PUP.Optional.Conduit.A

[jasonstaf]

DDS results:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.40.2
Run by JayZ at 6:12:50 on 2013-10-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.8142.6322 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
G:\Program Files (x86)\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
g:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
g:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
G:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
G:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
g:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
G:\Program Files (x86)\SUPERAntiSpyware.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
G:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Java\bin\jp2ssv.dll
uRun: [sUPERAntiSpyware] G:\Program Files (x86)\SUPERAntiSpyware.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PSUAMain] "G:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 108.171.182.150 108.171.182.159
TCP: Interfaces\{2E96BD2F-99F4-46AD-B9CA-FDCE7E1031A5} : DHCPNameServer = 108.171.182.150 108.171.182.159
TCP: Interfaces\{EA0F6DD7-CF14-4FC5-8F74-684163A4F8DD} : DHCPNameServer = 108.171.182.150 108.171.182.159
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JayZ\AppData\Roaming\Mozilla\Firefox\Profiles\f1jc5xyh.default\
FF - prefs.js: browser.startup.homepage - google.ca

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: G:\Java\bin\plugin2\npjp2.dll
FF - plugin: g:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
R1 SASDIFSV;SASDIFSV;G:\Program Files (x86)\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;G:\Program Files (x86)\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;G:\Program Files (x86)\SASCore64.exe [2013-5-23 143120]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-5-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 MBAMScheduler;MBAMScheduler;G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-6 418376]
R2 MBAMService;MBAMService;G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-6 701512]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-10-2 161264]
R2 NanoServiceMain;Panda Cloud Antivirus Service;G:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-7-17 140768]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-7-17 122600]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
R2 PSUAService;Panda Product Service;G:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-7-8 37344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-10-2 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-8-20 138568]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-8-20 416072]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-14 25928]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-10-2 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-2 849992]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-10-2 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
S3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;C:\Windows\System32\drivers\netr7064.sys [2010-4-27 388448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-3 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
.
=============== Created Last 30 ================
.
2013-10-16 10:04:29 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2013-10-16 02:18:32 -------- d-----w- C:\Users\JayZ\AppData\Local\WMTools Downloaded Files
2013-10-15 22:08:18 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B877CDD-FB67-42F8-AD15-744751CDD291}\mpengine.dll
2013-10-15 01:49:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-15 01:44:39 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-15 01:44:39 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-15 01:43:56 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-15 00:39:33 5856 ----a-w- C:\ProgramData\NanoRepository.bin
2013-10-15 00:08:23 -------- d-----w- C:\AdwCleaner
2013-10-14 23:43:53 -------- d-----w- C:\Windows\ERUNT
2013-10-13 20:36:45 -------- d--h--w- C:\Users\JayZ\AppData\Roaming\NVIDIA
2013-10-12 00:29:37 -------- d--h--w- C:\Users\JayZ\AppData\Local\My Games
2013-10-06 16:31:02 -------- d--h--w- C:\Users\JayZ\AppData\Roaming\Malwarebytes
2013-10-06 16:30:56 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-06 16:30:35 -------- d--h--w- C:\Users\JayZ\AppData\Local\Programs
2013-10-06 14:56:59 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-10-06 00:06:32 -------- d--h--w- C:\Users\JayZ\AppData\Local\Google
2013-10-05 17:24:59 -------- d--h--w- C:\Users\JayZ\.swt
2013-10-05 17:24:26 -------- d--h--w- C:\Users\JayZ\AppData\Roaming\Azureus
2013-10-05 17:24:19 -------- d-----w- C:\Program Files\Vuze
2013-10-05 16:26:21 -------- d--h--w- C:\Users\JayZ\AppData\Local\NVIDIA
2013-10-05 16:19:36 -------- d-----w- C:\Windows\System32\MRT
2013-10-03 23:26:29 1832224 ----a-w- C:\Windows\System32\nvdispco6432049.dll
2013-10-03 23:26:29 15920536 ----a-w- C:\Windows\System32\SET7FE3.tmp
2013-10-03 23:26:29 15901448 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2013-10-03 23:26:29 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432049.dll
2013-10-03 23:25:34 -------- d-----w- C:\NVIDIA
2013-10-03 21:51:06 -------- d--h--w- C:\Users\JayZ\AppData\Local\Skyrim
2013-10-03 21:28:19 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-10-03 21:28:19 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-10-03 21:22:58 -------- d-----w- C:\Windows\SysWow64\Wat
2013-10-03 21:22:58 -------- d-----w- C:\Windows\System32\Wat
2013-10-03 11:19:20 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-10-03 11:19:20 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-10-03 11:19:20 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-10-03 11:09:06 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-03 10:55:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-10-03 10:55:49 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-10-03 10:55:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-10-03 10:55:49 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-10-03 10:55:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-10-03 10:55:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-10-03 10:55:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-10-03 10:53:40 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-03 10:53:40 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-10-03 10:53:40 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-03 10:53:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-10-03 10:53:39 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-10-03 07:13:58 2871808 ----a-w- C:\Windows\explorer.exe
2013-10-03 07:12:59 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-10-03 07:11:38 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-10-03 07:10:46 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-10-03 07:09:58 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-10-03 07:08:55 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-10-03 02:48:55 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-10-03 02:41:20 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-10-03 02:41:04 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-03 02:41:04 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-03 02:41:04 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-03 02:41:04 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-03 02:41:04 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-03 02:41:04 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-03 02:40:37 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-10-03 02:40:30 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-10-03 02:25:22 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-10-03 02:25:22 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-10-03 02:25:09 385024 ----a-w- C:\Windows\System32\CNMLMAG.DLL
2013-10-03 02:16:28 -------- d--h--w- C:\Users\JayZ\AppData\Roaming\SUPERAntiSpyware.com
2013-10-03 02:16:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-10-03 02:13:02 -------- d--h--w- C:\Users\JayZ\AppData\Roaming\Panda Security
2013-10-03 02:12:19 -------- d--h--w- C:\Users\JayZ\AppData\Local\panda4_0dn
2013-10-03 02:12:19 -------- d-----w- C:\ProgramData\Panda Security URL Filtering
2013-10-03 02:12:13 -------- d-----w- C:\ProgramData\Panda Security
2013-10-03 02:05:43 -------- d--h--w- C:\Users\JayZ\AppData\Local\AMD
2013-10-03 02:05:42 -------- d--h--w- C:\Users\JayZ\AppData\Local\ATI
2013-10-03 02:05:22 -------- d--h--w- C:\Users\JayZ\AppData\Local\ElevatedDiagnostics
2013-10-03 01:11:09 -------- d--h--w- C:\Users\JayZ\AppData\Local\Macromedia
2013-10-03 01:04:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-03 01:04:48 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-03 01:04:36 -------- d-----w- C:\ProgramData\FirstClass
2013-10-03 01:03:49 -------- d--h--w- C:\Users\JayZ\AppData\Local\Adobe
2013-10-03 01:00:59 9123608 ----a-w- C:\Windows\System32\MaxxAudioVnA64.dll
2013-10-03 00:59:59 -------- d-----w- C:\Program Files\ATI
2013-10-03 00:59:57 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-10-03 00:59:46 -------- d-sh--w- C:\Windows\Installer
2013-10-03 00:57:46 -------- d-----w- C:\MSI
2013-10-03 00:55:27 -------- d--h--w- C:\Users\JayZ\AppData\Local\Diagnostics
2013-10-03 00:55:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-10-03 00:55:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-10-03 00:55:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-10-03 00:45:51 -------- d-----w- C:\ProgramData\Oracle
2013-10-03 00:45:49 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-03 00:45:49 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-10-03 00:45:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-03 00:12:49 -------- d--h--w- C:\Users\JayZ\AppData\Local\Mozilla
2013-10-03 00:02:02 -------- d--h--w- C:\SuperChargerProfile
2013-10-03 00:02:02 -------- d-----w- C:\Program Files (x86)\MSI
2013-10-03 00:01:38 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-03 00:01:36 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-03 00:01:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-03 00:01:36 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-03 00:01:34 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
.
==================== Find3M  ====================
.
2013-10-03 11:09:06 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 05:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH:  6:13:07.38 ===============

 

Attach results:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02/10/2013 8:54:18 PM
System Uptime: 16/10/2013 6:04:12 AM (0 hours ago)
.
Motherboard: MSI |  | 970A-G46 (MS-7693)
Processor: AMD FX-6200 Six-Core Processor              | CPU 1 | 3800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 73.795 GiB free.
D: is FIXED (NTFS) - 128 GiB total, 48.896 GiB free.
E: is FIXED (NTFS) - 128 GiB total, 51.318 GiB free.
F: is FIXED (NTFS) - 21 GiB total, 10.242 GiB free.
G: is FIXED (NTFS) - 795 GiB total, 781.641 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP19: 12/10/2013 9:55:42 PM - Installed ASUS GPU Tweak
RP20: 12/10/2013 10:06:09 PM - Windows Update
RP21: 12/10/2013 10:09:07 PM - Configured ASUS GPU Tweak
RP22: 13/10/2013 12:08:44 PM - Windows Update
RP23: 14/10/2013 9:40:06 PM - Restore Operation
RP24: 14/10/2013 9:54:32 PM - Installed DirectX
RP25: 15/10/2013 3:00:21 AM - Windows Update
RP26: 15/10/2013 10:41:13 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
Asmedia ASM104x USB 3.0 Host Controller Driver
Canon MG6100 series MP Drivers
Catalyst Control Center
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
FirstClass Client
Java 7 Update 40
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA 3D Vision Driver 327.23
NVIDIA Control Panel 327.23
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 327.23
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
Panda Cloud Antivirus
Panda Security URL Filtering
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Sid Meier's Civilization V
Steam
Super-Charger
SUPERAntiSpyware
The Elder Scrolls V: Skyrim
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.1.0
Winki
.
==== Event Viewer Messages From Past Week ========
.
16/10/2013 6:05:37 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
15/10/2013 6:01:02 AM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
15/10/2013 4:27:21 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
15/10/2013 3:00:13 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
14/10/2013 9:53:58 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
14/10/2013 9:53:58 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
14/10/2013 9:37:05 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
  • IAT/EAT
  • Show All ( should be unchecked by default )
    

  [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.
  

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[jasonstaf]

The scan came back with this message: GMER hasn't found any system modification.

 

Saved as ark.txt, but no (zero) content in the txt file.

[Psychotic]

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!

• Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
• Run Combofix.exe
  

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

[jasonstaf]

combofix results:

 

ComboFix 13-10-16.02 - JayZ 16/10/2013  18:01:32.1.6 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.8142.6870 [GMT -4:00]
Running from: c:\users\JayZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHS03ASV\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SET8911.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-16 to 2013-10-16  )))))))))))))))))))))))))))))))
.
.
2013-10-16 22:04 . 2013-10-16 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-16 11:01 . 2013-04-29 13:17 58808 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-10-16 10:09 . 2013-10-16 10:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-10-15 22:08 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B877CDD-FB67-42F8-AD15-744751CDD291}\mpengine.dll
2013-10-15 01:49 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-15 01:44 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-15 01:44 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-15 01:43 . 2013-09-11 22:06 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-15 00:39 . 2013-10-15 00:39 5856 ----a-w- c:\programdata\NanoRepository.bin
2013-10-15 00:08 . 2013-10-15 00:39 -------- d-----w- C:\AdwCleaner
2013-10-14 23:43 . 2013-10-14 23:43 -------- d-----w- c:\windows\ERUNT
2013-10-13 02:06 . 2013-10-15 01:41 -------- d-----w- c:\program files\Microsoft Silverlight
2013-10-13 02:06 . 2013-10-15 01:41 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-10-06 16:30 . 2013-10-06 16:30 -------- d-----w- c:\programdata\Malwarebytes
2013-10-06 14:58 . 2013-10-15 01:41 -------- d-----w- c:\programdata\Yahoo!
2013-10-06 14:56 . 2013-10-06 14:58 -------- d-----w- c:\program files (x86)\Yahoo!
2013-10-06 00:06 . 2013-10-06 13:52 -------- d-----w- c:\program files\Google
2013-10-06 00:06 . 2013-10-06 13:52 -------- d-----w- c:\program files (x86)\Google
2013-10-05 17:24 . 2013-10-15 01:41 -------- d-----w- c:\program files\Vuze
2013-10-05 16:19 . 2013-10-15 07:03 -------- d-----w- c:\windows\system32\MRT
2013-10-03 23:35 . 2013-10-03 23:35 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-10-03 23:28 . 2013-10-03 23:28 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-10-03 23:26 . 2013-09-18 02:22 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-03 23:26 . 2013-06-21 12:06 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-10-03 23:26 . 2013-06-21 12:06 15920536 ----a-w- c:\windows\system32\SET7FE3.tmp
2013-10-03 23:26 . 2013-06-21 12:06 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-10-03 23:25 . 2013-10-03 23:25 -------- d-----w- C:\NVIDIA
2013-10-03 21:50 . 2010-02-04 14:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-10-03 21:28 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-10-03 21:28 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-10-03 21:22 . 2013-10-03 21:22 -------- d-----w- c:\windows\SysWow64\Wat
2013-10-03 21:22 . 2013-10-03 21:22 -------- d-----w- c:\windows\system32\Wat
2013-10-03 11:19 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-10-03 11:19 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-10-03 11:19 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-03 11:09 . 2013-10-03 11:09 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-03 10:55 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-10-03 10:55 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-10-03 10:55 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-10-03 10:55 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-10-03 10:55 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-10-03 10:55 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-10-03 10:55 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-10-03 10:53 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-03 10:53 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-03 10:53 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-03 10:53 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-03 10:53 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-10-03 07:13 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2013-10-03 07:12 . 2013-08-02 02:12 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-10-03 07:11 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-10-03 07:10 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-10-03 07:09 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-10-03 07:08 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2013-10-03 02:48 . 2013-10-15 01:53 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-10-03 02:41 . 2013-10-16 22:00 -------- d-----w- c:\users\UpdatusUser
2013-10-03 02:41 . 2013-10-16 11:41 -------- d-----w- c:\programdata\NVIDIA
2013-10-03 02:41 . 2013-10-15 01:45 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-10-03 02:41 . 2013-09-12 07:25 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-03 02:41 . 2013-09-12 07:25 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-03 02:41 . 2013-09-12 07:25 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-03 02:41 . 2013-09-12 07:25 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-03 02:41 . 2013-09-12 07:25 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-10-03 02:41 . 2013-09-12 07:25 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-03 02:40 . 2013-10-15 01:41 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-10-03 02:40 . 2013-10-15 01:43 -------- d-----w- c:\program files\NVIDIA Corporation
2013-10-03 02:25 . 2013-10-03 02:25 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-10-03 02:25 . 2013-10-03 02:25 -------- d--h--w- c:\programdata\CanonBJ
2013-10-03 02:25 . 2012-03-14 09:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-10-03 02:25 . 2012-03-14 09:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-10-03 02:25 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMLMAG.DLL
2013-10-03 02:16 . 2013-10-03 02:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-10-03 02:12 . 2013-10-16 21:55 -------- d-----w- c:\programdata\Panda Security URL Filtering
2013-10-03 02:12 . 2013-10-03 02:12 -------- d-----w- c:\programdata\Panda Security
2013-10-03 02:05 . 2013-10-03 02:05 -------- d-----w- c:\programdata\ATI
2013-10-03 01:17 . 2013-10-03 01:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-10-03 01:04 . 2013-10-15 02:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-03 01:04 . 2013-10-15 02:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-03 01:04 . 2013-10-15 01:41 -------- d-----w- c:\windows\SysWow64\Macromed
2013-10-03 01:04 . 2013-10-15 01:41 -------- d-----w- c:\windows\system32\Macromed
2013-10-03 01:04 . 2013-10-03 01:04 -------- d-----w- c:\programdata\FirstClass
2013-10-03 01:00 . 2013-04-22 10:34 9123608 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2013-10-03 00:59 . 2013-10-03 00:59 -------- d-----w- c:\program files\ATI
2013-10-03 00:59 . 2013-10-03 01:00 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-10-03 00:59 . 2013-10-16 02:41 -------- d-sh--w- c:\windows\Installer
2013-10-03 00:57 . 2013-10-03 00:57 -------- d-----w- C:\MSI
2013-10-03 00:55 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-10-03 00:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-10-03 00:55 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-10-03 00:54 . 2013-10-15 01:43 -------- d--h--w- c:\users\JayZ
2013-10-03 00:54 . 2013-10-03 00:54 -------- d-----w- C:\Recovery
2013-10-03 00:45 . 2013-10-03 00:45 -------- d-----w- c:\programdata\Oracle
2013-10-03 00:45 . 2013-10-03 00:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-03 00:45 . 2013-10-03 00:45 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-10-03 00:45 . 2013-10-03 00:45 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-10-03 00:45 . 2013-10-03 00:45 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-03 00:45 . 2013-10-03 00:45 -------- d-----w- c:\programdata\McAfee
2013-10-03 00:02 . 2013-10-15 01:41 -------- d-----w- C:\SuperChargerProfile
2013-10-03 00:02 . 2013-10-03 00:02 -------- d-----w- c:\program files (x86)\MSI
2013-10-03 00:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-10-03 00:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-10-03 00:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-10-03 00:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-10-03 00:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-10-03 00:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-10-03 00:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-10-03 00:01 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-10-03 00:01 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-10-03 00:01 . 2013-10-03 00:01 -------- d-----w- c:\program files (x86)\ASM104xUSB3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-12 05:17 . 2013-09-12 05:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-08-29 01:48 . 2013-10-15 01:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-07 08:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="g:\program files (x86)\SUPERAntiSpyware.exe" [2013-10-02 6588144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 630912]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"PSUAMain"="g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-07-08 32736]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2013-04-11 235072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MSICDSetup;MSICDSetup;h:\cdriver64.sys;h:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;h:\ntiolib_x64.sys;h:\NTIOLib_X64.sys [x]
R3 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
R3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys;c:\windows\SYSNATIVE\DRIVERS\netr7064.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S1 SASDIFSV;SASDIFSV;g:\program files (x86)\SASDIFSV64.SYS;g:\program files (x86)\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;g:\program files (x86)\SASKUTIL64.SYS;g:\program files (x86)\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;g:\program files (x86)\SASCORE64.EXE;g:\program files (x86)\SASCORE64.EXE [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-03 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 108.171.182.150 108.171.182.159
FF - ProfilePath - c:\users\JayZ\AppData\Roaming\Mozilla\Firefox\Profiles\f1jc5xyh.default\
FF - prefs.js: browser.startup.homepage - google.ca

.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-16  18:15:36
ComboFix-quarantined-files.txt  2013-10-16 22:15
.
Pre-Run: 78,982,979,584 bytes free
Post-Run: 78,875,095,040 bytes free
.
- - End Of File - - 7173D35839426E468EEB7DB81609AC50
A36C5E4F47E84449FF07ED3517B43A31
 

[Psychotic]

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes' Anti-Malware to your desktop.
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.

 

CFScript.txt

[jasonstaf]

Malwarebytes results pending (10-12 hours before I get home from work)

 

CF script results:

 

ComboFix 13-10-16.02 - JayZ 17/10/2013   6:45.2.6 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.8142.6749 [GMT -4:00]
Running from: c:\users\JayZ\Desktop\ComboFix.exe
Command switches used :: c:\users\JayZ\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Vuze
c:\program files\Vuze\.install4j\autoUninstall.0
c:\program files\Vuze\.install4j\files.log
c:\program files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_10_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_12_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_14_5p83tu_1q2vg51.png
c:\program files\Vuze\.install4j\i4j_extf_15_5p83tu_1rjd818.png
c:\program files\Vuze\.install4j\i4j_extf_16_5p83tu_qin5kk.png
c:\program files\Vuze\.install4j\i4j_extf_17_5p83tu_xza4ha.png
c:\program files\Vuze\.install4j\i4j_extf_18_5p83tu_19c5po3.png
c:\program files\Vuze\.install4j\i4j_extf_19_5p83tu_rz1c2y.png
c:\program files\Vuze\.install4j\i4j_extf_2_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_21_5p83tu_u3neew.png
c:\program files\Vuze\.install4j\i4j_extf_22_5p83tu_10qu06u.png
c:\program files\Vuze\.install4j\i4j_extf_23_5p83tu_1pn3dfg.png
c:\program files\Vuze\.install4j\i4j_extf_24_5p83tu_z1x7tn.png
c:\program files\Vuze\.install4j\i4j_extf_25_5p83tu.jpg
c:\program files\Vuze\.install4j\i4j_extf_4_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_6_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_8_5p83tu.utf8
c:\program files\Vuze\.install4j\i4jparams.conf
c:\program files\Vuze\.install4j\i4jruntime.jar
c:\program files\Vuze\.install4j\install.prop
c:\program files\Vuze\.install4j\installation.log
c:\program files\Vuze\.install4j\MessagesDefault
c:\program files\Vuze\.install4j\response.varfile
c:\program files\Vuze\.install4j\user.jar
c:\program files\Vuze\Azureus.exe.vmoptions
c:\program files\Vuze\Azureus2.jar
c:\program files\Vuze\GPL.txt
c:\program files\Vuze\installer.log
c:\program files\Vuze\jre\bin\server\classes.jsa
c:\program files\Vuze\jre\bin\server\Xusage.txt
c:\program files\Vuze\jre\COPYRIGHT
c:\program files\Vuze\jre\lib\alt-rt.jar
c:\program files\Vuze\jre\lib\alt-string.jar
c:\program files\Vuze\jre\lib\charsets.jar
c:\program files\Vuze\jre\lib\classlist
c:\program files\Vuze\jre\lib\cmm\CIEXYZ.pf
c:\program files\Vuze\jre\lib\cmm\GRAY.pf
c:\program files\Vuze\jre\lib\cmm\LINEAR_RGB.pf
c:\program files\Vuze\jre\lib\cmm\PYCC.pf
c:\program files\Vuze\jre\lib\cmm\sRGB.pf
c:\program files\Vuze\jre\lib\deploy.jar
c:\program files\Vuze\jre\lib\deploy\ffjcext.zip
c:\program files\Vuze\jre\lib\deploy\splash.gif
c:\program files\Vuze\jre\lib\ext\dns_sd.jar
c:\program files\Vuze\jre\lib\ext\dnsns.jar
c:\program files\Vuze\jre\lib\ext\localedata.jar
c:\program files\Vuze\jre\lib\ext\meta-index
c:\program files\Vuze\jre\lib\ext\sunjce_provider.jar
c:\program files\Vuze\jre\lib\ext\sunmscapi.jar
c:\program files\Vuze\jre\lib\fontconfig.98.bfc
c:\program files\Vuze\jre\lib\fontconfig.bfc
c:\program files\Vuze\jre\lib\im\indicim.jar
c:\program files\Vuze\jre\lib\im\thaiim.jar
c:\program files\Vuze\jre\lib\images\cursors\invalid32x32.gif
c:\program files\Vuze\jre\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Vuze\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Vuze\jre\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Vuze\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Vuze\jre\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Vuze\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Vuze\jre\lib\jce.jar
c:\program files\Vuze\jre\lib\jsse.jar
c:\program files\Vuze\jre\lib\jvm.hprof.txt
c:\program files\Vuze\jre\lib\management-agent.jar
c:\program files\Vuze\jre\lib\management\jmxremote.access
c:\program files\Vuze\jre\lib\management\jmxremote.password.template
c:\program files\Vuze\jre\lib\management\snmp.acl.template
c:\program files\Vuze\jre\lib\meta-index
c:\program files\Vuze\jre\lib\plugin.jar
c:\program files\Vuze\jre\lib\resources.jar
c:\program files\Vuze\jre\lib\rt.jar
c:\program files\Vuze\jre\lib\security\blacklist
c:\program files\Vuze\jre\lib\security\cacerts
c:\program files\Vuze\jre\lib\security\local_policy.jar
c:\program files\Vuze\jre\lib\security\trusted.libraries
c:\program files\Vuze\jre\lib\security\US_export_policy.jar
c:\program files\Vuze\jre\lib\servicetag\jdk_header.png
c:\program files\Vuze\jre\lib\servicetag\registration.xml
c:\program files\Vuze\jre\lib\tzmappings
c:\program files\Vuze\jre\lib\zi\Africa\Abidjan
c:\program files\Vuze\jre\lib\zi\Africa\Accra
c:\program files\Vuze\jre\lib\zi\Africa\Addis_Ababa
c:\program files\Vuze\jre\lib\zi\Africa\Algiers
c:\program files\Vuze\jre\lib\zi\Africa\Asmara
c:\program files\Vuze\jre\lib\zi\Africa\Bamako
c:\program files\Vuze\jre\lib\zi\Africa\Bangui
c:\program files\Vuze\jre\lib\zi\Africa\Banjul
c:\program files\Vuze\jre\lib\zi\Africa\Bissau
c:\program files\Vuze\jre\lib\zi\Africa\Blantyre
c:\program files\Vuze\jre\lib\zi\Africa\Brazzaville
c:\program files\Vuze\jre\lib\zi\Africa\Bujumbura
c:\program files\Vuze\jre\lib\zi\Africa\Cairo
c:\program files\Vuze\jre\lib\zi\Africa\Casablanca
c:\program files\Vuze\jre\lib\zi\Africa\Ceuta
c:\program files\Vuze\jre\lib\zi\Africa\Conakry
c:\program files\Vuze\jre\lib\zi\Africa\Dakar
c:\program files\Vuze\jre\lib\zi\Africa\Dar_es_Salaam
c:\program files\Vuze\jre\lib\zi\Africa\Djibouti
c:\program files\Vuze\jre\lib\zi\Africa\Douala
c:\program files\Vuze\jre\lib\zi\Africa\El_Aaiun
c:\program files\Vuze\jre\lib\zi\Africa\Freetown
c:\program files\Vuze\jre\lib\zi\Africa\Gaborone
c:\program files\Vuze\jre\lib\zi\Africa\Harare
c:\program files\Vuze\jre\lib\zi\Africa\Johannesburg
c:\program files\Vuze\jre\lib\zi\Africa\Juba
c:\program files\Vuze\jre\lib\zi\Africa\Kampala
c:\program files\Vuze\jre\lib\zi\Africa\Khartoum
c:\program files\Vuze\jre\lib\zi\Africa\Kigali
c:\program files\Vuze\jre\lib\zi\Africa\Kinshasa
c:\program files\Vuze\jre\lib\zi\Africa\Lagos
c:\program files\Vuze\jre\lib\zi\Africa\Libreville
c:\program files\Vuze\jre\lib\zi\Africa\Lome
c:\program files\Vuze\jre\lib\zi\Africa\Luanda
c:\program files\Vuze\jre\lib\zi\Africa\Lubumbashi
c:\program files\Vuze\jre\lib\zi\Africa\Lusaka
c:\program files\Vuze\jre\lib\zi\Africa\Malabo
c:\program files\Vuze\jre\lib\zi\Africa\Maputo
c:\program files\Vuze\jre\lib\zi\Africa\Maseru
c:\program files\Vuze\jre\lib\zi\Africa\Mbabane
c:\program files\Vuze\jre\lib\zi\Africa\Mogadishu
c:\program files\Vuze\jre\lib\zi\Africa\Monrovia
c:\program files\Vuze\jre\lib\zi\Africa\Nairobi
c:\program files\Vuze\jre\lib\zi\Africa\Ndjamena
c:\program files\Vuze\jre\lib\zi\Africa\Niamey
c:\program files\Vuze\jre\lib\zi\Africa\Nouakchott
c:\program files\Vuze\jre\lib\zi\Africa\Ouagadougou
c:\program files\Vuze\jre\lib\zi\Africa\Porto-Novo
c:\program files\Vuze\jre\lib\zi\Africa\Sao_Tome
c:\program files\Vuze\jre\lib\zi\Africa\Tripoli
c:\program files\Vuze\jre\lib\zi\Africa\Tunis
c:\program files\Vuze\jre\lib\zi\Africa\Windhoek
c:\program files\Vuze\jre\lib\zi\America\Adak
c:\program files\Vuze\jre\lib\zi\America\Anchorage
c:\program files\Vuze\jre\lib\zi\America\Anguilla
c:\program files\Vuze\jre\lib\zi\America\Antigua
c:\program files\Vuze\jre\lib\zi\America\Araguaina
c:\program files\Vuze\jre\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Vuze\jre\lib\zi\America\Argentina\Catamarca
c:\program files\Vuze\jre\lib\zi\America\Argentina\Cordoba
c:\program files\Vuze\jre\lib\zi\America\Argentina\Jujuy
c:\program files\Vuze\jre\lib\zi\America\Argentina\La_Rioja
c:\program files\Vuze\jre\lib\zi\America\Argentina\Mendoza
c:\program files\Vuze\jre\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Vuze\jre\lib\zi\America\Argentina\Salta
c:\program files\Vuze\jre\lib\zi\America\Argentina\San_Juan
c:\program files\Vuze\jre\lib\zi\America\Argentina\San_Luis
c:\program files\Vuze\jre\lib\zi\America\Argentina\Tucuman
c:\program files\Vuze\jre\lib\zi\America\Argentina\Ushuaia
c:\program files\Vuze\jre\lib\zi\America\Aruba
c:\program files\Vuze\jre\lib\zi\America\Asuncion
c:\program files\Vuze\jre\lib\zi\America\Atikokan
c:\program files\Vuze\jre\lib\zi\America\Bahia
c:\program files\Vuze\jre\lib\zi\America\Bahia_Banderas
c:\program files\Vuze\jre\lib\zi\America\Barbados
c:\program files\Vuze\jre\lib\zi\America\Belem
c:\program files\Vuze\jre\lib\zi\America\Belize
c:\program files\Vuze\jre\lib\zi\America\Blanc-Sablon
c:\program files\Vuze\jre\lib\zi\America\Boa_Vista
c:\program files\Vuze\jre\lib\zi\America\Bogota
c:\program files\Vuze\jre\lib\zi\America\Boise
c:\program files\Vuze\jre\lib\zi\America\Cambridge_Bay
c:\program files\Vuze\jre\lib\zi\America\Campo_Grande
c:\program files\Vuze\jre\lib\zi\America\Cancun
c:\program files\Vuze\jre\lib\zi\America\Caracas
c:\program files\Vuze\jre\lib\zi\America\Cayenne
c:\program files\Vuze\jre\lib\zi\America\Cayman
c:\program files\Vuze\jre\lib\zi\America\Chicago
c:\program files\Vuze\jre\lib\zi\America\Chihuahua
c:\program files\Vuze\jre\lib\zi\America\Costa_Rica
c:\program files\Vuze\jre\lib\zi\America\Creston
c:\program files\Vuze\jre\lib\zi\America\Cuiaba
c:\program files\Vuze\jre\lib\zi\America\Curacao
c:\program files\Vuze\jre\lib\zi\America\Danmarkshavn
c:\program files\Vuze\jre\lib\zi\America\Dawson
c:\program files\Vuze\jre\lib\zi\America\Dawson_Creek
c:\program files\Vuze\jre\lib\zi\America\Denver
c:\program files\Vuze\jre\lib\zi\America\Detroit
c:\program files\Vuze\jre\lib\zi\America\Dominica
c:\program files\Vuze\jre\lib\zi\America\Edmonton
c:\program files\Vuze\jre\lib\zi\America\Eirunepe
c:\program files\Vuze\jre\lib\zi\America\El_Salvador
c:\program files\Vuze\jre\lib\zi\America\Fortaleza
c:\program files\Vuze\jre\lib\zi\America\Glace_Bay
c:\program files\Vuze\jre\lib\zi\America\Godthab
c:\program files\Vuze\jre\lib\zi\America\Goose_Bay
c:\program files\Vuze\jre\lib\zi\America\Grand_Turk
c:\program files\Vuze\jre\lib\zi\America\Grenada
c:\program files\Vuze\jre\lib\zi\America\Guadeloupe
c:\program files\Vuze\jre\lib\zi\America\Guatemala
c:\program files\Vuze\jre\lib\zi\America\Guayaquil
c:\program files\Vuze\jre\lib\zi\America\Guyana
c:\program files\Vuze\jre\lib\zi\America\Halifax
c:\program files\Vuze\jre\lib\zi\America\Havana
c:\program files\Vuze\jre\lib\zi\America\Hermosillo
c:\program files\Vuze\jre\lib\zi\America\Indiana\Indianapolis
c:\program files\Vuze\jre\lib\zi\America\Indiana\Knox
c:\program files\Vuze\jre\lib\zi\America\Indiana\Marengo
c:\program files\Vuze\jre\lib\zi\America\Indiana\Petersburg
c:\program files\Vuze\jre\lib\zi\America\Indiana\Tell_City
c:\program files\Vuze\jre\lib\zi\America\Indiana\Vevay
c:\program files\Vuze\jre\lib\zi\America\Indiana\Vincennes
c:\program files\Vuze\jre\lib\zi\America\Indiana\Winamac
c:\program files\Vuze\jre\lib\zi\America\Inuvik
c:\program files\Vuze\jre\lib\zi\America\Iqaluit
c:\program files\Vuze\jre\lib\zi\America\Jamaica
c:\program files\Vuze\jre\lib\zi\America\Juneau
c:\program files\Vuze\jre\lib\zi\America\Kentucky\Louisville
c:\program files\Vuze\jre\lib\zi\America\Kentucky\Monticello
c:\program files\Vuze\jre\lib\zi\America\La_Paz
c:\program files\Vuze\jre\lib\zi\America\Lima
c:\program files\Vuze\jre\lib\zi\America\Los_Angeles
c:\program files\Vuze\jre\lib\zi\America\Maceio
c:\program files\Vuze\jre\lib\zi\America\Managua
c:\program files\Vuze\jre\lib\zi\America\Manaus
c:\program files\Vuze\jre\lib\zi\America\Martinique
c:\program files\Vuze\jre\lib\zi\America\Matamoros
c:\program files\Vuze\jre\lib\zi\America\Mazatlan
c:\program files\Vuze\jre\lib\zi\America\Menominee
c:\program files\Vuze\jre\lib\zi\America\Merida
c:\program files\Vuze\jre\lib\zi\America\Metlakatla
c:\program files\Vuze\jre\lib\zi\America\Mexico_City
c:\program files\Vuze\jre\lib\zi\America\Miquelon
c:\program files\Vuze\jre\lib\zi\America\Moncton
c:\program files\Vuze\jre\lib\zi\America\Monterrey
c:\program files\Vuze\jre\lib\zi\America\Montevideo
c:\program files\Vuze\jre\lib\zi\America\Montreal
c:\program files\Vuze\jre\lib\zi\America\Montserrat
c:\program files\Vuze\jre\lib\zi\America\Nassau
c:\program files\Vuze\jre\lib\zi\America\New_York
c:\program files\Vuze\jre\lib\zi\America\Nipigon
c:\program files\Vuze\jre\lib\zi\America\Nome
c:\program files\Vuze\jre\lib\zi\America\Noronha
c:\program files\Vuze\jre\lib\zi\America\North_Dakota\Beulah
c:\program files\Vuze\jre\lib\zi\America\North_Dakota\Center
c:\program files\Vuze\jre\lib\zi\America\North_Dakota\New_Salem
c:\program files\Vuze\jre\lib\zi\America\Ojinaga
c:\program files\Vuze\jre\lib\zi\America\Panama
c:\program files\Vuze\jre\lib\zi\America\Pangnirtung
c:\program files\Vuze\jre\lib\zi\America\Paramaribo
c:\program files\Vuze\jre\lib\zi\America\Phoenix
c:\program files\Vuze\jre\lib\zi\America\Port-au-Prince
c:\program files\Vuze\jre\lib\zi\America\Port_of_Spain
c:\program files\Vuze\jre\lib\zi\America\Porto_Velho
c:\program files\Vuze\jre\lib\zi\America\Puerto_Rico
c:\program files\Vuze\jre\lib\zi\America\Rainy_River
c:\program files\Vuze\jre\lib\zi\America\Rankin_Inlet
c:\program files\Vuze\jre\lib\zi\America\Recife
c:\program files\Vuze\jre\lib\zi\America\Regina
c:\program files\Vuze\jre\lib\zi\America\Resolute
c:\program files\Vuze\jre\lib\zi\America\Rio_Branco
c:\program files\Vuze\jre\lib\zi\America\Santa_Isabel
c:\program files\Vuze\jre\lib\zi\America\Santarem
c:\program files\Vuze\jre\lib\zi\America\Santiago
c:\program files\Vuze\jre\lib\zi\America\Santo_Domingo
c:\program files\Vuze\jre\lib\zi\America\Sao_Paulo
c:\program files\Vuze\jre\lib\zi\America\Scoresbysund
c:\program files\Vuze\jre\lib\zi\America\Sitka
c:\program files\Vuze\jre\lib\zi\America\St_Johns
c:\program files\Vuze\jre\lib\zi\America\St_Kitts
c:\program files\Vuze\jre\lib\zi\America\St_Lucia
c:\program files\Vuze\jre\lib\zi\America\St_Thomas
c:\program files\Vuze\jre\lib\zi\America\St_Vincent
c:\program files\Vuze\jre\lib\zi\America\Swift_Current
c:\program files\Vuze\jre\lib\zi\America\Tegucigalpa
c:\program files\Vuze\jre\lib\zi\America\Thule
c:\program files\Vuze\jre\lib\zi\America\Thunder_Bay
c:\program files\Vuze\jre\lib\zi\America\Tijuana
c:\program files\Vuze\jre\lib\zi\America\Toronto
c:\program files\Vuze\jre\lib\zi\America\Tortola
c:\program files\Vuze\jre\lib\zi\America\Vancouver
c:\program files\Vuze\jre\lib\zi\America\Whitehorse
c:\program files\Vuze\jre\lib\zi\America\Winnipeg
c:\program files\Vuze\jre\lib\zi\America\Yakutat
c:\program files\Vuze\jre\lib\zi\America\Yellowknife
c:\program files\Vuze\jre\lib\zi\Antarctica\Casey
c:\program files\Vuze\jre\lib\zi\Antarctica\Davis
c:\program files\Vuze\jre\lib\zi\Antarctica\DumontDUrville
c:\program files\Vuze\jre\lib\zi\Antarctica\Macquarie
c:\program files\Vuze\jre\lib\zi\Antarctica\Mawson
c:\program files\Vuze\jre\lib\zi\Antarctica\McMurdo
c:\program files\Vuze\jre\lib\zi\Antarctica\Palmer
c:\program files\Vuze\jre\lib\zi\Antarctica\Rothera
c:\program files\Vuze\jre\lib\zi\Antarctica\Syowa
c:\program files\Vuze\jre\lib\zi\Antarctica\Vostok
c:\program files\Vuze\jre\lib\zi\Asia\Aden
c:\program files\Vuze\jre\lib\zi\Asia\Almaty
c:\program files\Vuze\jre\lib\zi\Asia\Amman
c:\program files\Vuze\jre\lib\zi\Asia\Anadyr
c:\program files\Vuze\jre\lib\zi\Asia\Aqtau
c:\program files\Vuze\jre\lib\zi\Asia\Aqtobe
c:\program files\Vuze\jre\lib\zi\Asia\Ashgabat
c:\program files\Vuze\jre\lib\zi\Asia\Baghdad
c:\program files\Vuze\jre\lib\zi\Asia\Bahrain
c:\program files\Vuze\jre\lib\zi\Asia\Baku
c:\program files\Vuze\jre\lib\zi\Asia\Bangkok
c:\program files\Vuze\jre\lib\zi\Asia\Beirut
c:\program files\Vuze\jre\lib\zi\Asia\Bishkek
c:\program files\Vuze\jre\lib\zi\Asia\Brunei
c:\program files\Vuze\jre\lib\zi\Asia\Choibalsan
c:\program files\Vuze\jre\lib\zi\Asia\Chongqing
c:\program files\Vuze\jre\lib\zi\Asia\Colombo
c:\program files\Vuze\jre\lib\zi\Asia\Damascus
c:\program files\Vuze\jre\lib\zi\Asia\Dhaka
c:\program files\Vuze\jre\lib\zi\Asia\Dili
c:\program files\Vuze\jre\lib\zi\Asia\Dubai
c:\program files\Vuze\jre\lib\zi\Asia\Dushanbe
c:\program files\Vuze\jre\lib\zi\Asia\Gaza
c:\program files\Vuze\jre\lib\zi\Asia\Harbin
c:\program files\Vuze\jre\lib\zi\Asia\Hebron
c:\program files\Vuze\jre\lib\zi\Asia\Ho_Chi_Minh
c:\program files\Vuze\jre\lib\zi\Asia\Hong_Kong
c:\program files\Vuze\jre\lib\zi\Asia\Hovd
c:\program files\Vuze\jre\lib\zi\Asia\Irkutsk
c:\program files\Vuze\jre\lib\zi\Asia\Jakarta
c:\program files\Vuze\jre\lib\zi\Asia\Jayapura
c:\program files\Vuze\jre\lib\zi\Asia\Jerusalem
c:\program files\Vuze\jre\lib\zi\Asia\Kabul
c:\program files\Vuze\jre\lib\zi\Asia\Kamchatka
c:\program files\Vuze\jre\lib\zi\Asia\Karachi
c:\program files\Vuze\jre\lib\zi\Asia\Kashgar
c:\program files\Vuze\jre\lib\zi\Asia\Kathmandu
c:\program files\Vuze\jre\lib\zi\Asia\Kolkata
c:\program files\Vuze\jre\lib\zi\Asia\Krasnoyarsk
c:\program files\Vuze\jre\lib\zi\Asia\Kuala_Lumpur
c:\program files\Vuze\jre\lib\zi\Asia\Kuching
c:\program files\Vuze\jre\lib\zi\Asia\Kuwait
c:\program files\Vuze\jre\lib\zi\Asia\Macau
c:\program files\Vuze\jre\lib\zi\Asia\Magadan
c:\program files\Vuze\jre\lib\zi\Asia\Makassar
c:\program files\Vuze\jre\lib\zi\Asia\Manila
c:\program files\Vuze\jre\lib\zi\Asia\Muscat
c:\program files\Vuze\jre\lib\zi\Asia\Nicosia
c:\program files\Vuze\jre\lib\zi\Asia\Novokuznetsk
c:\program files\Vuze\jre\lib\zi\Asia\Novosibirsk
c:\program files\Vuze\jre\lib\zi\Asia\Omsk
c:\program files\Vuze\jre\lib\zi\Asia\Oral
c:\program files\Vuze\jre\lib\zi\Asia\Phnom_Penh
c:\program files\Vuze\jre\lib\zi\Asia\Pontianak
c:\program files\Vuze\jre\lib\zi\Asia\Pyongyang
c:\program files\Vuze\jre\lib\zi\Asia\Qatar
c:\program files\Vuze\jre\lib\zi\Asia\Qyzylorda
c:\program files\Vuze\jre\lib\zi\Asia\Rangoon
c:\program files\Vuze\jre\lib\zi\Asia\Riyadh
c:\program files\Vuze\jre\lib\zi\Asia\Riyadh87
c:\program files\Vuze\jre\lib\zi\Asia\Riyadh88
c:\program files\Vuze\jre\lib\zi\Asia\Riyadh89
c:\program files\Vuze\jre\lib\zi\Asia\Sakhalin
c:\program files\Vuze\jre\lib\zi\Asia\Samarkand
c:\program files\Vuze\jre\lib\zi\Asia\Seoul
c:\program files\Vuze\jre\lib\zi\Asia\Shanghai
c:\program files\Vuze\jre\lib\zi\Asia\Singapore
c:\program files\Vuze\jre\lib\zi\Asia\Taipei
c:\program files\Vuze\jre\lib\zi\Asia\Tashkent
c:\program files\Vuze\jre\lib\zi\Asia\Tbilisi
c:\program files\Vuze\jre\lib\zi\Asia\Tehran
c:\program files\Vuze\jre\lib\zi\Asia\Thimphu
c:\program files\Vuze\jre\lib\zi\Asia\Tokyo
c:\program files\Vuze\jre\lib\zi\Asia\Ulaanbaatar
c:\program files\Vuze\jre\lib\zi\Asia\Urumqi
c:\program files\Vuze\jre\lib\zi\Asia\Vientiane
c:\program files\Vuze\jre\lib\zi\Asia\Vladivostok
c:\program files\Vuze\jre\lib\zi\Asia\Yakutsk
c:\program files\Vuze\jre\lib\zi\Asia\Yekaterinburg
c:\program files\Vuze\jre\lib\zi\Asia\Yerevan
c:\program files\Vuze\jre\lib\zi\Atlantic\Azores
c:\program files\Vuze\jre\lib\zi\Atlantic\Bermuda
c:\program files\Vuze\jre\lib\zi\Atlantic\Canary
c:\program files\Vuze\jre\lib\zi\Atlantic\Cape_Verde
c:\program files\Vuze\jre\lib\zi\Atlantic\Faroe
c:\program files\Vuze\jre\lib\zi\Atlantic\Madeira
c:\program files\Vuze\jre\lib\zi\Atlantic\Reykjavik
c:\program files\Vuze\jre\lib\zi\Atlantic\South_Georgia
c:\program files\Vuze\jre\lib\zi\Atlantic\St_Helena
c:\program files\Vuze\jre\lib\zi\Atlantic\Stanley
c:\program files\Vuze\jre\lib\zi\Australia\Adelaide
c:\program files\Vuze\jre\lib\zi\Australia\Brisbane
c:\program files\Vuze\jre\lib\zi\Australia\Broken_Hill
c:\program files\Vuze\jre\lib\zi\Australia\Currie
c:\program files\Vuze\jre\lib\zi\Australia\Darwin
c:\program files\Vuze\jre\lib\zi\Australia\Eucla
c:\program files\Vuze\jre\lib\zi\Australia\Hobart
c:\program files\Vuze\jre\lib\zi\Australia\Lindeman
c:\program files\Vuze\jre\lib\zi\Australia\Lord_Howe
c:\program files\Vuze\jre\lib\zi\Australia\Melbourne
c:\program files\Vuze\jre\lib\zi\Australia\Perth
c:\program files\Vuze\jre\lib\zi\Australia\Sydney
c:\program files\Vuze\jre\lib\zi\CET
c:\program files\Vuze\jre\lib\zi\CST6CDT
c:\program files\Vuze\jre\lib\zi\EET
c:\program files\Vuze\jre\lib\zi\EST
c:\program files\Vuze\jre\lib\zi\EST5EDT
c:\program files\Vuze\jre\lib\zi\Etc\GMT-1
c:\program files\Vuze\jre\lib\zi\Etc\GMT-10
c:\program files\Vuze\jre\lib\zi\Etc\GMT-11
c:\program files\Vuze\jre\lib\zi\Etc\GMT-12
c:\program files\Vuze\jre\lib\zi\Etc\GMT-13
c:\program files\Vuze\jre\lib\zi\Etc\GMT-14
c:\program files\Vuze\jre\lib\zi\Etc\GMT-2
c:\program files\Vuze\jre\lib\zi\Etc\GMT-3
c:\program files\Vuze\jre\lib\zi\Etc\GMT-4
c:\program files\Vuze\jre\lib\zi\Etc\GMT-5
c:\program files\Vuze\jre\lib\zi\Etc\GMT-6
c:\program files\Vuze\jre\lib\zi\Etc\GMT-7
c:\program files\Vuze\jre\lib\zi\Etc\GMT-8
c:\program files\Vuze\jre\lib\zi\Etc\GMT-9
c:\program files\Vuze\jre\lib\zi\Etc\GMT
c:\program files\Vuze\jre\lib\zi\Etc\GMT+1
c:\program files\Vuze\jre\lib\zi\Etc\GMT+10
c:\program files\Vuze\jre\lib\zi\Etc\GMT+11
c:\program files\Vuze\jre\lib\zi\Etc\GMT+12
c:\program files\Vuze\jre\lib\zi\Etc\GMT+2
c:\program files\Vuze\jre\lib\zi\Etc\GMT+3
c:\program files\Vuze\jre\lib\zi\Etc\GMT+4
c:\program files\Vuze\jre\lib\zi\Etc\GMT+5
c:\program files\Vuze\jre\lib\zi\Etc\GMT+6
c:\program files\Vuze\jre\lib\zi\Etc\GMT+7
c:\program files\Vuze\jre\lib\zi\Etc\GMT+8
c:\program files\Vuze\jre\lib\zi\Etc\GMT+9
c:\program files\Vuze\jre\lib\zi\Etc\UCT
c:\program files\Vuze\jre\lib\zi\Etc\UTC
c:\program files\Vuze\jre\lib\zi\Europe\Amsterdam
c:\program files\Vuze\jre\lib\zi\Europe\Andorra
c:\program files\Vuze\jre\lib\zi\Europe\Athens
c:\program files\Vuze\jre\lib\zi\Europe\Belgrade
c:\program files\Vuze\jre\lib\zi\Europe\Berlin
c:\program files\Vuze\jre\lib\zi\Europe\Brussels
c:\program files\Vuze\jre\lib\zi\Europe\Bucharest
c:\program files\Vuze\jre\lib\zi\Europe\Budapest
c:\program files\Vuze\jre\lib\zi\Europe\Chisinau
c:\program files\Vuze\jre\lib\zi\Europe\Copenhagen
c:\program files\Vuze\jre\lib\zi\Europe\Dublin
c:\program files\Vuze\jre\lib\zi\Europe\Gibraltar
c:\program files\Vuze\jre\lib\zi\Europe\Helsinki
c:\program files\Vuze\jre\lib\zi\Europe\Istanbul
c:\program files\Vuze\jre\lib\zi\Europe\Kaliningrad
c:\program files\Vuze\jre\lib\zi\Europe\Kiev
c:\program files\Vuze\jre\lib\zi\Europe\Lisbon
c:\program files\Vuze\jre\lib\zi\Europe\London
c:\program files\Vuze\jre\lib\zi\Europe\Luxembourg
c:\program files\Vuze\jre\lib\zi\Europe\Madrid
c:\program files\Vuze\jre\lib\zi\Europe\Malta
c:\program files\Vuze\jre\lib\zi\Europe\Minsk
c:\program files\Vuze\jre\lib\zi\Europe\Monaco
c:\program files\Vuze\jre\lib\zi\Europe\Moscow
c:\program files\Vuze\jre\lib\zi\Europe\Oslo
c:\program files\Vuze\jre\lib\zi\Europe\Paris
c:\program files\Vuze\jre\lib\zi\Europe\Prague
c:\program files\Vuze\jre\lib\zi\Europe\Riga
c:\program files\Vuze\jre\lib\zi\Europe\Rome
c:\program files\Vuze\jre\lib\zi\Europe\Samara
c:\program files\Vuze\jre\lib\zi\Europe\Simferopol
c:\program files\Vuze\jre\lib\zi\Europe\Sofia
c:\program files\Vuze\jre\lib\zi\Europe\Stockholm
c:\program files\Vuze\jre\lib\zi\Europe\Tallinn
c:\program files\Vuze\jre\lib\zi\Europe\Tirane
c:\program files\Vuze\jre\lib\zi\Europe\Uzhgorod
c:\program files\Vuze\jre\lib\zi\Europe\Vaduz
c:\program files\Vuze\jre\lib\zi\Europe\Vienna
c:\program files\Vuze\jre\lib\zi\Europe\Vilnius
c:\program files\Vuze\jre\lib\zi\Europe\Volgograd
c:\program files\Vuze\jre\lib\zi\Europe\Warsaw
c:\program files\Vuze\jre\lib\zi\Europe\Zaporozhye
c:\program files\Vuze\jre\lib\zi\Europe\Zurich
c:\program files\Vuze\jre\lib\zi\GMT
c:\program files\Vuze\jre\lib\zi\HST
c:\program files\Vuze\jre\lib\zi\Indian\Antananarivo
c:\program files\Vuze\jre\lib\zi\Indian\Chagos
c:\program files\Vuze\jre\lib\zi\Indian\Christmas
c:\program files\Vuze\jre\lib\zi\Indian\Cocos
c:\program files\Vuze\jre\lib\zi\Indian\Comoro
c:\program files\Vuze\jre\lib\zi\Indian\Kerguelen
c:\program files\Vuze\jre\lib\zi\Indian\Mahe
c:\program files\Vuze\jre\lib\zi\Indian\Maldives
c:\program files\Vuze\jre\lib\zi\Indian\Mauritius
c:\program files\Vuze\jre\lib\zi\Indian\Mayotte
c:\program files\Vuze\jre\lib\zi\Indian\Reunion
c:\program files\Vuze\jre\lib\zi\MET
c:\program files\Vuze\jre\lib\zi\MST
c:\program files\Vuze\jre\lib\zi\MST7MDT
c:\program files\Vuze\jre\lib\zi\Pacific\Apia
c:\program files\Vuze\jre\lib\zi\Pacific\Auckland
c:\program files\Vuze\jre\lib\zi\Pacific\Chatham
c:\program files\Vuze\jre\lib\zi\Pacific\Chuuk
c:\program files\Vuze\jre\lib\zi\Pacific\Easter
c:\program files\Vuze\jre\lib\zi\Pacific\Efate
c:\program files\Vuze\jre\lib\zi\Pacific\Enderbury
c:\program files\Vuze\jre\lib\zi\Pacific\Fakaofo
c:\program files\Vuze\jre\lib\zi\Pacific\Fiji
c:\program files\Vuze\jre\lib\zi\Pacific\Funafuti
c:\program files\Vuze\jre\lib\zi\Pacific\Galapagos
c:\program files\Vuze\jre\lib\zi\Pacific\Gambier
c:\program files\Vuze\jre\lib\zi\Pacific\Guadalcanal
c:\program files\Vuze\jre\lib\zi\Pacific\Guam
c:\program files\Vuze\jre\lib\zi\Pacific\Honolulu
c:\program files\Vuze\jre\lib\zi\Pacific\Johnston
c:\program files\Vuze\jre\lib\zi\Pacific\Kiritimati
c:\program files\Vuze\jre\lib\zi\Pacific\Kosrae
c:\program files\Vuze\jre\lib\zi\Pacific\Kwajalein
c:\program files\Vuze\jre\lib\zi\Pacific\Majuro
c:\program files\Vuze\jre\lib\zi\Pacific\Marquesas
c:\program files\Vuze\jre\lib\zi\Pacific\Midway
c:\program files\Vuze\jre\lib\zi\Pacific\Nauru
c:\program files\Vuze\jre\lib\zi\Pacific\Niue
c:\program files\Vuze\jre\lib\zi\Pacific\Norfolk
c:\program files\Vuze\jre\lib\zi\Pacific\Noumea
c:\program files\Vuze\jre\lib\zi\Pacific\Pago_Pago
c:\program files\Vuze\jre\lib\zi\Pacific\Palau
c:\program files\Vuze\jre\lib\zi\Pacific\Pitcairn
c:\program files\Vuze\jre\lib\zi\Pacific\Pohnpei
c:\program files\Vuze\jre\lib\zi\Pacific\Port_Moresby
c:\program files\Vuze\jre\lib\zi\Pacific\Rarotonga
c:\program files\Vuze\jre\lib\zi\Pacific\Saipan
c:\program files\Vuze\jre\lib\zi\Pacific\Tahiti
c:\program files\Vuze\jre\lib\zi\Pacific\Tarawa
c:\program files\Vuze\jre\lib\zi\Pacific\Tongatapu
c:\program files\Vuze\jre\lib\zi\Pacific\Wake
c:\program files\Vuze\jre\lib\zi\Pacific\Wallis
c:\program files\Vuze\jre\lib\zi\PST8PDT
c:\program files\Vuze\jre\lib\zi\SystemV\AST4
c:\program files\Vuze\jre\lib\zi\SystemV\AST4ADT
c:\program files\Vuze\jre\lib\zi\SystemV\CST6
c:\program files\Vuze\jre\lib\zi\SystemV\CST6CDT
c:\program files\Vuze\jre\lib\zi\SystemV\EST5
c:\program files\Vuze\jre\lib\zi\SystemV\EST5EDT
c:\program files\Vuze\jre\lib\zi\SystemV\HST10
c:\program files\Vuze\jre\lib\zi\SystemV\MST7
c:\program files\Vuze\jre\lib\zi\SystemV\MST7MDT
c:\program files\Vuze\jre\lib\zi\SystemV\PST8
c:\program files\Vuze\jre\lib\zi\SystemV\PST8PDT
c:\program files\Vuze\jre\lib\zi\SystemV\YST9
c:\program files\Vuze\jre\lib\zi\SystemV\YST9YDT
c:\program files\Vuze\jre\lib\zi\WET
c:\program files\Vuze\jre\lib\zi\ZoneInfoMappings
c:\program files\Vuze\jre\LICENSE
c:\program files\Vuze\jre\LICENSE.txt
c:\program files\Vuze\jre\README.txt
c:\program files\Vuze\jre\THIRDPARTYLICENSEREADME.txt
c:\program files\Vuze\jre\Welcome.html
c:\program files\Vuze\plugins\azitunes\azitunes_0.3.1.jar
c:\program files\Vuze\plugins\azitunes\azureus.sig
c:\program files\Vuze\plugins\azitunes\jacob_1.17.2.jar
c:\program files\Vuze\plugins\azitunes\JACOB_LICENSE.TXT
c:\program files\Vuze\plugins\azitunes\JACOB_README.txt
c:\program files\Vuze\plugins\azitunes\libProcessAccess_0.1.3.jar
c:\program files\Vuze\plugins\azplugins\azplugins_2.1.7.jar
c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.17.jar
c:\program files\Vuze\plugins\azupdater\azureus.sig
c:\program files\Vuze\plugins\azupdater\Updater.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.4.7.jar
c:\program files\Vuze\plugins\azupnpav\azureus.sig
c:\program files\Vuze\swt.jar
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-17 to 2013-10-17  )))))))))))))))))))))))))))))))
.
.
2013-10-17 10:52 . 2013-10-17 10:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-17 10:31 . 2013-04-29 13:17    58808    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
2013-10-16 10:09 . 2013-10-16 10:09    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-10-15 22:08 . 2013-09-16 04:50    9694160    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B877CDD-FB67-42F8-AD15-744751CDD291}\mpengine.dll
2013-10-15 01:49 . 2013-04-04 18:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-15 01:44 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2013-10-15 01:44 . 2013-08-01 12:09    983488    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-15 01:43 . 2013-09-11 22:06    3361114    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-10-15 00:39 . 2013-10-15 00:39    5856    ----a-w-    c:\programdata\NanoRepository.bin
2013-10-15 00:08 . 2013-10-15 00:39    --------    d-----w-    C:\AdwCleaner
2013-10-14 23:43 . 2013-10-14 23:43    --------    d-----w-    c:\windows\ERUNT
2013-10-13 02:06 . 2013-10-15 01:41    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-10-13 02:06 . 2013-10-15 01:41    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-10-06 16:30 . 2013-10-06 16:30    --------    d-----w-    c:\programdata\Malwarebytes
2013-10-06 14:58 . 2013-10-15 01:41    --------    d-----w-    c:\programdata\Yahoo!
2013-10-06 14:56 . 2013-10-06 14:58    --------    d-----w-    c:\program files (x86)\Yahoo!
2013-10-06 00:06 . 2013-10-06 13:52    --------    d-----w-    c:\program files\Google
2013-10-06 00:06 . 2013-10-06 13:52    --------    d-----w-    c:\program files (x86)\Google
2013-10-05 16:19 . 2013-10-15 07:03    --------    d-----w-    c:\windows\system32\MRT
2013-10-03 23:35 . 2013-10-03 23:35    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-10-03 23:28 . 2013-10-03 23:28    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2013-10-03 23:26 . 2013-09-18 02:22    15901448    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-10-03 23:26 . 2013-06-21 12:06    1832224    ----a-w-    c:\windows\system32\nvdispco6432049.dll
2013-10-03 23:26 . 2013-06-21 12:06    15920536    ----a-w-    c:\windows\system32\SET7FE3.tmp
2013-10-03 23:26 . 2013-06-21 12:06    1511712    ----a-w-    c:\windows\system32\nvdispgenco6432049.dll
2013-10-03 23:25 . 2013-10-03 23:25    --------    d-----w-    C:\NVIDIA
2013-10-03 21:50 . 2010-02-04 14:01    78680    ----a-w-    c:\windows\system32\XAPOFX1_4.dll
2013-10-03 21:28 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-10-03 21:28 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-10-03 21:22 . 2013-10-03 21:22    --------    d-----w-    c:\windows\SysWow64\Wat
2013-10-03 21:22 . 2013-10-03 21:22    --------    d-----w-    c:\windows\system32\Wat
2013-10-03 11:19 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-10-03 11:19 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-10-03 11:19 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-10-03 11:09 . 2013-10-03 11:09    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-03 10:55 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-10-03 10:55 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-10-03 10:55 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-10-03 10:55 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2013-10-03 10:55 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-10-03 10:55 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-10-03 10:55 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-10-03 10:53 . 2012-03-01 06:46    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-10-03 10:53 . 2012-03-01 06:33    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-10-03 10:53 . 2012-03-01 05:33    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-10-03 10:53 . 2012-03-01 06:28    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-10-03 10:53 . 2012-03-01 05:29    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-10-03 07:13 . 2011-02-25 06:19    2871808    ----a-w-    c:\windows\explorer.exe
2013-10-03 07:12 . 2013-08-02 02:12    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2013-10-03 07:11 . 2012-11-22 05:44    800768    ----a-w-    c:\windows\system32\usp10.dll
2013-10-03 07:10 . 2012-08-11 00:56    715776    ----a-w-    c:\windows\system32\kerberos.dll
2013-10-03 07:09 . 2013-04-26 05:51    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-10-03 07:08 . 2012-06-06 06:05    495616    ----a-w-    c:\program files\Common Files\System\ado\msadox.dll
2013-10-03 02:48 . 2013-10-15 01:53    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2013-10-03 02:41 . 2013-10-16 22:00    --------    d-----w-    c:\users\UpdatusUser
2013-10-03 02:41 . 2013-10-17 10:31    --------    d-----w-    c:\programdata\NVIDIA
2013-10-03 02:41 . 2013-10-15 01:45    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2013-10-03 02:41 . 2013-09-12 07:25    6599968    ----a-w-    c:\windows\system32\nvcpl.dll
2013-10-03 02:41 . 2013-09-12 07:25    3452192    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-10-03 02:41 . 2013-09-12 07:25    920864    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-10-03 02:41 . 2013-09-12 07:25    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-10-03 02:41 . 2013-09-12 07:25    2559776    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-10-03 02:41 . 2013-09-12 07:25    219424    ----a-w-    c:\windows\system32\nvmctray.dll
2013-10-03 02:40 . 2013-10-15 01:41    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-10-03 02:40 . 2013-10-15 01:43    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-10-03 02:25 . 2013-10-03 02:25    --------    d-----w-    c:\windows\system32\CanonIJ Uninstaller Information
2013-10-03 02:25 . 2013-10-03 02:25    --------    d-----w-    c:\programdata\CanonBJ
2013-10-03 02:25 . 2012-03-14 09:00    99840    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-10-03 02:25 . 2012-03-14 09:00    30208    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-10-03 02:25 . 2012-03-14 09:00    385024    ----a-w-    c:\windows\system32\CNMLMAG.DLL
2013-10-03 02:16 . 2013-10-03 02:16    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-10-03 02:12 . 2013-10-17 10:31    --------    d-----w-    c:\programdata\Panda Security URL Filtering
2013-10-03 02:12 . 2013-10-03 02:12    --------    d-----w-    c:\programdata\Panda Security
2013-10-03 02:05 . 2013-10-03 02:05    --------    d-----w-    c:\programdata\ATI
2013-10-03 01:17 . 2013-10-03 01:17    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-10-03 01:04 . 2013-10-15 02:33    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-03 01:04 . 2013-10-15 02:33    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-03 01:04 . 2013-10-15 01:41    --------    d-----w-    c:\windows\SysWow64\Macromed
2013-10-03 01:04 . 2013-10-15 01:41    --------    d-----w-    c:\windows\system32\Macromed
2013-10-03 01:04 . 2013-10-03 01:04    --------    d-----w-    c:\programdata\FirstClass
2013-10-03 01:00 . 2013-04-22 10:34    9123608    ----a-w-    c:\windows\system32\MaxxAudioVnA64.dll
2013-10-03 00:59 . 2013-10-03 00:59    --------    d-----w-    c:\program files\ATI
2013-10-03 00:59 . 2013-10-03 01:00    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-10-03 00:59 . 2013-10-16 02:41    --------    d-sh--w-    c:\windows\Installer
2013-10-03 00:57 . 2013-10-03 00:57    --------    d-----w-    C:\MSI
2013-10-03 00:55 . 2012-02-17 06:38    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2013-10-03 00:55 . 2012-02-17 05:34    826880    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2013-10-03 00:55 . 2012-02-17 04:57    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2013-10-03 00:54 . 2013-10-15 01:43    --------    d-----w-    c:\users\JayZ
2013-10-03 00:54 . 2013-10-03 00:54    --------    d-----w-    C:\Recovery
2013-10-03 00:45 . 2013-10-03 00:45    --------    d-----w-    c:\programdata\Oracle
2013-10-03 00:45 . 2013-10-03 00:45    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-10-03 00:45 . 2013-10-03 00:45    868264    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-10-03 00:45 . 2013-10-03 00:45    790440    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-10-03 00:45 . 2013-10-03 00:45    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-03 00:45 . 2013-10-03 00:45    --------    d-----w-    c:\programdata\McAfee
2013-10-03 00:02 . 2013-10-15 01:41    --------    d-----w-    C:\SuperChargerProfile
2013-10-03 00:02 . 2013-10-03 00:02    --------    d-----w-    c:\program files (x86)\MSI
2013-10-03 00:01 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2013-10-03 00:01 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2013-10-03 00:01 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2013-10-03 00:01 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2013-10-03 00:01 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2013-10-03 00:01 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2013-10-03 00:01 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2013-10-03 00:01 . 2012-06-02 19:19    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2013-10-03 00:01 . 2012-06-02 19:15    36864    ----a-w-    c:\windows\system32\wuapp.exe
2013-10-03 00:01 . 2013-10-03 00:01    --------    d-----w-    c:\program files (x86)\ASM104xUSB3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-12 05:17 . 2013-09-12 05:17    571168    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-08-29 01:48 . 2013-10-15 01:45    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-07 08:22 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="g:\program files (x86)\SUPERAntiSpyware.exe" [2013-10-02 6588144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 630912]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"PSUAMain"="g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-07-08 32736]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2013-04-11 235072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MSICDSetup;MSICDSetup;h:\cdriver64.sys;h:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;h:\ntiolib_x64.sys;h:\NTIOLib_X64.sys [x]
R3 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
R3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys;c:\windows\SYSNATIVE\DRIVERS\netr7064.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S1 SASDIFSV;SASDIFSV;g:\program files (x86)\SASDIFSV64.SYS;g:\program files (x86)\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;g:\program files (x86)\SASKUTIL64.SYS;g:\program files (x86)\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;g:\program files (x86)\SASCORE64.EXE;g:\program files (x86)\SASCORE64.EXE [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe;g:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PSKMAD
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-03 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 108.171.182.150 108.171.182.159
FF - ProfilePath - c:\users\JayZ\AppData\Roaming\Mozilla\Firefox\Profiles\f1jc5xyh.default\
FF - prefs.js: browser.startup.homepage - google.ca

FF - ExtSQL: 2013-10-06 12:28; tldr@stremor.com; c:\users\JayZ\AppData\Roaming\Mozilla\Firefox\Profiles\f1jc5xyh.default\extensions\tldr@stremor.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-17  07:01:00
ComboFix-quarantined-files.txt  2013-10-17 11:00
ComboFix2.txt  2013-10-16 22:15
.
Pre-Run: 78,754,942,976 bytes free
Post-Run: 78,452,576,256 bytes free
.
- - End Of File - - D8F57B27FC42F7AB223E571988F969EA
A36C5E4F47E84449FF07ED3517B43A31
 

[jasonstaf]

MBAM results:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
JayZ :: JAYZ-PC [administrator]

Protection: Enabled

17/10/2013 7:06:57 AM
mbam-log-2013-10-17 (07-06-57).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 536971
Time elapsed: 1 hour(s), 28 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
D:\Documents and Settings\Jason's\Local Settings\Temp\+qbrvOIS.exe.part (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jason's\Local Settings\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{87CFCA9B-4433-4E86-A409-1650D73CAE03}\RP1116\A0159831.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 

[Psychotic]

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[jasonstaf]

eset results:

 

D:\Documents and Settings\All Users\Start Menu\Programs\eBay.url    Win32/Adware.ADON application
D:\Documents and Settings\Jason's\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url    Win32/Adware.ADON application
E:\Documents and Settings\All Users\Start Menu\Programs\eBay.url    Win32/Adware.ADON application
E:\Documents and Settings\Jason's\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url    Win32/Adware.ADON application
E:\Documents and Settings\Jason's\Local Settings\Temp\pak129E.tmp    a variant of Win32/Bundled.Toolbar.Ask application
 

[Psychotic]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[jasonstaf]

*************************

AdwCleaner[R0].txt - [1044 octets] - [14/10/2013 20:09:38]
AdwCleaner[s0].txt - [971 octets] - [14/10/2013 20:10:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1030 octets] ##########
# AdwCleaner v3.010 - Report created 21/10/2013 at 16:18:16
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : JayZ - JAYZ-PC
# Running from : C:\Users\JayZ\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\JayZ\AppData\Roaming\Mozilla\Firefox\Profiles\f1jc5xyh.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\JayZ\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2274 octets] - [14/10/2013 20:09:38]
AdwCleaner[R1].txt - [1000 octets] - [14/10/2013 20:38:36]
AdwCleaner[s0].txt - [2145 octets] - [14/10/2013 20:10:05]
AdwCleaner[s1].txt - [1061 octets] - [14/10/2013 20:39:11]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2265 octets] ##########

[jasonstaf]

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Panda Cloud Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAService.exe  
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
 Panda Security Panda Cloud Antivirus PSUNMain.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````
 

[Psychotic]

Your system is clean!

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

• Get the actual JRE from here
• Save jxpiinstall.exe to your desktop
• Close all running programs, especially your browser(s)
• Run jxpiinstall.exe. This will download the newest JRE installer and install the software
• when finished, go to
  Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
• When finished, reboot your computer.

After the reboot

• Open control panel again and click the java symbol.
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
• Click Delete Files.
  The Delete Temporary Files dialog box appears
• Click OK on Delete Temporary Files window.
• Click OK again.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

• System Updates
  Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
  Windows XP | Windows Vista |
  Windows 7 | windows 8
• Protection
  What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
  Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
• Up to date Software
  Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  
  • Secunia Online Software Inspector - Checks if your software has updates available.
  • Filehippo Update Checkere - This tool also scans your computer for outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
    

  [*] Backups
  There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
  It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.
  

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.