Users\Harry\Downloads\KasambaExpertSetup.exe
2014-05-24 17:40 - 2014-05-24 17:40 - 00093527 _____ () C:\Users\Harry\Documents\Recommended steps.htm
2014-05-24 17:40 - 2014-05-24 17:40 - 00000000 ____D () C:\Users\Harry\Documents\Recommended steps_files
2014-05-24 00:53 - 2014-05-24 00:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ___RD () C:\Program Files\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Users\Harry\AppData\Local\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-24 00:52 - 2014-05-24 00:52 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Harry\Downloads\SkypeSetup.exe
2014-05-23 21:58 - 2014-05-24 21:07 - 00000000 ____D () C:\Users\Harry\Documents\Youcam
2014-05-23 20:29 - 2014-05-23 20:29 - 00000896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000890 _____ () C:\Users\Public\Desktop\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2014-05-23 20:27 - 2014-05-23 20:29 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM(1).exe
2014-05-23 20:25 - 2014-05-23 20:27 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM.exe
2014-05-23 02:41 - 2014-05-23 02:41 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\NVIDIA
2014-05-23 02:10 - 2014-06-03 20:47 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\BitTorrent
2014-05-23 02:10 - 2014-05-23 02:10 - 01639760 _____ (BitTorrent Inc.) C:\Users\Harry\Downloads\BitTorrent.exe
2014-05-23 00:48 - 2014-05-23 00:48 - 00000000 ____D () C:\Users\Harry\AppData\Local\cache
2014-05-23 00:47 - 2014-05-23 01:26 - 00000000 ____D () C:\Users\Harry\AppData\Local\FullTiltPoker
2014-05-23 00:47 - 2014-05-23 01:26 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-05-23 00:47 - 2014-05-23 00:47 - 00000860 _____ () C:\Users\Public\Desktop\Full Tilt Poker.lnk
2014-05-23 00:47 - 2014-05-23 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-05-23 00:37 - 2014-05-23 00:42 - 50741784 _____ () C:\Users\Harry\Downloads\FullTiltSetup.exe
2014-05-22 22:28 - 2014-05-22 22:28 - 00000000 ____D () C:\Crash
2014-05-22 20:43 - 2014-05-22 20:43 - 00002051 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00002021 _____ () C:\Users\Harry\Desktop\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Windows\system32\directx
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Harry\AppData\Local\SCE
2014-05-22 20:41 - 2014-05-22 20:42 - 23978024 _____ () C:\Users\Harry\Downloads\PS2_setup.exe
2014-05-22 18:12 - 2014-05-27 06:14 - 00000000 ____D () C:\Users\Harry\Documents\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:12 - 00001839 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00001815 _____ () C:\Users\Harry\Desktop\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:11 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\WSOP.com
2014-05-22 18:11 - 2014-05-22 18:12 - 00000000 ____D () C:\Program Files\WSOP.com
2014-05-21 03:07 - 2014-05-21 03:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-20 16:27 - 2014-05-20 16:27 - 00001908 _____ () C:\Users\Public\Desktop\SpaceFight.lnk
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Noserver
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\Program Files\Noserver
2014-05-20 16:25 - 2014-05-20 16:26 - 54744474 _____ (Igor Pavlov) C:\Users\Harry\Downloads\spacefight_setup.exe
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\Users\Harry\AppData\Local\Macromedia
2014-05-20 10:45 - 2014-06-05 12:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 10:45 - 2014-05-20 12:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-20 03:25 - 2014-05-20 16:33 - 00000000 ____D () C:\ProgramData\Overwolf
2014-05-20 01:06 - 2014-05-20 01:06 - 00001756 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-05-20 01:06 - 2014-05-20 01:06 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-05-20 01:05 - 2014-05-20 01:06 - 00000000 ____D () C:\Program Files\Overwolf
2014-05-20 01:05 - 2014-05-20 01:05 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-05-20 01:03 - 2014-05-20 16:33 - 00000000 ____D () C:\Users\Harry\AppData\Local\Overwolf
2014-05-20 01:03 - 2014-05-20 01:22 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TS3Client
2014-05-20 01:03 - 2014-05-20 01:03 - 00000959 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-20 01:02 - 2014-05-20 01:03 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-05-20 00:59 - 2014-05-20 01:01 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Harry\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-05-19 21:34 - 2014-06-03 21:05 - 00000000 ____D () C:\Users\Harry\AppData\Local\Nvidia Corporation
2014-05-19 21:33 - 2014-05-24 14:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-19 21:33 - 2014-05-19 21:33 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-19 21:33 - 2014-05-19 21:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-19 21:31 - 2014-05-19 21:31 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-05-19 21:25 - 2012-12-29 05:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-19 21:25 - 2012-12-29 05:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2014-05-19 21:25 - 2012-12-29 05:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2014-05-19 21:20 - 2014-05-19 21:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-19 21:20 - 2014-05-19 21:21 - 00000000 ____D () C:\Users\Harry\AppData\Local\NVIDIA
2014-05-19 21:20 - 2014-05-19 21:20 - 00001140 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-05-19 21:18 - 2014-05-19 21:18 - 28033792 _____ (NVIDIA Corporation) C:\Users\Harry\Downloads\GeForce_Experience_v2.0.1.0.exe
2014-05-19 19:23 - 2014-05-19 19:24 - 00159584 _____ () C:\Windows\Minidump\Mini051914-01.dmp
2014-05-19 19:05 - 2014-06-01 18:21 - 00000000 ____D () C:\Users\Harry\Desktop\everything
2014-05-19 19:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-05-19 18:56 - 2014-05-19 18:58 - 00000000 ___HD () C:\ArcTemp
2014-05-19 18:53 - 2014-05-19 22:01 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Arc
2014-05-19 18:53 - 2014-05-19 18:57 - 00000000 ____D () C:\Program Files\Perfect World Entertainment
2014-05-19 18:53 - 2014-05-19 18:53 - 00001635 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-05-19 18:53 - 2014-05-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-05-19 18:52 - 2014-05-19 18:52 - 09514088 _____ (Perfect World Entertainment) C:\Users\Harry\Downloads\ArcInstall_v20140404a.exe
2014-05-18 23:36 - 2014-05-18 23:50 - 00009075 _____ () C:\Users\Harry\AppData\Roaming\.freeciv-client-rc-2.4
2014-05-18 23:33 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\.freeciv
2014-05-18 23:25 - 2014-05-18 23:27 - 00000000 ____D () C:\Users\Harry\Documents\FreeCol
2014-05-18 23:17 - 2014-05-18 23:17 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Awem
2014-05-16 03:01 - 2014-05-05 18:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 03:00 - 2014-05-05 18:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 03:00 - 2014-05-05 18:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:48 - 2014-05-15 22:48 - 00019365 _____ () C:\Users\Harry\Downloads\oneos_installer.txt
2014-05-15 22:33 - 2014-05-15 22:33 - 00000898 _____ () C:\Users\Harry\Desktop\Real Poker.lnk
2014-05-15 22:26 - 2014-05-15 22:26 - 02582796 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Real_Poker.exe
2014-05-15 22:25 - 2014-05-15 22:25 - 12970507 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Star-Defender4.exe
2014-05-15 22:24 - 2014-05-15 22:24 - 10547174 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\StarGunner.exe
2014-05-15 22:12 - 2014-05-15 22:12 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeciv 2.4.2 (GTK+2 client)
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\freecol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\Freeciv-2.4.2-gtk2
2014-05-15 22:03 - 2014-05-15 22:03 - 79454664 _____ () C:\Users\Harry\Downloads\virtualcity-setup.exe
2014-05-15 21:59 - 2014-05-15 22:01 - 37739520 _____ () C:\Users\Harry\Downloads\freecol-0.10.7-installer.exe
2014-05-15 21:59 - 2014-05-15 22:00 - 28215140 _____ () C:\Users\Harry\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-05-15 20:42 - 2014-05-15 20:42 - 00654317 _____ () C:\Users\Harry\Downloads\asterion-launcher-bootstrap.jar
2014-05-15 18:50 - 2014-05-15 18:50 - 00114942 _____ () C:\Users\Harry\Downloads\ModTools.zip
2014-05-15 18:35 - 2014-03-25 08:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 20:25 - 2014-05-14 20:44 - 00000000 ____D () C:\Users\Harry\Downloads\aaaa
2014-05-14 15:48 - 2014-05-14 15:48 - 00000000 ____D () C:\Users\Harry\Downloads\ragetech
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-06-05 12:45 - 2014-06-04 12:35 - 00016882 _____ () C:\Users\Harry\Desktop\FRST.txt
2014-06-05 12:45 - 2010-02-06 14:52 - 00000000 ____D () C:\Users\Harry\AppData\Local\Temp
2014-06-05 12:45 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 12:44 - 2014-06-03 22:13 - 00000000 ____D () C:\FRST
2014-06-05 12:43 - 2014-05-29 21:38 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 12:41 - 2014-05-29 21:38 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 12:41 - 2014-04-30 14:44 - 00057926 _____ () C:\Windows\PFRO.log
2014-06-05 12:41 - 2010-10-20 05:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-05 12:41 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 12:41 - 2006-11-02 07:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 12:41 - 2006-11-02 07:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 12:40 - 2010-02-06 11:10 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-06-05 12:40 - 2006-11-02 08:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-05 12:40 - 2006-11-02 07:52 - 01186300 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 12:38 - 2014-06-04 14:55 - 00000000 ____D () C:\AdwCleaner
2014-06-05 12:32 - 2014-06-03 20:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-05 12:31 - 2014-06-05 12:31 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 12:31 - 2014-06-05 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 12:31 - 2014-06-05 12:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-05 12:31 - 2010-10-25 19:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000UA.job
2014-06-05 12:09 - 2014-05-20 10:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 02:17 - 2014-06-04 22:17 - 00000000 ____D () C:\Users\Harry\AppData\Local\AVG SafeGuard toolbar
2014-06-05 00:00 - 2010-03-27 02:52 - 00000000 ____D () C:\Users\Harry\AppData\Local\PokerStars.NET
2014-06-04 22:37 - 2014-05-27 01:52 - 00000928 _____ () C:\Users\Public\Desktop\BetOnline Poker 8.2.lnk
2014-06-04 22:17 - 2014-06-04 22:17 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-06-04 22:17 - 2014-06-04 22:17 - 00000000 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-06-04 22:17 - 2014-06-04 22:16 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-06-04 22:17 - 2014-06-04 22:16 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-06-04 22:16 - 2014-06-04 22:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-04 22:16 - 2014-06-04 22:16 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-06-04 22:15 - 2014-06-04 22:16 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-06-04 18:32 - 2010-10-25 19:27 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1800073338-346714301-1003437155-1000Core.job
2014-06-04 18:08 - 2010-02-07 03:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-04 18:03 - 2014-06-04 18:03 - 00159584 _____ () C:\Windows\Minidump\Mini060414-01.dmp
2014-06-04 18:03 - 2010-02-06 14:52 - 00001356 _____ () C:\Users\Harry\AppData\Local\d3d9caps.dat
2014-06-04 18:02 - 2014-05-01 14:25 - 368880603 _____ () C:\Windows\MEMORY.DMP
2014-06-04 15:47 - 2006-11-02 07:47 - 00024576 _____ () C:\Windows\system32\umstartup.etl
2014-06-04 15:04 - 2014-06-04 15:04 - 00991232 _____ () C:\Users\Harry\Downloads\MicrosoftFixit50267(1).msi
2014-06-04 15:02 - 2014-06-04 15:02 - 00991232 _____ () C:\Users\Harry\Downloads\MicrosoftFixit50267.msi
2014-06-04 14:54 - 2014-06-04 14:54 - 01327971 _____ () C:\Users\Harry\Desktop\AdwCleaner.exe
2014-06-04 12:37 - 2014-06-04 12:37 - 00041993 _____ () C:\Users\Harry\Desktop\Addition.txt
2014-06-04 12:33 - 2014-06-03 22:13 - 01059840 _____ (Farbar) C:\Users\Harry\Desktop\FRST.exe
2014-06-04 12:29 - 2014-06-04 12:19 - 00005674 _____ () C:\Users\Harry\Desktop\Rkill.txt
2014-06-04 12:19 - 2014-06-04 12:19 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Harry\Desktop\rkill.exe
2014-06-04 12:16 - 2014-06-04 12:14 - 00000533 _____ () C:\Windows\avgrep.txt
2014-06-03 23:50 - 2014-06-03 23:49 - 00003554 _____ () C:\Users\Harry\Downloads\Activate Sound in SafeMode.reg
2014-06-03 21:54 - 2014-06-03 21:54 - 00002193 _____ () C:\Users\Harry\Desktop\malware.txt
2014-06-03 21:28 - 2014-06-03 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 21:16 - 2014-06-03 21:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harry\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 21:05 - 2014-05-19 21:34 - 00000000 ____D () C:\Users\Harry\AppData\Local\Nvidia Corporation
2014-06-03 20:47 - 2014-05-23 02:10 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\BitTorrent
2014-06-03 20:47 - 2014-02-06 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2014-06-03 20:39 - 2014-06-03 20:39 - 00157664 _____ () C:\Windows\Minidump\Mini060314-01.dmp
2014-06-03 20:39 - 2010-03-14 06:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 20:31 - 2014-06-03 20:08 - 00000000 ____D () C:\Users\Harry\AppData\Local\Avg2014
2014-06-03 20:27 - 2014-06-03 20:27 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\AVG2014
2014-06-03 20:26 - 2014-06-03 20:26 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TuneUp Software
2014-06-03 20:26 - 2014-06-03 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-03 20:26 - 2014-06-03 20:24 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-03 20:26 - 2010-02-06 14:52 - 00000000 ____D () C:\Users\Harry
2014-06-03 20:24 - 2014-06-03 20:24 - 00000000 ___HD () C:\$AVG
2014-06-03 20:22 - 2014-06-03 20:22 - 00000000 ____D () C:\Program Files\AVG
2014-06-03 20:08 - 2014-06-03 20:08 - 00000000 ____D () C:\Users\Harry\AppData\Local\MFAData
2014-06-03 20:07 - 2014-06-03 20:07 - 04485528 _____ (AVG Technologies) C:\Users\Harry\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-03 16:32 - 2010-03-27 02:47 - 00000000 ____D () C:\Program Files\PokerStars.NET
2014-06-01 20:50 - 2014-05-27 01:48 - 00000000 ___HD () C:\BOL
2014-06-01 19:11 - 2014-06-01 19:11 - 18309318 _____ () C:\Users\Harry\Downloads\net2ftp-1401667906.zip
2014-06-01 18:21 - 2014-06-01 18:21 - 00000940 _____ () C:\Users\Harry\Desktop\kompozer - Shortcut.lnk
2014-06-01 18:21 - 2014-05-19 19:05 - 00000000 ____D () C:\Users\Harry\Desktop\everything
2014-06-01 18:13 - 2014-06-01 18:13 - 00000062 _____ () C:\Windows\wininit.ini
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Page 2.72
2014-06-01 18:13 - 2014-06-01 18:13 - 00000000 ____D () C:\Program Files\3Dize
2014-06-01 18:13 - 2006-11-02 05:23 - 00000240 _____ () C:\Windows\system.ini
2014-06-01 18:10 - 2014-06-01 18:10 - 00929416 _____ (CNET Download.com) C:\Users\Harry\Downloads\cbsidlm-cbsi188-Cool_Page-SEO-10024827.exe
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\Downloads\kompozer-0.7.10-win32
2014-06-01 17:58 - 2014-06-01 17:58 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\KompoZer
2014-06-01 17:49 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-01 17:48 - 2010-11-08 22:09 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Apple Computer
2014-06-01 17:45 - 2014-06-01 17:44 - 07949158 _____ () C:\Users\Harry\Downloads\kompozer-0.7.10-win32.zip
2014-06-01 16:58 - 2014-06-01 16:57 - 00000000 ____D () C:\Users\Harry\Desktop\fankit
2014-05-31 11:54 - 2010-07-19 07:26 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Skype
2014-05-30 01:53 - 2014-05-30 01:53 - 00000000 ____D () C:\Users\Harry\Documents\OneNote Notebooks
2014-05-30 01:50 - 2014-05-30 01:50 - 00981688 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\setuponenotefreeretail.x86.en-us_.exe
2014-05-30 01:44 - 2014-05-30 01:44 - 00682616 _____ (Babylon Ltd.) C:\Users\Harry\Downloads\Babylon10_setup.exe
2014-05-29 22:51 - 2014-05-29 22:51 - 00000642 _____ () C:\Users\Harry\Downloads\google.csv
2014-05-29 21:44 - 2014-05-29 21:44 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup (1).exe
2014-05-29 21:39 - 2014-05-29 21:39 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-29 21:39 - 2014-05-29 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 21:39 - 2010-10-25 19:27 - 00000000 ____D () C:\Users\Harry\AppData\Local\Google
2014-05-29 21:39 - 2010-07-19 07:26 - 00000000 ____D () C:\Program Files\Google
2014-05-29 21:38 - 2014-05-29 21:38 - 00918672 _____ (Google Inc.) C:\Users\Harry\Downloads\ChromeSetup.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 02128896 _____ () C:\Users\Harry\Downloads\Jumpgate Network Program.exe
2014-05-29 19:47 - 2014-05-29 19:47 - 00000000 _____ () C:\Users\Harry\Downloads\Jumpgate List.JG
2014-05-29 19:41 - 2014-05-29 19:40 - 12012032 _____ () C:\Users\Harry\Downloads\AE Base Simulator 1.2.2.exe
2014-05-29 14:48 - 2014-05-29 14:45 - 00000000 ____D () C:\Users\Harry\Desktop\New Folder
2014-05-29 11:11 - 2014-05-29 11:11 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\FreeLanguageTranslator
2014-05-29 11:09 - 2014-05-29 11:09 - 00006184 _____ () C:\Users\Harry\Documents\LanguageTranslatorInstall.log
2014-05-29 11:09 - 2014-05-29 11:09 - 00005608 _____ () C:\Users\Harry\Documents\fdb22442-29e6-4dce-b18e-b9ae40310f6dLanguageTranslatorInstall.log
2014-05-29 11:08 - 2014-05-29 11:08 - 00001982 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Free Language Translator.lnk
2014-05-29 11:08 - 2014-05-29 11:08 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator3
2014-05-29 11:06 - 2014-05-29 11:06 - 02431271 _____ () C:\Users\Harry\Downloads\FreeTranslatorSetup_3.3.zip
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\Documents\gegl-0.0
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Users\Harry\.gimp-2.6
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
2014-05-28 18:57 - 2014-05-28 18:57 - 00000000 ____D () C:\Program Files\GIMP-2.0
2014-05-28 15:08 - 2014-05-28 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 15:08 - 2014-05-28 15:07 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 15:04 - 2014-05-28 15:04 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-05-28 15:04 - 2010-11-06 05:25 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-05-28 15:02 - 2014-05-28 15:02 - 41945432 _____ (Apple Inc.) C:\Users\Harry\Downloads\QuickTimeInstaller.exe
2014-05-27 23:48 - 2014-05-27 23:47 - 13224834 _____ () C:\Users\Harry\Downloads\htmlunit-2.14-bin.zip
2014-05-27 23:26 - 2014-05-27 23:25 - 26908896 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\Windows-KB890830-V5.12.exe
2014-05-27 16:12 - 2014-05-27 15:54 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TypingTrainer8
2014-05-27 15:49 - 2014-05-27 15:49 - 00644864 _____ (Typing Innovation Group Ltd) C:\Users\Harry\Downloads\TypingTrainer.exe
2014-05-27 06:14 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\Documents\WSOP.com
2014-05-27 03:15 - 2014-05-27 03:15 - 00814778 _____ (Drive Software Company ) C:\Users\Harry\Downloads\desktoptimer.exe
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Desktop Timer
2014-05-27 03:15 - 2014-05-27 03:15 - 00000000 ____D () C:\Program Files\Free Desktop Timer
2014-05-27 02:10 - 2014-05-27 02:10 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\betonline
2014-05-27 01:52 - 2014-05-27 01:52 - 00001816 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BetOnline Poker 8.2.lnk
2014-05-27 01:52 - 2014-05-27 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnline Poker 8.2
2014-05-27 01:52 - 2014-05-27 01:51 - 00000000 ____D () C:\Program Files\BetOnline Poker 8.2
2014-05-27 01:50 - 2014-05-27 01:50 - 24969919 _____ (Hero Poker Network) C:\Users\Harry\Downloads\BetOnlinePokerSetup.exe
2014-05-27 01:48 - 2014-05-27 01:48 - 00001722 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00001710 _____ () C:\Users\Public\Desktop\BetOnlineClient.lnk
2014-05-27 01:48 - 2014-05-27 01:48 - 00000000 ____D () C:\Program Files\BetOnline Client
2014-05-27 01:47 - 2014-05-27 01:47 - 03643430 _____ () C:\Users\Harry\Downloads\betonlineinstaller.exe
2014-05-24 21:07 - 2014-05-23 21:58 - 00000000 ____D () C:\Users\Harry\Documents\Youcam
2014-05-24 17:44 - 2014-05-24 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kasamba Messenger
2014-05-24 17:43 - 2014-05-24 17:43 - 00000000 ____D () C:\Program Files\Kasamba
2014-05-24 17:42 - 2014-05-24 17:40 - 05764600 _____ () C:\Users\Harry\Downloads\KasambaExpertSetup.exe
2014-05-24 17:40 - 2014-05-24 17:40 - 00093527 _____ () C:\Users\Harry\Documents\Recommended steps.htm
2014-05-24 17:40 - 2014-05-24 17:40 - 00000000 ____D () C:\Users\Harry\Documents\Recommended steps_files
2014-05-24 14:53 - 2014-05-19 21:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-24 00:53 - 2014-05-24 00:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ___RD () C:\Program Files\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Users\Harry\AppData\Local\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-24 00:53 - 2014-05-24 00:53 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-24 00:53 - 2010-07-19 07:26 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 00:52 - 2014-05-24 00:52 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Harry\Downloads\SkypeSetup.exe
2014-05-23 22:02 - 2010-10-10 03:24 - 00030208 _____ () C:\Users\Harry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-23 20:29 - 2014-05-23 20:29 - 00000896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000890 _____ () C:\Users\Public\Desktop\PokerStars.net.lnk
2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2014-05-23 20:29 - 2014-05-23 20:27 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM(1).exe
2014-05-23 20:27 - 2014-05-23 20:25 - 28056120 _____ (PokerStars) C:\Users\Harry\Downloads\PokerStarsInstallPM.exe
2014-05-23 03:30 - 2014-04-08 20:23 - 00000000 ____D () C:\Users\Harry\Downloads\pc
2014-05-23 02:41 - 2014-05-23 02:41 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\NVIDIA
2014-05-23 02:10 - 2014-05-23 02:10 - 01639760 _____ (BitTorrent Inc.) C:\Users\Harry\Downloads\BitTorrent.exe
2014-05-23 01:54 - 2010-02-10 07:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-23 01:26 - 2014-05-23 00:47 - 00000000 ____D () C:\Users\Harry\AppData\Local\FullTiltPoker
2014-05-23 01:26 - 2014-05-23 00:47 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-05-23 00:48 - 2014-05-23 00:48 - 00000000 ____D () C:\Users\Harry\AppData\Local\cache
2014-05-23 00:47 - 2014-05-23 00:47 - 00000860 _____ () C:\Users\Public\Desktop\Full Tilt Poker.lnk
2014-05-23 00:47 - 2014-05-23 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-05-23 00:42 - 2014-05-23 00:37 - 50741784 _____ () C:\Users\Harry\Downloads\FullTiltSetup.exe
2014-05-22 22:28 - 2014-05-22 22:28 - 00000000 ____D () C:\Crash
2014-05-22 20:43 - 2014-05-22 20:43 - 00002051 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00002021 _____ () C:\Users\Harry\Desktop\PlanetSide 2.lnk
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Windows\system32\directx
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-05-22 20:43 - 2014-05-22 20:43 - 00000000 ____D () C:\Users\Harry\AppData\Local\SCE
2014-05-22 20:43 - 2010-10-09 20:43 - 00000000 ____D () C:\Temp
2014-05-22 20:43 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-05-22 20:42 - 2014-05-22 20:41 - 23978024 _____ () C:\Users\Harry\Downloads\PS2_setup.exe
2014-05-22 18:12 - 2014-05-22 18:12 - 00001839 _____ () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00001815 _____ () C:\Users\Harry\Desktop\WSOP.com.lnk
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-22 18:12 - 2014-05-22 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:11 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\WSOP.com
2014-05-22 18:12 - 2014-05-22 18:11 - 00000000 ____D () C:\Program Files\WSOP.com
2014-05-21 04:32 - 2010-02-10 07:46 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Mozilla
2014-05-21 03:12 - 2010-10-09 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-21 03:07 - 2014-05-21 03:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-20 21:35 - 2014-03-11 20:13 - 00002127 _____ () C:\Windows\setupact.log
2014-05-20 16:33 - 2014-05-20 03:25 - 00000000 ____D () C:\ProgramData\Overwolf
2014-05-20 16:33 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Harry\AppData\Local\Overwolf
2014-05-20 16:27 - 2014-05-20 16:27 - 00001908 _____ () C:\Users\Public\Desktop\SpaceFight.lnk
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Noserver
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\Program Files\Noserver
2014-05-20 16:26 - 2014-05-20 16:25 - 54744474 _____ (Igor Pavlov) C:\Users\Harry\Downloads\spacefight_setup.exe
2014-05-20 12:11 - 2014-05-20 10:45 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-20 12:11 - 2011-10-30 14:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\Users\Harry\AppData\Local\Macromedia
2014-05-20 10:49 - 2010-02-08 02:13 - 00000000 ____D () C:\Users\Harry\AppData\Local\Adobe
2014-05-20 03:05 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-20 03:03 - 2006-11-02 05:23 - 00000254 _____ () C:\Windows\win.ini
2014-05-20 01:22 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\TS3Client
2014-05-20 01:06 - 2014-05-20 01:06 - 00001756 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-05-20 01:06 - 2014-05-20 01:06 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-05-20 01:06 - 2014-05-20 01:05 - 00000000 ____D () C:\Program Files\Overwolf
2014-05-20 01:05 - 2014-05-20 01:05 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-05-20 01:03 - 2014-05-20 01:03 - 00000959 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-20 01:03 - 2014-05-20 01:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-05-20 01:01 - 2014-05-20 00:59 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Harry\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-05-19 22:03 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-19 22:01 - 2014-05-19 18:53 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Arc
2014-05-19 21:33 - 2014-05-19 21:33 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-19 21:33 - 2014-05-19 21:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-19 21:31 - 2014-05-19 21:31 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-05-19 21:31 - 2010-02-10 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-19 21:31 - 2010-02-10 07:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-19 21:28 - 2014-05-19 21:20 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-19 21:21 - 2014-05-19 21:20 - 00000000 ____D () C:\Users\Harry\AppData\Local\NVIDIA
2014-05-19 21:20 - 2014-05-19 21:20 - 00001140 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-05-19 21:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-19 21:18 - 2014-05-19 21:18 - 28033792 _____ (NVIDIA Corporation) C:\Users\Harry\Downloads\GeForce_Experience_v2.0.1.0.exe
2014-05-19 21:13 - 2010-02-11 02:15 - 00158128 _____ () C:\ProgramData\nvModes.001
2014-05-19 19:25 - 2010-02-10 07:42 - 00158128 _____ () C:\ProgramData\nvModes.dat
2014-05-19 19:24 - 2014-05-19 19:23 - 00159584 _____ () C:\Windows\Minidump\Mini051914-01.dmp
2014-05-19 18:58 - 2014-05-19 18:56 - 00000000 ___HD () C:\ArcTemp
2014-05-19 18:57 - 2014-05-19 18:53 - 00000000 ____D () C:\Program Files\Perfect World Entertainment
2014-05-19 18:53 - 2014-05-19 18:53 - 00001635 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-05-19 18:53 - 2014-05-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-05-19 18:53 - 2010-04-12 02:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-19 18:52 - 2014-05-19 18:52 - 09514088 _____ (Perfect World Entertainment) C:\Users\Harry\Downloads\ArcInstall_v20140404a.exe
2014-05-18 23:50 - 2014-05-18 23:36 - 00009075 _____ () C:\Users\Harry\AppData\Roaming\.freeciv-client-rc-2.4
2014-05-18 23:44 - 2014-05-18 23:33 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\.freeciv
2014-05-18 23:27 - 2014-05-18 23:25 - 00000000 ____D () C:\Users\Harry\Documents\FreeCol
2014-05-18 23:17 - 2014-05-18 23:17 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\Awem
2014-05-18 23:16 - 2014-02-06 17:04 - 00000000 ____D () C:\Program Files\GameTop.com
2014-05-16 03:08 - 2014-05-02 03:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:48 - 2014-05-15 22:48 - 00019365 _____ () C:\Users\Harry\Downloads\oneos_installer.txt
2014-05-15 22:33 - 2014-05-15 22:33 - 00000898 _____ () C:\Users\Harry\Desktop\Real Poker.lnk
2014-05-15 22:26 - 2014-05-15 22:26 - 02582796 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Real_Poker.exe
2014-05-15 22:25 - 2014-05-15 22:25 - 12970507 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\Star-Defender4.exe
2014-05-15 22:24 - 2014-05-15 22:24 - 10547174 _____ (Media Contact LLC ) C:\Users\Harry\Downloads\StarGunner.exe
2014-05-15 22:12 - 2014-05-15 22:12 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-05-15 22:05 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Resources
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeciv 2.4.2 (GTK+2 client)
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\freecol
2014-05-15 22:04 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files\Freeciv-2.4.2-gtk2
2014-05-15 22:03 - 2014-05-15 22:03 - 79454664 _____ () C:\Users\Harry\Downloads\virtualcity-setup.exe
2014-05-15 22:01 - 2014-05-15 21:59 - 37739520 _____ () C:\Users\Harry\Downloads\freecol-0.10.7-installer.exe
2014-05-15 22:00 - 2014-05-15 21:59 - 28215140 _____ () C:\Users\Harry\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-05-15 21:33 - 2014-03-28 15:28 - 00000000 ____D () C:\Users\Harry\Downloads\Horizons
2014-05-15 20:53 - 2014-03-28 15:28 - 00000000 ____D () C:\Users\Harry\Downloads\Unleashed
2014-05-15 20:42 - 2014-05-15 20:42 - 00654317 _____ () C:\Users\Harry\Downloads\asterion-launcher-bootstrap.jar
2014-05-15 20:21 - 2014-03-28 15:30 - 00000000 ____D () C:\Users\Harry\Downloads\Infamy
2014-05-15 20:13 - 2014-04-30 14:53 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\.minecraft
2014-05-15 18:59 - 2014-02-17 20:04 - 00000000 ____D () C:\Users\Harry\Downloads\authlib
2014-05-15 18:59 - 2014-02-06 18:07 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\ftblauncher
2014-05-15 18:59 - 2014-02-06 18:06 - 04588972 _____ () C:\Users\Harry\Desktop\launcher^FTB_Launcher.exe
2014-05-15 18:50 - 2014-05-15 18:50 - 00114942 _____ () C:\Users\Harry\Downloads\ModTools.zip
2014-05-14 20:44 - 2014-05-14 20:25 - 00000000 ____D () C:\Users\Harry\Downloads\aaaa
2014-05-14 15:48 - 2014-05-14 15:48 - 00000000 ____D () C:\Users\Harry\Downloads\ragetech
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 07:26 - 2014-06-05 12:31 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 12:31 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-05 12:31 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Harry\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Harry\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Harry\AppData\Local\Temp\Quarantine.exe
C:\Users\Harry\AppData\Local\Temp\skype_x863765623139085603410.dll
C:\Users\Harry\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2010-02-08 07:03] - [2006-11-02 04:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-05 06:15

==================== End Of Log ============================
 



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:57 AM

Posted 05 June 2014 - 02:33 PM

Hi bradford789,
 
Any reason you didn't delete the AVG related toolbars?
 
Also, please try the mbam clean utility here to fully remove malwarebytes, try reinstalling after.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
     
     
    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
     
     
    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue
     
     
    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Any luck with Malwarebytes?
  • TDSSKiller log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users