Jump to content

Recommended Posts

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.5.1
Run by Anthony at 0:12:50 on 2013-12-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1408 [GMT -8:00]
.
AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\wltrysvc.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\System32\WinService.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wltray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.





mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com

mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
uProxyServer = hxxp=;ftp=;https=;

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\anthony\appdata\roaming\complitly\Complitly.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [eRecoveryService] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SystemRoot%\system32\vsocklib.dll



TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8B1C9BFB-5076-4DAA-AA32-90D4B68D9BF3} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8B3404CE-E38F-4FDC-8DDB-7BF145B51022} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{95511A8C-90F4-4DA8-9CA9-7E428C4A5B2A} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{ACC02384-319F-4A76-BE1B-46BD2D69F176} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{B70758A4-0B36-4F5A-B566-99A44F7F379B} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{CBE1E88A-72D9-4D42-B0B0-3FD8CAD9F154} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{D7908665-8F08-47CC-8457-9B9BE4283B17} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E1657C98-10F5-4668-9E98-AB3CFE7FD1FB} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{F8D40673-B680-4C56-9996-5038FECCCFA5} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com


FF - component: c:\program files\relevantknowledge\components\rlxg.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko10.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko11.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\anthony\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\ick1ubuu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - a230e07b000000000000001cdfa12a8a
FF - user.js: extensions.BabylonToolbar_i.hardId - a230e07b000000000000001cdfa12a8a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.id - a230e07b000000000000001cdf0e69d5
FF - user.js: extensions.incredibar_i.instlDay - 15460
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:05:25
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8rrNIR91
FF - user.js: extensions.incredibar_i.upn2n - 92824276867108883
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 453
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=010812_906_cln_3112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com

FF - user.js: extensions.BabylonToolbar.id - a230e07b000000000000000c55f8df91
FF - user.js: extensions.BabylonToolbar.instlDay - 15555
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.119:51:02
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-4-16 21728]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-8-8 98928]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-6 35064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 38616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-10 242240]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2013-10-8 26248]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2013-10-6 15400]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2013-10-3 20384]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-10-11 70352]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-2-16 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-10-11 2327248]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2013-10-8 1070080]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-7-28 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-8 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-8 701512]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2013-12-21 167424]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-10-8 68464]
R2 RalinkRegistryWriter;RalinkRegistryWriter;c:\program files\netgear\wnda4100\service\RaRegistry.exe [2012-9-4 377088]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2012-4-16 186848]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2013-10-3 278528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-8 22856]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2012-11-12 1206560]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2012-6-8 13408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 wfcs;Windows Firewall Control;c:\program files\windows firewall control\wfcs.exe [2013-10-12 75264]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-6-20 30312]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2013-10-3 1384448]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-6-20 66112]
S3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\bcmusbdhdlh.sys [2012-4-19 238072]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2013-10-3 954368]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-3-20 464384]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2012-4-16 288768]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-6-20 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-6-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-6-20 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-6-20 114152]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-6-20 180672]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [2012-6-26 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-12-22 06:21:04 -------- d-----w- C:\fastboot
2013-12-22 05:55:15 -------- d-----w- c:\program files\Spirent Communications
2013-12-22 05:55:15 -------- d-----w- c:\program files\HTC
2013-12-12 23:30:31 -------- d-----w- c:\users\anthony\appdata\local\{25C20B72-48A9-4727-94FB-DAA36F8E1A57}
2013-12-12 23:30:30 -------- d-----w- c:\users\anthony\appdata\local\{4969D70B-F934-49E2-84EF-6B4C6BE20E29}
.
==================== Find3M  ====================
.
2013-12-14 04:51:55 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-14 04:51:55 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-12-14 04:51:55 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-12-14 04:51:54 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-11-02 23:49:17 86888 ----a-w- c:\windows\system32\LMIRfsClientNP(248).dll
2013-10-20 16:35:32 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-10-12 10:12:02 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-10-08 08:46:16 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-10-08 08:46:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 08:46:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 07:40:28 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-10-07 05:17:38 15400 ----a-w- c:\windows\system32\drivers\hmd.sys
2013-10-07 05:17:38 15400 ----a-w- c:\windows\inf\hmd\hmd.sys
.
============= FINISH:  0:14:22.78 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/16/2009 10:06:42 AM
System Uptime: 12/21/2013 10:55:47 PM (2 hours ago)
.
Motherboard: eMachines |  | MCP61PM-GM
Processor: AMD Athlon Dual Core Processor 4050e   | Socket AM2  | 2100/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 140.695 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is Removable
K: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
µTorrent
1ClickDownloader
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
AVI to DVD Converter
Belkin 54Mbps Wireless Network Adapter
Cheat Engine 6.1
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comodo Dragon
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Complitly
ConvertXtoDVD 4.1.10.348
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
DAEMON Tools Lite
Diablo II
Digital Media Reader
DirectCOM
Dynex Enhanced Wireless G USB Network Adapter Setup
Dynex Wireless G USB Network Adapter Setup
eMachines Games
eMachines Recovery Management
Expert PDF 7 Reader
FlvPlayer
FrostWire 4.21.3
Fruit Ninja 2 ìîçùá áòáøéú  - www.Fruit-Ninja.co.cc - àìîåâ äìì version 2
GearDrvs
GeekBuddy
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
Hunting Unlimited 2010
iolo technologies' System Mechanic Professional
IPTInstaller
Java Auto Updater
Java 6 Update 22
Java 6 Update 5
Java 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
kikin plugin 2.8
LG USB Modem driver
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
My.Freeze.com Toolbar
NETGEAR WNA1100 wireless USB 2.0 adapter
NETGEAR WNDA4100
NETGEAR WNDA4100 Genie
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OGA Notifier 2.0.0048.0
PowerISO
PVSonyDll
QPST
RarZilla Free Unrar
Realtek High Definition Audio Driver
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Segoe UI
Skype Toolbars
Skype™ 5.10
Super Hide IP
System Requirements Lab CYRI
tools-linux
Unity Web Player
UnRAR for Windows
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrent Turbo Accelerator
uTorrentControl2 Toolbar
Ventrilo Client
Video Strip Poker
VideoLAN VLC media player 0.8.6d
VmciSockets
VMware Player
Windows Driver Package - HTC, Corporation (HTCAND32) USB  (11/01/2013 2.0.0007.00023)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
WinZip 15.0
.
==== End Of File ===========================
 

"After posting your new post, make sure under options, you select Follow this topic button and choose Immediate Email Notification"

 i saw the selection for "Follow this topic" but i did not see anything labled "Immediate Email Notification"

Link to post
Share on other sites

Welcome to the forum.
 
Please download and run  RogueKiller 32 Bit to your desktop.
 
RogueKiller 64 Bit <---use this one for 64 bit systems
 
 
Quit all running programs.
 
For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
 
Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!
 
Don't run any other options, they're not all bad!!!!!!!
 
Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)
 
General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.
 
MrC
Note:
Please read all of my instructions completely including these.
 
Make sure system restore is turned on and running
 
Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly
Removing malware can be unpredictable
...unlikely but things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive
<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
<+>The removal of malware isn't instantaneous, please be patient.
<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs
<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.
 

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Anthony [Admin rights]

Mode : Scan -- Date : 12/22/2013 09:59:15

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] cltmng.exe -- C:\Users\Anthony\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]

[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\   \...\???ﯹ๛\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\GoogleUpdate.exe" < [x] -> STOPPED

 

¤¤¤ Registry Entries : 9 ¤¤¤

[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Anthony\AppData\Local\Google\Desktop\Install\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\?��?��?��\?��?��?��\???ﯹ๛\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\GoogleUpdate.exe" >) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Anthony\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : ConduitFloatingPlugin_hgiifhjbblnglipdbpdgagphlcbililb ("C:\Windows\system32\Rundll32.exe" "C:\Users\Anthony\AppData\Local\Temp\CT3292715\plugins\TBVerifier.dll",RunConduitFloatingPlugin hgiifhjbblnglipdbpdgagphlcbililb [7][7][x][x]) -> FOUND

[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\   \...\???ﯹ๛\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\GoogleUpdate.exe" < [x]) -> FOUND

[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\   \...\???ﯹ๛\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\GoogleUpdate.exe" < [x]) -> FOUND

[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\   \...\???ﯹ๛\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\GoogleUpdate.exe" < [x]) -> FOUND

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=; [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 3 ¤¤¤

[V1][sUSP PATH] ArcadeFrontier.job : C:\Users\Anthony\AppData\Local\ArcadeFrontier\veragent.exe [7] -> FOUND

[V2][sUSP PATH] ArcadeFrontier : C:\Users\Anthony\AppData\Local\ArcadeFrontier\veragent.exe [7] -> FOUND

[V2][sUSP PATH] OpenCandyHelperRunOnce : RunDll32.exe - "C:\Users\Anthony\AppData\Roaming\OpenCandy\FDC9EF2A0B16472BA1AA1976C6D224E5\OCBrowserHelper_1.0.3.85.dll",_OCRestartDll@16 [x][x][x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Folder] Install : C:\Users\Anthony\AppData\Local\Google\Desktop\Install [-] --> FOUND

[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND

 

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST332081 3AS SCSI Disk Device +++++

--- User ---

[MBR] 7c62f2a288d62a2c5dfe4f7edaf6f17c

[bSP] d89474759e1c94dcaf25da340284b493 : Acer MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 295003 Mo

User = LL1 ... OK!

Error reading LL2 MBR! ([0x1] Incorrect function. )

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic Flash Disk USB Device +++++

--- User ---

[MBR] 3e9e26911753fb661aa60015311871f8

[bSP] 190fcf2c94255f75694d1d95d48624a3 : Empty MBR Code

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 64 | Size: 3839 Mo

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_12222013_095915.txt >>
Link to post
Share on other sites

Please read the following information first.

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01

Ran by Anthony (administrator) on JDMCIVIC-PC on 22-12-2013 10:11:49

Running from C:\Users\Anthony\Desktop\farbar recovery

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Windows\System32\wltrysvc.exe

(Broadcom Corporation) C:\Windows\System32\bcmwltry.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Agere Systems) C:\Windows\System32\agrsmsvc.exe

() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(Ralink Technology, Corp.) C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe

(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe

() C:\Windows\System32\WinService.exe

(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

(VMware, Inc.) C:\Windows\System32\vmnat.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe

(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe

(Broadcom Corporation) C:\Windows\System32\wltray.exe

(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe

(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe

(Outfox Tv Productions Pty Ltd) C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe

(Outfox Tv Productions Pty Ltd) C:\Program Files\OutfoxTV\OutfoxTvService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Conduit) C:\Program Files\SearchProtect\bin\CltMngSvc.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2launcher.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [eRecoveryService] - [x]

HKLM\...\Run: [broadcom Wireless Manager] - C:\Windows\System32\wltray.exe [1282048 2007-06-14] (Broadcom Corporation)

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-06-08] (LogMeIn, Inc.)

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [6749512 2012-03-11] (COMODO)

HKLM\...\Run: [tvncontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)

HKLM\...\Run: [searchProtectAll] - C:\Program Files\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)

HKCU\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe [325120 2013-12-11] (Outfox Tv Productions Pty Ltd)

HKCU\...\Run: [DW7] - C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe [13209088 2013-12-22] (The Weather Channel)

HKCU\...\Run: [searchProtect] - C:\Users\Anthony\AppData\Roaming\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)

HKCU\...\Run: [ConduitFloatingPlugin_hgiifhjbblnglipdbpdgagphlcbililb] - "C:\Windows\system32\Rundll32.exe" "C:\Users\Anthony\AppData\Local\Temp\CT3292715\plugins\TBVerifier.dll",RunConduitFloatingPlugin hgiifhjbblnglipdbpdgagphlcbililb <===== ATTENTION

MountPoints2: L - L:\HTC_Sync_Manager_PC.exe

MountPoints2: M - M:\HTC_Sync_Manager_PC.exe

MountPoints2: {80418ebe-22dc-11e3-acd8-002197d5c81e} - M:\HTC_Sync_Manager_PC.exe

MountPoints2: {bac1b131-0354-11e2-bd8c-005056c00008} - D:\TL-Bootstrap.exe

MountPoints2: {bac1b141-0354-11e2-bd8c-005056c00008} - D:\TL-Bootstrap.exe

MountPoints2: {cf043197-cc8f-11e2-bf2e-002197d5c81e} - L:\ToolLauncher-Bootstrap.exe

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\jdmcivic\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)

HKU\jdmcivic\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe 1

HKU\jdmcivic\...\Run: [CollaborationHost] - C:\Windows\System32\p2phost.exe [ 2008-01-20] (Microsoft Corporation)

HKU\jdmcivic\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2012-07-13] (Skype Technologies S.A.)

HKU\jdmcivic\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-20] (Microsoft Corporation)

HKU\LogMeInRemoteUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

AppInit_DLLs: C:\Windows\System32\guard32.dll [ 2012-03-11] (COMODO)

Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

Startup: C:\Users\jdmcivic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\jdmcivic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

ProxyServer: http=;ftp=;https=;


HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://isearch.babylon.com/?babsrc=HP_ss&mntrId=a230e07b000000000000000c55f8df91

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com

URLSearchHook: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

URLSearchHook: HKLM - SearchFlyBar2 Toolbar - {efc335aa-59ec-45b0-b287-739521153d5b} - C:\Program Files\SearchFlyBar2\prxtbSear.dll (Conduit Ltd.)

URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

URLSearchHook: HKCU - SearchFlyBar2 Toolbar - {efc335aa-59ec-45b0-b287-739521153d5b} - C:\Program Files\SearchFlyBar2\prxtbSear.dll (Conduit Ltd.)

SearchScopes: HKLM - DefaultScope {1E0D27D0-FC84-490F-8931-10129C3A2356} URL = 


SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

SearchScopes: HKCU - DefaultScope {1E0D27D0-FC84-490F-8931-10129C3A2356} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN36456541041811312&UM=2

SearchScopes: HKCU - {025BB60C-2114-48A7-A422-9BA5D5BF744A} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002A6US&apn_uid=58C611C2-76B6-445B-B9ED-E9821A3E56CA&apn_sauid=8B52DB34-E95A-4D68-A67C-8C4843025E5E

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=a230e07b000000000000000c55f8df91

SearchScopes: HKCU - {1E0D27D0-FC84-490F-8931-10129C3A2356} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN36456541041811312&UM=2

SearchScopes: HKCU - {62E52C12-1549-4C51-A0CD-F73E9C628E8D} URL = http://search.yahoo.com/?ourmark=4&p={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = https://www.google.com/search?q={searchTerms}


SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb133/?search={searchTerms}&loc=IB_DS&a=6R8rrNIR91&i=26

BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Anthony\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)

BHO: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

BHO: ArcadeFrontier Addon - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - C:\Users\Anthony\AppData\Local\ArcadeFrontier\ArcadeFrontier.dll ()

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll No File

BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)

BHO: SearchFlyBar2 Toolbar - {efc335aa-59ec-45b0-b287-739521153d5b} - C:\Program Files\SearchFlyBar2\prxtbSear.dll (Conduit Ltd.)

Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

Toolbar: HKLM - SearchFlyBar2 Toolbar - {efc335aa-59ec-45b0-b287-739521153d5b} - C:\Program Files\SearchFlyBar2\prxtbSear.dll (Conduit Ltd.)

Toolbar: HKCU - uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - SearchFlyBar2 Toolbar - {EFC335AA-59EC-45B0-B287-739521153D5B} - C:\Program Files\SearchFlyBar2\prxtbSear.dll (Conduit Ltd.)




Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)

Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

FireFox:

========

FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default

FF user.js: detected! => C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\user.js

FF DefaultSearchEngine: SearchFlyBar2 Customized Web Search

FF SearchEngineOrder.1: Ask.com

FF SelectedSearchEngine: SearchFlyBar2 Customized Web Search



FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )

FF Plugin: @unity3d.com/UnityPlayer - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\searchplugins\conduit.xml

FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\searchplugins\MyStart Search.xml

FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\searchplugins\search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\kwinzy157.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\kwinzy159.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\kwinzy163.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

FF Extension: General Crawler - C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

FF Extension: LyricsParty-1 - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\2182c59b-52a6-4361-8582-ea68a9f74e27@30056f63-cd7d-4a99-a8d3-607bf2f1ac42.com

FF Extension: Babylon - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\ffxtlbr@babylon.com

FF Extension: incredibar.com - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\ffxtlbr@incredibar.com

FF Extension: OneClickDownloader - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\OneClickDownload@OneClickDownload.com

FF Extension: SearchGBY - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\plugin@searchgby.com

FF Extension: No Name - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\staged

FF Extension: InternetHelper3.1  - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}

FF Extension: ArcadeFrontier - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

FF Extension: uTorrentControl2 Community Toolbar - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

FF Extension: SearchFlyBar2  - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{efc335aa-59ec-45b0-b287-739521153d5b}

FF Extension: Default Tab - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\addon@defaulttab.com.xpi

FF Extension: Kwinzy - C:\Program Files\Mozilla Firefox\extensions\{52EF0988-5232-4465-86E7-6434B5891030}

FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF HKLM\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files\RelevantKnowledge

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

Chrome: 

=======



CHR DefaultSearchKeyword: google.com

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR Plugin: (Shockwave Flash) - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\HeadlineAlley_29\bar\1.bin\NP29Stub.dll No File

CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Unity Player) - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Windows Live\\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Bejeweled) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0

CHR Extension: (iron Man 3 D) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomdaglpgkkignaeelhbngdjkjglionl\1.2_0

CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Classic Games) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc\1.0_0

CHR Extension: (Street Racers) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohkjfondhjjfehnehlpmjpljpihfhfc\1_0

CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Sniper Team) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec\1.0.2_0

CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0

CHR Extension: (Google Voice (by Google)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0

CHR Extension: (Cargo Bridge) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0

CHR Extension: (Little Alchemy) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0

CHR Extension: (Need for Speed World) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0

CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk\1.0.1_0

CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Band Stars) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheefoolfafhhpdkpdkjpganobgachop\1.0.0.3_0

CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Anthony\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx

CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files\Complitly\chrome\ComplitlyChrome.crx

CHR HKLM\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Anthony\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx

CHR HKLM\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.55.crx

CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Anthony\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx

CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Anthony\AppData\Local\Temp\ccex.crx

CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader10.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)

R2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [220960 2013-09-22] (Conduit)

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1983232 2012-03-11] (COMODO)

R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] ()

S3 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)

R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)

R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1070080 2013-03-17] (iolo technologies, LLC)

S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [310672 2013-12-21] (Outfox Tv Productions Pty Ltd)

R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()

R2 RalinkRegistryWriter; C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-09-04] (Ralink Technology, Corp.)

R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646056 2011-03-31] (Rosetta Stone Ltd.)

R2 SCM_Service; C:\Windows\System32\WinService.exe [186848 2010-05-10] ()

R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2012-01-18] (VMware, Inc.)

R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2012-01-18] (VMware, Inc.)

R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)

R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2012-01-18] (VMware, Inc.)

S2 wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [75264 2013-10-12] (BiniSoft.org)

R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1134592 2007-06-14] (Broadcom Corporation)

R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [278528 2009-11-27] ()

U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\   \...\???\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1384448 2009-11-27] (Atheros Communications, Inc.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-06] (Windows ® Win 7 DDK provider)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [491816 2012-03-11] (COMODO)

R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38616 2012-03-11] (COMODO)

S3 dhdusb.NTx86; C:\Windows\System32\DRIVERS\bcmusbdhdlh.sys [238072 2008-01-08] ()

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-10] (DT Soft Ltd)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-03-17] (EldoS Corporation)

R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)

R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2013-10-06] ()

R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82400 2012-03-11] (COMODO)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1206560 2012-11-12] (Ralink Technology Corp.)

R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-03-17] (Raxco Software, Inc.)

R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2012-06-08] (LogMeIn, Inc.)

S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [288768 2007-12-26] (NETGEAR Inc.)

R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)

S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)

S3 UsbGps; C:\Windows\System32\DRIVERS\lgusbgps.sys [19968 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)

R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2012-01-18] (VMware, Inc.)

S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2012-01-18] (VMware, Inc.)

R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2012-01-18] (VMware, Inc.)

R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2012-01-18] (VMware, Inc.)

S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2011-08-29] (VMware, Inc.)

R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2012-01-18] (VMware, Inc.)

R3 vsbus; C:\Windows\System32\DRIVERS\vsb.sys [15264 2004-09-07] ()

S3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [47744 2004-09-07] ()

S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S4 LMIRfsClientNP; No ImagePath

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

U3 TrueSight; \??\ [x]

S3 ZDPSp60; System32\Drivers\ZDPSp60.sys [x]

 

==================== NetSvcs (Whitelisted) ===================
Link to post
Share on other sites

==================== One Month Created Files and Folders ========

 

2013-12-22 10:11 - 2013-12-22 10:11 - 00000000 ____D C:\FRST

2013-12-22 10:10 - 2013-12-22 10:11 - 00000000 ____D C:\Users\Anthony\Desktop\farbar recovery

2013-12-22 09:59 - 2013-12-22 09:59 - 00006363 _____ C:\Users\Anthony\Desktop\RKreport[0]_S_12222013_095915.txt

2013-12-22 09:58 - 2013-12-22 09:59 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\ZDPSp50a64.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 10919200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 02152344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01206560 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01122360 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01052704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx32.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00464384 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr73.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00429056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvm60x32.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00292840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00288768 _____ (NETGEAR Inc.) C:\Windows\system32\Drivers\wg111v2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00238648 _____ (ULi Electronics Inc.) C:\Windows\system32\Drivers\uliahci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00180672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00167528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00149480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00145952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00142904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00136680 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00132424 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00130616 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00122344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00121192 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00115816 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00114152 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadserd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00110280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdserd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00109112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00106088 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00104648 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00102968 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00098928 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00098408 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00076392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00074808 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00068464 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00066112 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00062080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00060984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00059448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00059388 _____ (PowerISO Computing, Inc.) C:\Windows\system32\Drivers\scdemu.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00056888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00055864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00055664 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00053224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00052992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00052792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00051200 _____ (Prolific Technology Inc.) C:\Windows\system32\Drivers\ser2pl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00047744 _____ C:\Windows\system32\Drivers\vserial.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00045160 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00045112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00043496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00041016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sisraid2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00036464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00035944 _____ (LSI Logic) C:\Windows\system32\Drivers\symc8xx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00034944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00034920 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_u3.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031848 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_hi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031280 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00030312 _____ (Google Inc) C:\Windows\system32\Drivers\ssadadb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025584 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00022784 _____ (Research In Motion Limited) C:\Windows\system32\Drivers\RimUsb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00022072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00021728 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00021048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020608 _____ (N-trig Innovative Technologies) C:\Windows\system32\Drivers\ntrigdigi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020024 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00019568 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017664 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\ZDPSp50.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00016624 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015264 _____ C:\Windows\system32\Drivers\vsb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00014920 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00014312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00013408 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\radpms.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012776 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwh.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010472 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010472 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010344 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010344 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parvdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00527848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00491816 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00440704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00386616 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00342584 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00242240 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00235064 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00190424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00180712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00161752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00141288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00125928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00118784 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G60I32.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00099816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00096312 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_scsi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00096312 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_fc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00094776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00089656 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_sas.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00082400 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00071272 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\djsvs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00061496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00058936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00057400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00049720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00048104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00047640 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00041576 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crusoe.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00040504 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpCISSs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00038616 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035944 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteraid.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035944 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteatapi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\CFRMD.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00034360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00033384 _____ (LSI Logic Corporation) C:\Windows\system32\Drivers\Mraid35x.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00032496 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00031288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00031288 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00030264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00028728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00027624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00026248 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00024832 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbmodem.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00024632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00023040 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\htcnprot.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019968 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbgps.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019968 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbdiag.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019600 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omgmt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019000 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00017952 _____ (Acer, Inc.) C:\Windows\system32\Drivers\int15_64.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00016440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015464 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015400 _____ C:\Windows\system32\Drivers\hmd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015392 _____ (Acer, Inc.) C:\Windows\system32\Drivers\int15.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00013056 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbbus.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00010144 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00005504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak

2013-12-22 09:56 - 2013-12-22 09:57 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 01384448 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athur.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 01204128 _____ (Agere Systems) C:\Windows\system32\Drivers\AGRSM.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00508416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00422968 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00300600 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00265688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00238072 _____ C:\Windows\system32\Drivers\bcmusbdhdlh.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00149560 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00109032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00101432 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu160m.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00079928 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00079416 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00071808 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00057400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00056376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00053376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00053248 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerIf.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk7.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00033664 _____ (CACE Technologies) C:\Windows\system32\Drivers\bcmwlnpf.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\BRGSp50a64.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00028216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00020608 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\BRGSp50.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017992 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017464 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bdasup.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak

2013-12-22 09:53 - 2013-12-22 10:01 - 00000000 ____D C:\Users\Anthony\Desktop\RK_Quarantine

2013-12-22 09:53 - 2013-12-22 09:53 - 03770368 _____ C:\Users\Anthony\Desktop\RogueKiller.exe

2013-12-22 09:31 - 2013-12-22 09:31 - 00000000 ____D C:\ProgramData\Oracle

2013-12-22 09:31 - 2013-12-22 09:30 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-22 09:30 - 2013-12-22 09:30 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-22 09:30 - 2013-12-22 09:30 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-22 09:30 - 2013-12-22 09:30 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-22 09:28 - 2013-12-22 09:28 - 00915368 _____ (Oracle Corporation) C:\Users\Anthony\Desktop\chromeinstall-7u45.exe

2013-12-22 09:28 - 2013-12-22 09:28 - 00000000 ____D C:\ProgramData\McAfee

2013-12-22 08:25 - 2013-12-22 08:50 - 00000000 ____D C:\Users\Anthony\Documents\Deer Drive

2013-12-22 08:25 - 2013-12-22 08:25 - 00000000 ____D C:\Users\Anthony\AppData\Local\NativeMessaging

2013-12-22 08:25 - 2013-12-22 08:25 - 00000000 ____D C:\Program Files\SearchFlyBar2

2013-12-22 08:24 - 2013-12-22 08:25 - 00000000 ____D C:\Program Files\MyPC Backup

2013-12-22 08:24 - 2013-12-22 08:24 - 00002177 _____ C:\Users\Anthony\Desktop\Deer Drive.lnk

2013-12-22 08:24 - 2013-12-22 08:24 - 00001172 _____ C:\Users\Anthony\Desktop\Games of the Month.lnk

2013-12-22 08:24 - 2013-12-22 08:24 - 00000886 _____ C:\Users\Anthony\Desktop\MyPC Backup.lnk

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Oberon Media

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games of the Month

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Program Files\SearchProtect

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Program Files\Oberon Media SIDR

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Program Files\Common Files\Oberon Media

2013-12-22 08:23 - 2013-12-22 08:24 - 00000000 ____D C:\ProgramData\Oberon Media

2013-12-22 08:22 - 2013-12-22 08:22 - 00001103 _____ C:\Users\Public\Desktop\The Weather Channel App.lnk

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\OpenCandy

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Users\Anthony\AppData\Local\The Weather Channel

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Program Files\The Weather Channel

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Program Files\OutfoxTV

2013-12-22 08:21 - 2013-12-22 08:21 - 01204160 _____ (ArcadeFrontier) C:\Users\Anthony\Desktop\ArcadeFrontierGames (1).exe

2013-12-22 08:21 - 2013-12-22 08:21 - 00000276 _____ C:\Windows\Tasks\ArcadeFrontier.job

2013-12-22 08:21 - 2013-12-22 08:21 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeFrontier

2013-12-22 08:21 - 2013-12-22 08:21 - 00000000 ____D C:\Users\Anthony\AppData\Local\ArcadeFrontier

2013-12-22 08:20 - 2013-12-22 08:20 - 01204160 _____ (ArcadeFrontier) C:\Users\Anthony\Desktop\ArcadeFrontierGames.exe

2013-12-22 06:13 - 2013-12-22 06:13 - 01210295 _____ C:\Users\Anthony\Desktop\pro_vpa.wmv

2013-12-22 06:06 - 2013-12-22 06:06 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\MPC-HC

2013-12-22 05:35 - 2013-12-22 05:35 - 118031598 _____ C:\Users\Anthony\Desktop\pro vpa.mp4

2013-12-22 05:11 - 2013-12-22 06:21 - 00408576 _____ C:\Users\Anthony\Desktop\Homeless Vet's testomonial's and footage.MSWMM

2013-12-22 02:17 - 2013-12-22 02:22 - 157072998 _____ C:\Users\Anthony\Desktop\wheels.mp4

2013-12-22 01:44 - 2013-12-22 01:46 - 69412446 _____ C:\Users\Anthony\Desktop\vet 3.mp4

2013-12-22 01:42 - 2013-12-22 01:42 - 00000000 ____D C:\Program Files\K-Lite Codec Pack

2013-12-22 01:42 - 2013-12-01 05:10 - 00218200 _____ C:\Windows\system32\unrar.dll

2013-12-22 01:38 - 2013-12-22 01:38 - 27145161 _____ (                                                            ) C:\Users\Anthony\Desktop\K-Lite_Codec_Pack_1020_Full.exe

2013-12-22 01:26 - 2013-12-22 01:43 - 90970232 _____ C:\Users\Anthony\Desktop\vet 2.mp4

2013-12-22 01:26 - 2013-12-22 01:43 - 331754551 _____ C:\Users\Anthony\Desktop\vet 1.mp4

2013-12-22 00:16 - 2013-12-22 00:16 - 00008962 _____ C:\Users\Anthony\Desktop\attach.txt

2013-12-22 00:16 - 2013-12-22 00:14 - 00023039 _____ C:\Users\Anthony\Desktop\dds.txt

2013-12-22 00:10 - 2013-12-22 00:10 - 00688992 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com

2013-12-21 22:19 - 2013-12-21 22:19 - 00000000 ____D C:\Program Files\DIFX

2013-12-21 21:55 - 2013-12-21 22:01 - 00000000 ____D C:\Program Files\HTC

2013-12-21 21:55 - 2013-12-21 21:55 - 00000000 ____D C:\Program Files\Spirent Communications

2013-12-21 19:06 - 2013-12-21 19:06 - 00000000 _____ C:\Users\Anthony\adb

2013-12-21 03:49 - 2013-12-21 03:49 - 00084992 _____ C:\Users\Anthony\Desktop\vpa movie.MSWMM

2013-12-12 15:30 - 2013-12-12 15:30 - 00000000 ____D C:\Users\Anthony\AppData\Local\{4969D70B-F934-49E2-84EF-6B4C6BE20E29}

2013-12-12 15:30 - 2013-12-12 15:30 - 00000000 ____D C:\Users\Anthony\AppData\Local\{25C20B72-48A9-4727-94FB-DAA36F8E1A57}

2013-12-09 20:47 - 2013-12-09 20:47 - 00160048 _____ C:\Windows\Minidump\Mini120913-01.dmp

 

==================== One Month Modified Files and Folders =======

 

2013-12-22 10:11 - 2013-12-22 10:11 - 00000000 ____D C:\FRST

2013-12-22 10:11 - 2013-12-22 10:10 - 00000000 ____D C:\Users\Anthony\Desktop\farbar recovery

2013-12-22 10:01 - 2013-12-22 09:53 - 00000000 ____D C:\Users\Anthony\Desktop\RK_Quarantine

2013-12-22 10:00 - 2009-02-16 10:05 - 02164549 _____ C:\Windows\WindowsUpdate.log

2013-12-22 09:59 - 2013-12-22 09:59 - 00006363 _____ C:\Users\Anthony\Desktop\RKreport[0]_S_12222013_095915.txt

2013-12-22 09:59 - 2013-12-22 09:58 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\ZDPSp50a64.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 10919200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 02152344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01206560 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01122360 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 01052704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx32.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00464384 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr73.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00429056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvm60x32.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00292840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00288768 _____ (NETGEAR Inc.) C:\Windows\system32\Drivers\wg111v2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00238648 _____ (ULi Electronics Inc.) C:\Windows\system32\Drivers\uliahci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00180672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00167528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00149480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00145952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00142904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00136680 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00132424 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00130616 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00122344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00121192 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00115816 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00114152 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadserd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00110280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdserd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00109112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00106088 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00104648 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00102968 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00098928 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00098408 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00076392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00074808 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00068464 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00066112 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00062080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00060984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00059448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00059388 _____ (PowerISO Computing, Inc.) C:\Windows\system32\Drivers\scdemu.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00056888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00055864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00055664 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00053224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00052992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00052792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00051200 _____ (Prolific Technology Inc.) C:\Windows\system32\Drivers\ser2pl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00047744 _____ C:\Windows\system32\Drivers\vserial.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00045160 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00045112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00043496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00041016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sisraid2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00036464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00035944 _____ (LSI Logic) C:\Windows\system32\Drivers\symc8xx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00034944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00034920 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_u3.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031848 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_hi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031280 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00030312 _____ (Google Inc) C:\Windows\system32\Drivers\ssadadb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025584 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00022784 _____ (Research In Motion Limited) C:\Windows\system32\Drivers\RimUsb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00022072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00021728 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00021048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020608 _____ (N-trig Innovative Technologies) C:\Windows\system32\Drivers\ntrigdigi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) 

Link to post
Share on other sites

C:\Windows\system32\Drivers\secdrv.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00020024 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00019568 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017664 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\ZDPSp50.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00016624 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00015264 _____ C:\Windows\system32\Drivers\vsb.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00014920 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00014312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00013408 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\radpms.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012776 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwh.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010472 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010472 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010344 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00010344 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parvdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak

2013-12-22 09:58 - 2013-12-22 09:58 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00527848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00491816 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00440704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00386616 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00342584 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00242240 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00235064 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00190424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00180712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00161752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00141288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00125928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00118784 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G60I32.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00099816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00096312 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_scsi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00096312 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_fc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00094776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00089656 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_sas.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00082400 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00071272 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\djsvs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00061496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00058936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00057400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00049720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00048104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00047640 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00041576 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crusoe.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00040504 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpCISSs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00038616 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035944 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteraid.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035944 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteatapi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00035064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\CFRMD.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00034360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00033384 _____ (LSI Logic Corporation) C:\Windows\system32\Drivers\Mraid35x.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00032496 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00031288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00031288 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00030264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omp.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00028728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00027624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00026248 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00024832 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbmodem.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00024632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00023040 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\htcnprot.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019968 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbgps.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019968 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbdiag.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019600 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omgmt.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00019000 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00017952 _____ (Acer, Inc.) C:\Windows\system32\Drivers\int15_64.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00016440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015464 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015400 _____ C:\Windows\system32\Drivers\hmd.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00015392 _____ (Acer, Inc.) C:\Windows\system32\Drivers\int15.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00013056 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgusbbus.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00010144 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak

2013-12-22 09:57 - 2013-12-22 09:57 - 00005504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak

2013-12-22 09:57 - 2013-12-22 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 01384448 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athur.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 01204128 _____ (Agere Systems) C:\Windows\system32\Drivers\AGRSM.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00508416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00422968 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00300600 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00265688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00238072 _____ C:\Windows\system32\Drivers\bcmusbdhdlh.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00149560 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00109032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00101432 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu160m.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00079928 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00079416 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00071808 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00057400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00056376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00053376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00053248 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerIf.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk7.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00033664 _____ (CACE Technologies) C:\Windows\system32\Drivers\bcmwlnpf.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\BRGSp50a64.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00028216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00020608 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\BRGSp50.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017992 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017464 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bdasup.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak

2013-12-22 09:56 - 2013-12-22 09:56 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak

2013-12-22 09:53 - 2013-12-22 09:53 - 03770368 _____ C:\Users\Anthony\Desktop\RogueKiller.exe

2013-12-22 09:34 - 2012-05-07 03:55 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627868057-3445255397-3797218724-1001UA.job

2013-12-22 09:31 - 2013-12-22 09:31 - 00000000 ____D C:\ProgramData\Oracle

2013-12-22 09:31 - 2008-10-29 18:34 - 00000000 ____D C:\Program Files\Common Files\Java

2013-12-22 09:30 - 2013-12-22 09:31 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-22 09:30 - 2013-12-22 09:30 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-22 09:30 - 2013-12-22 09:30 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-22 09:30 - 2013-12-22 09:30 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-22 09:30 - 2008-10-29 18:34 - 00000000 ____D C:\Program Files\Java

2013-12-22 09:28 - 2013-12-22 09:28 - 00915368 _____ (Oracle Corporation) C:\Users\Anthony\Desktop\chromeinstall-7u45.exe

2013-12-22 09:28 - 2013-12-22 09:28 - 00000000 ____D C:\ProgramData\McAfee

2013-12-22 08:50 - 2013-12-22 08:25 - 00000000 ____D C:\Users\Anthony\Documents\Deer Drive

2013-12-22 08:33 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-22 08:33 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-22 08:29 - 2013-09-20 00:36 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\SearchProtect

2013-12-22 08:26 - 2013-09-20 00:34 - 00000009 _____ C:\END

2013-12-22 08:25 - 2013-12-22 08:25 - 00000000 ____D C:\Users\Anthony\AppData\Local\NativeMessaging

2013-12-22 08:25 - 2013-12-22 08:25 - 00000000 ____D C:\Program Files\SearchFlyBar2

2013-12-22 08:25 - 2013-12-22 08:24 - 00000000 ____D C:\Program Files\MyPC Backup

2013-12-22 08:25 - 2013-09-20 00:38 - 00000000 ____D C:\ProgramData\Conduit

2013-12-22 08:25 - 2013-09-20 00:37 - 00000000 ____D C:\Users\Anthony\AppData\Local\CRE

2013-12-22 08:25 - 2012-03-28 23:09 - 00000000 ____D C:\Users\Anthony\AppData\Local\Conduit

2013-12-22 08:25 - 2012-03-28 23:09 - 00000000 ____D C:\Program Files\Conduit

2013-12-22 08:24 - 2013-12-22 08:24 - 00002177 _____ C:\Users\Anthony\Desktop\Deer Drive.lnk

2013-12-22 08:24 - 2013-12-22 08:24 - 00001172 _____ C:\Users\Anthony\Desktop\Games of the Month.lnk

2013-12-22 08:24 - 2013-12-22 08:24 - 00000886 _____ C:\Users\Anthony\Desktop\MyPC Backup.lnk

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Oberon Media

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games of the Month

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Program Files\SearchProtect

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Program Files\Oberon Media SIDR

2013-12-22 08:24 - 2013-12-22 08:24 - 00000000 ____D C:\Program Files\Common Files\Oberon Media

2013-12-22 08:24 - 2013-12-22 08:23 - 00000000 ____D C:\ProgramData\Oberon Media

2013-12-22 08:24 - 2009-11-18 13:44 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-22 08:22 - 2013-12-22 08:22 - 00001103 _____ C:\Users\Public\Desktop\The Weather Channel App.lnk

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\OpenCandy

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Users\Anthony\AppData\Local\The Weather Channel

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Program Files\The Weather Channel

2013-12-22 08:22 - 2013-12-22 08:22 - 00000000 ____D C:\Program Files\OutfoxTV

2013-12-22 08:21 - 2013-12-22 08:21 - 01204160 _____ (ArcadeFrontier) C:\Users\Anthony\Desktop\ArcadeFrontierGames (1).exe

2013-12-22 08:21 - 2013-12-22 08:21 - 00000276 _____ C:\Windows\Tasks\ArcadeFrontier.job

2013-12-22 08:21 - 2013-12-22 08:21 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeFrontier

2013-12-22 08:21 - 2013-12-22 08:21 - 00000000 ____D C:\Users\Anthony\AppData\Local\ArcadeFrontier

2013-12-22 08:20 - 2013-12-22 08:20 - 01204160 _____ (ArcadeFrontier) C:\Users\Anthony\Desktop\ArcadeFrontierGames.exe

2013-12-22 06:21 - 2013-12-22 05:11 - 00408576 _____ C:\Users\Anthony\Desktop\Homeless Vet's testomonial's and footage.MSWMM

2013-12-22 06:13 - 2013-12-22 06:13 - 01210295 _____ C:\Users\Anthony\Desktop\pro_vpa.wmv

2013-12-22 06:06 - 2013-12-22 06:06 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\MPC-HC

2013-12-22 05:35 - 2013-12-22 05:35 - 118031598 _____ C:\Users\Anthony\Desktop\pro vpa.mp4

2013-12-22 05:09 - 2012-04-07 13:45 - 00000000 ____D C:\Users\Anthony\Desktop\Download

2013-12-22 03:32 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tracing

2013-12-22 02:22 - 2013-12-22 02:17 - 157072998 _____ C:\Users\Anthony\Desktop\wheels.mp4

2013-12-22 01:46 - 2013-12-22 01:44 - 69412446 _____ C:\Users\Anthony\Desktop\vet 3.mp4

2013-12-22 01:43 - 2013-12-22 01:26 - 90970232 _____ C:\Users\Anthony\Desktop\vet 2.mp4

2013-12-22 01:43 - 2013-12-22 01:26 - 331754551 _____ C:\Users\Anthony\Desktop\vet 1.mp4

2013-12-22 01:42 - 2013-12-22 01:42 - 00000000 ____D C:\Program Files\K-Lite Codec Pack

2013-12-22 01:38 - 2013-12-22 01:38 - 27145161 _____ (                                                            ) C:\Users\Anthony\Desktop\K-Lite_Codec_Pack_1020_Full.exe

2013-12-22 00:40 - 2006-11-02 02:33 - 00761008 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-22 00:33 - 2012-03-31 13:53 - 00000000 ____D C:\ProgramData\VMware

2013-12-22 00:33 - 2009-02-16 10:12 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml

2013-12-22 00:33 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-22 00:32 - 2012-07-28 13:17 - 00000000 ____D C:\ProgramData\LogMeIn

2013-12-22 00:32 - 2012-07-16 09:10 - 00000012 _____ C:\Windows\bthservsdp.dat

2013-12-22 00:32 - 2012-03-28 23:07 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\uTorrent

2013-12-22 00:32 - 2006-11-02 05:01 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-22 00:16 - 2013-12-22 00:16 - 00008962 _____ C:\Users\Anthony\Desktop\attach.txt

2013-12-22 00:14 - 2013-12-22 00:16 - 00023039 _____ C:\Users\Anthony\Desktop\dds.txt

2013-12-22 00:10 - 2013-12-22 00:10 - 00688992 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com

2013-12-21 22:47 - 2013-09-12 09:37 - 00092796 _____ C:\Windows\DPINST.LOG

2013-12-21 22:47 - 2012-03-28 20:28 - 00000000 ____D C:\Users\Anthony

2013-12-21 22:36 - 2013-10-09 10:56 - 00002650 _____ C:\Windows\setupact.log

2013-12-21 22:19 - 2013-12-21 22:19 - 00000000 ____D C:\Program Files\DIFX

2013-12-21 22:19 - 2013-09-13 16:52 - 00000000 ____D C:\Users\Anthony\Desktop\New Folder (2)

2013-12-21 22:01 - 2013-12-21 21:55 - 00000000 ____D C:\Program Files\HTC

2013-12-21 21:55 - 2013-12-21 21:55 - 00000000 ____D C:\Program Files\Spirent Communications

2013-12-21 19:34 - 2012-05-07 03:55 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627868057-3445255397-3797218724-1001Core.job

2013-12-21 19:12 - 2013-09-12 09:59 - 00000000 ____D C:\Users\Anthony\.android

2013-12-21 19:06 - 2013-12-21 19:06 - 00000000 _____ C:\Users\Anthony\adb

2013-12-21 08:46 - 2012-03-28 21:53 - 00033280 _____ C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-12-21 03:49 - 2013-12-21 03:49 - 00084992 _____ C:\Users\Anthony\Desktop\vpa movie.MSWMM

2013-12-17 17:56 - 2008-01-20 18:47 - 00465414 _____ C:\Windows\PFRO.log

2013-12-16 19:52 - 2012-03-31 14:06 - 00000000 ____D C:\Users\Anthony\AppData\Local\VMware

2013-12-16 19:37 - 2012-03-31 14:06 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\VMware

2013-12-13 20:53 - 2012-07-28 13:17 - 00000000 ____D C:\Program Files\LogMeIn

2013-12-13 20:51 - 2012-07-28 13:18 - 00086888 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll

2013-12-13 20:51 - 2012-07-28 13:18 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll

2013-12-13 20:51 - 2012-07-28 13:17 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

2013-12-12 15:30 - 2013-12-12 15:30 - 00000000 ____D C:\Users\Anthony\AppData\Local\{4969D70B-F934-49E2-84EF-6B4C6BE20E29}

2013-12-12 15:30 - 2013-12-12 15:30 - 00000000 ____D C:\Users\Anthony\AppData\Local\{25C20B72-48A9-4727-94FB-DAA36F8E1A57}

2013-12-09 20:47 - 2013-12-09 20:47 - 00160048 _____ C:\Windows\Minidump\Mini120913-01.dmp

2013-12-09 20:47 - 2009-03-31 11:13 - 00000000 ____D C:\Windows\Minidump

2013-12-09 20:46 - 2013-10-08 14:12 - 248843134 _____ C:\Windows\MEMORY.DMP

2013-12-01 05:10 - 2013-12-22 01:42 - 00218200 _____ C:\Windows\system32\unrar.dll

ZeroAccess:

C:\Users\Anthony\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files\Google\Desktop\Install

 

Files to move or delete:

====================

C:\ProgramData\C__Users_Anthony_AppData_Local_Temp_wz640f_SuperHideIP.exe

 

 

Some content of TEMP:

====================

C:\Users\Anthony\AppData\Local\Temp\BackupSetup.exe

C:\Users\Anthony\AppData\Local\Temp\deerdrive-111448437-setup.s111448437.c110268333.len.u.dl.exe

C:\Users\Anthony\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Anthony\AppData\Local\Temp\mconduitinstaller.exe

C:\Users\Anthony\AppData\Local\Temp\nse4F91.exe

C:\Users\Anthony\AppData\Local\Temp\nskCB65.exe

C:\Users\Anthony\AppData\Local\Temp\nsoCF3E.exe

C:\Users\Anthony\AppData\Local\Temp\nsp6833.exe

C:\Users\Anthony\AppData\Local\Temp\nst1CCE.exe

C:\Users\Anthony\AppData\Local\Temp\nszE0CB.exe

C:\Users\Anthony\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Anthony\AppData\Local\Temp\SPStub.exe

C:\Users\Anthony\AppData\Local\Temp\The_Weather_Channel_Application.exe

C:\Users\Anthony\AppData\Local\Temp\utt4AF5.tmp.exe

C:\Users\Anthony\AppData\Local\Temp\vcredist_x86.exe

C:\Users\jdmcivic\AppData\Local\Temp\atl80.dll

C:\Users\jdmcivic\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\jdmcivic\AppData\Local\Temp\FlashPlayerUpdate01.exe

C:\Users\jdmcivic\AppData\Local\Temp\FlashPlayerUpdate02.exe

C:\Users\jdmcivic\AppData\Local\Temp\fr_tbuhh.dll

C:\Users\jdmcivic\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe

C:\Users\jdmcivic\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe

C:\Users\jdmcivic\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe

C:\Users\jdmcivic\AppData\Local\Temp\libexpat.dll

C:\Users\jdmcivic\AppData\Local\Temp\mfc80.dll

C:\Users\jdmcivic\AppData\Local\Temp\mfc80u.dll

C:\Users\jdmcivic\AppData\Local\Temp\mfcm80.dll

C:\Users\jdmcivic\AppData\Local\Temp\mfcm80u.dll

C:\Users\jdmcivic\AppData\Local\Temp\msvcm80.dll

C:\Users\jdmcivic\AppData\Local\Temp\msvcp80.dll

C:\Users\jdmcivic\AppData\Local\Temp\msvcr80.dll

C:\Users\jdmcivic\AppData\Local\Temp\nlsdl.dll

C:\Users\jdmcivic\AppData\Local\Temp\setup.exe

C:\Users\jdmcivic\AppData\Local\Temp\tmdbg32.dll

C:\Users\jdmcivic\AppData\Local\Temp\ytb.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2013-12-22 00:39

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01

Ran by Anthony at 2013-12-22 10:13:40

Running from C:\Users\Anthony\Desktop\farbar recovery

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: System Shield (Enabled - Up to date) {C132074B-BF68-2E15-D4FD-E242EED15F18}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: System Shield (Enabled - Up to date) {7A53E6AF-9952-219B-EE4D-D930955615A5}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958)

µTorrent (HKCU Version: 3.4.0.30331)

µTorrent (Version: 3.1.3)

1ClickDownloader (Version: 2.7 Build 26473) <==== ATTENTION

Adobe AIR (Version: 2.5.1.17730)

Adobe Flash Player 10 Plugin (Version: 10.2.152.32)

Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)

Adobe Reader 8.3.1 (Version: 8.3.1)

ArcadeFrontier

AVI to DVD Converter (Version: 3.0.26.0314)

Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)

Cheat Engine 6.1

Cisco EAP-FAST Module (Version: 2.2.14)

Cisco LEAP Module (Version: 1.0.19)

Cisco PEAP Module (Version: 1.1.6)

Comodo Dragon (Version: 15.0)

COMODO Internet Security (Version: 5.10.31649.2253)

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

Complitly

ConvertXtoDVD 4.1.10.348 (Version: 4.1.10.348)

CyberLink LabelPrint (Version: 2.0.3111)

CyberLink Power2Go (Version: 6.0.2115)

D3DX10 (Version: 15.4.2368.0902)

DAEMON Tools Lite (Version: 4.45.4.0315)

Deer Drive

Diablo II

Digital Media Reader (Version: 2.01.03.01)

DirectCOM (Version: 1.1.5)

Dynex Enhanced Wireless G USB Network Adapter Setup (Version: 2.20)

Dynex Wireless G USB Network Adapter Setup (Version: 2.20)

eMachines Games (Version: 1.0.0.71)

eMachines Recovery Management (Version: 3.1.3003)

Expert PDF 7 Reader (Version: 7.0.1370.0)

FlvPlayer (Version: ${VERSION})

FrostWire 4.21.3 (Version: 4.21.3.0)

Fruit Ninja 2 ìîçùá áòáøéú  - www.Fruit-Ninja.co.cc - àìîåâ äìì version 2 (Version: 2)

GearDrvs (Version: 1.00.0000)

GearDrvs (Version: 5.0.0.2)

GeekBuddy (Version: 4.9.73)

Google Chrome (HKCU Version: 30.0.1599.69)

HTC BMP USB Driver (Version: 1.0.5375)

HTC Driver Installer (Version: 4.2.0.001)

Hunting Unlimited 2010

iolo technologies' System Mechanic Professional (Version: 11.7.0)

IPTInstaller (Version: 4.0.8)

Java 7 Update 45 (Version: 7.0.450)

Java Auto Updater (Version: 2.1.9.8)

Java 6 Update 22 (Version: 6.0.220)

Java 6 Update 5 (Version: 1.6.0.50)

JavaFX 2.1.1 (Version: 2.1.1)

Junk Mail filter update (Version: 15.4.3502.0922)

kikin plugin 2.8 (Version: 2.8)

K-Lite Codec Pack 10.2.0 Full (Version: 10.2.0)

LG USB Modem driver

LogMeIn (Version: 4.1.2504)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Mesh Runtime (Version: 15.4.5722.2)

Messenger Companion (Version: 15.4.3502.0922)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Suite Activation Assistant (Version: 2.9)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Works (Version: 9.7.0621)

Mozilla Firefox 12.0 (x86 en-GB) (Version: 12.0)

Mozilla Maintenance Service (Version: 12.0)

MSVCRT (Version: 15.4.2862.0708)

My.Freeze.com Toolbar (Version: 3.6.0)

MyPC Backup  (Version: ) <==== ATTENTION

NETGEAR WNA1100 wireless USB 2.0 adapter (Version: 1.0.0.133)

NETGEAR WNDA4100 (Version: 1.2.0.10)

NETGEAR WNDA4100 Genie (Version: 1.2.0.10)

NVIDIA Control Panel 307.83 (Version: 307.83)

NVIDIA Display Control Panel (Version: 6.14.11.9675)

NVIDIA Drivers (Version: 1.10.57.35)

NVIDIA Graphics Driver 307.83 (Version: 307.83)

NVIDIA Install Application (Version: 2.1002.109.706)

NVIDIA Update 1.10.8 (Version: 1.10.8)

NVIDIA Update Components (Version: 1.10.8)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

OutfoxTV

PowerISO (Version: 4.7)

PVSonyDll (Version: 1.00.0001)

QPST

RarZilla Free Unrar (Version: 4.80)

Realtek High Definition Audio Driver (Version: 6.0.1.5643)

Rosetta Stone Ltd Services (Version: 3.2.17)

Rosetta Stone TOTALe (Version: 4.1.1)

Rosetta Stone TOTALe (Version: 4.1.15.1)

SAMSUNG USB Driver for Mobile Phones (Version: 1.3.1900.0)

Search Protect by conduit (Version: 1.7.0.72) <==== ATTENTION

SearchFlyBar2 Toolbar for IE (Version: 6.17.2.8)

Segoe UI (Version: 15.4.2271.0615)

Skype Toolbars (Version: 1.0.4051)

Skype™ 5.10 (Version: 5.10.116)

Super Hide IP (Version: 3.1.7.6)

System Requirements Lab CYRI (Version: 4.5.1.0)

The Weather Channel App

tools-linux (Version: 8.8.2.591240)

Unity Web Player (Version: 2.5.5b4_50)

UnRAR for Windows

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

uTorrent Turbo Accelerator (Version: 2.2.0.0)

uTorrentControl2 Toolbar (Version: 6.8.5.1) <==== ATTENTION

Ventrilo Client (Version: 3.0.5)

Video Strip Poker

VideoLAN VLC media player 0.8.6d (Version: 0.8.6d)

VmciSockets (Version: 9.1.54.1)

VMware Player (Version: 4.0.2.28060)

Windows Driver Package - HTC, Corporation (HTCAND32) USB  (11/01/2013 2.0.0007.00023) (Version: 11/01/2013 2.0.0007.00023)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3508.1109)

Windows Live Family Safety (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live Messenger Companion Core (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Mobile Device Center (Version: 6.1.6965.0)

WinZip 15.0 (Version: 15.0.9302)

 

==================== Restore Points  =========================

 

30-11-2013 08:00:01 Scheduled Checkpoint

01-12-2013 15:33:03 Scheduled Checkpoint

03-12-2013 15:56:54 Scheduled Checkpoint

04-12-2013 07:35:28 Scheduled Checkpoint

05-12-2013 08:03:29 Scheduled Checkpoint

06-12-2013 07:17:53 Scheduled Checkpoint

07-12-2013 09:21:16 Scheduled Checkpoint

08-12-2013 23:28:25 Scheduled Checkpoint

11-12-2013 04:35:48 Scheduled Checkpoint

12-12-2013 13:09:22 Scheduled Checkpoint

13-12-2013 08:00:35 Scheduled Checkpoint

14-12-2013 08:00:04 Scheduled Checkpoint

15-12-2013 08:26:21 Scheduled Checkpoint

18-12-2013 05:08:06 Scheduled Checkpoint

19-12-2013 08:00:03 Scheduled Checkpoint

20-12-2013 08:29:02 Scheduled Checkpoint

21-12-2013 19:57:18 Scheduled Checkpoint

22-12-2013 05:54:02 Installed HTC Driver Installer.

22-12-2013 05:56:55 Device Driver Package Install: HTC Network Protocol

22-12-2013 05:57:02 Device Driver Package Install: HTC Corporation Network adapters

22-12-2013 05:59:27 Device Driver Package Install: HTC Corporation Portable Devices

22-12-2013 06:01:08 Installed HTC BMP USB Driver.

22-12-2013 06:08:13 Device Driver Package Install: HTC, Corporation

22-12-2013 06:08:42 Device Driver Package Install: HTC Corporation Network adapters

22-12-2013 06:09:47 Device Driver Package Install: HTC Corporation Portable Devices

22-12-2013 06:19:17 Device Driver Package Install: HTC, Corporation

22-12-2013 06:40:43 Device Driver Package Install: HTC, Corporation Android USB Devices

22-12-2013 06:44:58 Device Driver Package Install: HTC, Corporation

22-12-2013 06:45:14 Device Driver Package Install: HTC Corporation Network adapters

22-12-2013 06:46:12 Device Driver Package Install: HTC Corporation Portable Devices

22-12-2013 17:29:11 Installed Java 7 Update 45

22-12-2013 17:59:55 before virus removal

 

==================== Hosts content: ==========================

 

2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2BAD4037-7FF9-4529-963F-F357D9A13469} - System32\Tasks\RunOW => C:\Program Files\Overwolf\Overwolf.exe

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {34DBEADF-6DEC-4BF2-B1CE-1C75709CC271} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-627868057-3445255397-3797218724-1001Core => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {6D7ECD59-D332-4E02-AB14-120FB93248AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-627868057-3445255397-3797218724-1001UA => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe

Task: {8A27259B-E6AD-4129-A4E2-66B6A2DE6D62} - System32\Tasks\{8D95B456-7D52-42A0-B8BE-6DA6ACD1C40E} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)

Task: {963FFB9A-1E47-41DA-94DD-E67650AD092D} - System32\Tasks\ArcadeFrontier => C:\Users\Anthony\AppData\Local\ArcadeFrontier\veragent.exe [2013-12-11] ()

Task: {999A567B-DA9A-4682-9137-54C39F9577B6} - System32\Tasks\OpenCandyHelperRunOnce => Rundll32.exe "C:\Users\Anthony\AppData\Roaming\OpenCandy\FDC9EF2A0B16472BA1AA1976C6D224E5\OCBrowserHelper_1.0.3.85.dll",_OCRestartDll@16

Task: {D658D8D7-B874-4C46-B16C-8CB49241C3FD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2008-01-20] ()

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: C:\Windows\Tasks\ArcadeFrontier.job => C:\Users\Anthony\AppData\Local\ArcadeFrontier\veragent.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627868057-3445255397-3797218724-1001Core.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627868057-3445255397-3797218724-1001UA.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-10-03 14:43 - 2013-10-02 22:03 - 04055504 _____ () C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll

2013-10-03 14:43 - 2013-10-02 22:03 - 00415184 _____ () C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll

2013-10-03 14:43 - 2013-10-02 22:02 - 01604560 _____ () C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll

2013-10-03 14:43 - 2013-10-02 22:02 - 00698832 _____ () C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll

2013-10-03 14:43 - 2013-10-02 22:02 - 00099792 _____ () C:\Users\Anthony\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll

2012-05-04 18:29 - 2012-05-04 18:29 - 00015760 _____ () C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:F2721624

AlternateDataStreams: C:\Users\Anthony\Desktop\One Direction- Red Nose (Charity Song) - Emotional Tribute.mp3:TOC.WMV

AlternateDataStreams: C:\Users\Anthony\Desktop\vet 1.mp4:TOC.WMV

AlternateDataStreams: C:\Users\Anthony\Desktop\vet 2.mp4:TOC.WMV

AlternateDataStreams: C:\Users\Anthony\Desktop\vet 3.mp4:TOC.WMV

AlternateDataStreams: C:\Users\Anthony\Desktop\wheels.mp4:TOC.WMV

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/22/2013 09:09:55 AM) (Source: Application Hang) (User: )

Description: The program TWCApp.exe version 7.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 16b0

Start Time: 01ceff3219680c56

Termination Time: 67

 

Error: (12/22/2013 08:25:47 AM) (Source: CltMngSvc) (User: )

Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

 

Error: (12/22/2013 08:25:14 AM) (Source: CltMngSvc) (User: )

Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

 

Error: (12/22/2013 02:54:49 AM) (Source: Application Error) (User: )

Description: Faulting application MOVIEMK.exe, version 6.0.6002.18273, time stamp 0x4c1a4a61, faulting module ffmpeg.dll, version 0.0.0.0, time stamp 0x52af79f0, exception code 0x40000015, fault offset 0x00027d0f,

process id 0x958, application start time 0xMOVIEMK.exe0.

 

Error: (12/22/2013 02:22:49 AM) (Source: Application Error) (User: )

Description: Faulting application MOVIEMK.exe, version 6.0.6002.18273, time stamp 0x4c1a4a61, faulting module ffmpeg.dll, version 0.0.0.0, time stamp 0x52af79f0, exception code 0x40000015, fault offset 0x00027d0f,

process id 0x13c0, application start time 0xMOVIEMK.exe0.

 

Error: (12/22/2013 00:35:30 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/22/2013 00:35:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/22/2013 00:35:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/22/2013 00:35:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/22/2013 00:35:27 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

System errors:

=============

Error: (12/22/2013 08:23:08 AM) (Source: Service Control Manager) (User: )

Description: OutfoxTvService

 

Error: (12/22/2013 08:22:43 AM) (Source: Service Control Manager) (User: )

Description: OutfoxTvService

 

Error: (12/22/2013 00:36:27 AM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80070424

 

Error: (12/22/2013 00:36:27 AM) (Source: Service Control Manager) (User: )

Description: NVIDIA Update Service Daemon%%1069

 

Error: (12/22/2013 00:36:27 AM) (Source: Service Control Manager) (User: )

Description: nvUpdatusService.\UpdatusUser%%1330

 

Error: (12/22/2013 00:36:15 AM) (Source: DCOM) (User: )

Description: {28DD3979-0566-4ED3-9B14-1548B3187491}

 

Error: (12/22/2013 00:35:08 AM) (Source: Service Control Manager) (User: )

Description: Windows Firewall Control1

 

Error: (12/22/2013 00:35:08 AM) (Source: Service Control Manager) (User: )

Description: 30000wfcs

 

Error: (12/22/2013 00:35:08 AM) (Source: Service Control Manager) (User: )

Description: i8042prt

 

Error: (12/22/2013 00:35:08 AM) (Source: Service Control Manager) (User: )

Description: IKE and AuthIP IPsec Keying ModulesBFE

 

 

Microsoft Office Sessions:

=========================

Error: (09/22/2010 07:24:21 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-11-28 04:48:23.228

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:22.766

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:22.281

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:21.810

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:21.335

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:20.869

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:20.329

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:19.865

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:19.376

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-28 04:48:18.913

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 55%

Total physical RAM: 2941.76 MB

Available physical RAM: 1305.3 MB

Total Pagefile: 6099.98 MB

Available Pagefile: 3999.78 MB

Total Virtual: 2047.88 MB

Available Virtual: 1934.08 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:288.09 GB) (Free:138.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Removable) (Total:3.74 GB) (Free:0.86 GB) FAT32

Drive k: (es-419_L3) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 5C4455CC)

Partition 1: (Not Active) - (Size=10 GB) - (Type=27)

Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00198ED8)

Partition 1: (Active) - (Size=4 GB) - (Type=0B)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2013 01

Ran by Anthony at 2013-12-22 10:50:11 Run:1

Running from C:\Users\Anthony\Desktop\farbar recovery

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

HKCU\...\Run: [Google Update*] - [x] 

U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\   \...\???\{0fe012a7-5b9a-258f-298f-d41e79b29c85}\GoogleUpdate.exe" 

C:\Users\Anthony\AppData\Local\Google\Desktop\Install

C:\Program Files\Google\Desktop\Install

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.

*etadpug => Service deleted successfully.

 

"C:\Users\Anthony\AppData\Local\Google\Desktop\Install" directory move:

 

Could not move "C:\Users\Anthony\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot.

 

 

"C:\Program Files\Google\Desktop\Install" directory move:

 

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

 

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-22 10:57:43)<=

 

C:\Users\Anthony\AppData\Local\Google\Desktop\Install => Is moved successfully.

C:\Program Files\Google\Desktop\Install => Is moved successfully.

 

==== End of Fixlog ====

mbar-log-2013-12-22 (11-04-18).txt

system-log.txt

Link to post
Share on other sites

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Anthony [Admin rights]

Mode : Scan -- Date : 12/22/2013 12:01:16

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] cltmng.exe -- C:\Users\Anthony\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Anthony\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=; [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 3 ¤¤¤

[V1][sUSP PATH] ArcadeFrontier.job : C:\Users\Anthony\AppData\Local\ArcadeFrontier\veragent.exe [7] -> FOUND

[V2][sUSP PATH] ArcadeFrontier : C:\Users\Anthony\AppData\Local\ArcadeFrontier\veragent.exe [7] -> FOUND

[V2][sUSP PATH] OpenCandyHelperRunOnce : RunDll32.exe - "C:\Users\Anthony\AppData\Roaming\OpenCandy\FDC9EF2A0B16472BA1AA1976C6D224E5\OCBrowserHelper_1.0.3.85.dll",_OCRestartDll@16 [x][x][x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST332081 3AS SCSI Disk Device +++++

--- User ---

[MBR] 7c62f2a288d62a2c5dfe4f7edaf6f17c

[bSP] d89474759e1c94dcaf25da340284b493 : Acer MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 295003 Mo

User = LL1 ... OK!

Error reading LL2 MBR! ([0x1] Incorrect function. )

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic Flash Disk USB Device +++++

--- User ---

[MBR] 3e9e26911753fb661aa60015311871f8

[bSP] 190fcf2c94255f75694d1d95d48624a3 : Empty MBR Code

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 64 | Size: 3839 Mo

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_12222013_120116.txt >>

RKreport[0]_S_12222013_095915.txt
Link to post
Share on other sites

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-12-21.01 - Anthony 12/22/2013  12:21:57.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1607 [GMT -8:00]

Running from: c:\users\Anthony\Desktop\ComboFix.exe

AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}

SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\program files\Complitly

c:\program files\Complitly\chrome\ComplitlyChrome.crx

c:\program files\Complitly\FireFoxExtension.exe

c:\program files\Complitly\InstTracker.exe

c:\program files\Complitly\support@Complitly.com\chrome.manifest

c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png

c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul

c:\program files\Complitly\support@Complitly.com\chrome\content\options.js

c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul

c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js

c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js

c:\program files\Complitly\support@Complitly.com\install.rdf

c:\program files\Complitly\unins000.dat

c:\program files\Complitly\unins000.exe

c:\program files\FunWebProducts

c:\program files\HeadlineAlley_29EI

c:\program files\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll

c:\program files\HeadlineAlley_29EI\Installr\1.bin\29EZSETP.dll

c:\program files\HeadlineAlley_29EI\Installr\1.bin\NP29EISb.dll

c:\program files\kikin

c:\program files\kikin\default_settings.xml

c:\program files\kikin\file_list.txt

c:\program files\kikin\ie_kikin.dll

c:\program files\kikin\KikinBroker.exe

c:\program files\kikin\KikinCrashReporter.exe

c:\program files\kikin\uninst.exe

c:\program files\My.Freeze.com Toolbar\NeTAssistant.dll

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\users\Anthony\AppData\Local\ArcadeFrontier\ArCAdefrontier.dll

c:\users\Anthony\AppData\Roaming\alot

c:\users\Anthony\AppData\Roaming\kikin

c:\users\Anthony\AppData\Roaming\kikin\ie_configuration.xml

c:\users\Anthony\AppData\Roaming\kikin\ie_kkes.xml

c:\users\Anthony\AppData\Roaming\kikin\ie_settings.xml

c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\searchplugins\search.xml

c:\users\Anthony\AppData\Roaming\SearchProtect

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\ChromeModule.dll

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\cltmng.exe

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\rep.dat

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\SPHook32.dll

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\SPHook64.dll

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\SPRunner.exe

c:\users\Anthony\AppData\Roaming\SearchProtect\bin\SPTool64.exe

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css

c:\users\Anthony\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\abstraction.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\application.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul

c:\users\Anthony\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN

c:\users\Anthony\AppData\Roaming\vso_ts_preview.xml

c:\users\Anthony\Desktop\Setup.exe

c:\users\jdmcivic\AppData\Local\._Revolution_

c:\users\jdmcivic\AppData\Roaming\kikin

c:\users\jdmcivic\AppData\Roaming\kikin\cr_kkes.xml

c:\users\jdmcivic\AppData\Roaming\kikin\ff_configuration.xml

c:\users\jdmcivic\AppData\Roaming\kikin\ff_kkes.xml

c:\users\jdmcivic\AppData\Roaming\kikin\ff_settings.xml

c:\users\jdmcivic\AppData\Roaming\kikin\ie_configuration.xml

c:\users\jdmcivic\AppData\Roaming\kikin\ie_kkes.xml

c:\users\jdmcivic\AppData\Roaming\kikin\ie_settings.xml

c:\users\jdmcivic\Desktop\Setup.exe

c:\windows\PFRO.log

c:\windows\system32\SET2789.tmp

c:\windows\system32\winservice.exe

c:\windows\Update.bat

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_SCM_Service

.

.

(((((((((((((((((((((((((   Files Created from 2013-11-22 to 2013-12-22  )))))))))))))))))))))))))))))))

.

.

2013-12-22 20:59 . 2013-12-22 20:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-22 20:59 . 2013-12-22 20:59 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2013-12-22 20:59 . 2013-12-22 20:59 -------- d-----w- c:\users\jdmcivic\AppData\Local\temp

2013-12-22 20:59 . 2013-12-22 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-22 19:02 . 2013-12-22 19:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-12-22 19:02 . 2013-12-22 19:04 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2013-12-22 19:02 . 2013-12-22 19:02 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-12-22 18:11 . 2013-12-22 18:57 -------- d-----w- C:\FRST

2013-12-22 17:31 . 2013-12-22 17:31 -------- d-----w- c:\programdata\Oracle

2013-12-22 17:30 . 2013-12-22 17:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-12-22 17:28 . 2013-12-22 17:28 -------- d-----w- c:\programdata\McAfee

2013-12-22 16:25 . 2013-12-22 16:25 -------- d-----w- c:\program files\SearchFlyBar2

2013-12-22 16:25 . 2013-12-22 16:25 -------- d-----w- c:\users\Anthony\AppData\Local\NativeMessaging

2013-12-22 16:24 . 2013-12-22 18:54 -------- d-----w- c:\program files\MyPC Backup

2013-12-22 16:24 . 2013-12-22 16:24 -------- d-----w- c:\users\Anthony\AppData\Roaming\Oberon Media

2013-12-22 16:24 . 2013-12-22 16:24 -------- d-----w- c:\program files\Oberon Media SIDR

2013-12-22 16:24 . 2013-12-22 16:24 -------- d-----w- c:\program files\SearchProtect

2013-12-22 16:24 . 2013-12-22 16:24 -------- d-----w- c:\program files\Common Files\Oberon Media

2013-12-22 16:23 . 2013-12-22 16:24 -------- d-----w- c:\programdata\Oberon Media

2013-12-22 16:22 . 2013-12-22 16:22 -------- d-----w- c:\program files\The Weather Channel

2013-12-22 16:22 . 2013-12-22 16:22 -------- d-----w- c:\program files\OutfoxTV

2013-12-22 16:22 . 2013-12-22 16:22 -------- d-----w- c:\users\Anthony\AppData\Local\The Weather Channel

2013-12-22 16:22 . 2013-12-22 16:22 -------- d-----w- c:\users\Anthony\AppData\Roaming\OpenCandy

2013-12-22 16:21 . 2013-12-22 20:58 -------- d-----w- c:\users\Anthony\AppData\Local\ArcadeFrontier

2013-12-22 14:06 . 2013-12-22 14:06 -------- d-----w- c:\users\Anthony\AppData\Roaming\MPC-HC

2013-12-22 09:42 . 2013-12-01 13:10 218200 ----a-w- c:\windows\system32\unrar.dll

2013-12-22 09:42 . 2013-12-22 09:42 -------- d-----w- c:\program files\K-Lite Codec Pack

2013-12-22 06:21 . 2013-12-22 06:21 -------- d-----w- C:\fastboot

2013-12-22 06:19 . 2013-12-22 06:19 -------- d-----w- c:\program files\DIFX

2013-12-22 05:55 . 2013-12-22 06:01 -------- d-----w- c:\program files\HTC

2013-12-22 05:55 . 2013-12-22 05:55 -------- d-----w- c:\program files\Spirent Communications

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-22 20:01 . 2013-12-22 17:58 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 15872 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 17976 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 34944 ----a-w- c:\windows\system32\drivers\winusb.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 288768 ----a-w- c:\windows\system32\drivers\wg111v2.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 22072 ----a-w- c:\windows\system32\drivers\wd.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 62464 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 47744 ----a-w- c:\windows\system32\drivers\vserial.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 20608 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 130616 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 15264 ----a-w- c:\windows\system32\drivers\vsb.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 55664 ----a-w- c:\windows\system32\drivers\vmx86.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 25584 ----a-w- c:\windows\system32\drivers\VMkbd.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 98928 ----a-w- c:\windows\system32\drivers\vmci.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 20024 ----a-w- c:\windows\system32\drivers\viaide.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 110080 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 41472 ----a-w- c:\windows\system32\drivers\viac7.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 65536 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak

2013-12-22 20:01 . 2013-12-22 17:58 56888 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak

2013-12-22 20:01 . 2013-12-22 17:58 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 226304 ----a-w- c:\windows\system32\drivers\usbport.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 68608 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak

2013-12-22 20:01 . 2013-12-22 17:58 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 7680 ----a-w- c:\windows\system32\drivers\umpass.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 34816 ----a-w- c:\windows\system32\drivers\umbus.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 115816 ----a-w- c:\windows\system32\drivers\ulsata2.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 98408 ----a-w- c:\windows\system32\drivers\ulsata.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 60984 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak

2013-12-22 20:00 . 2013-12-22 17:58 238648 ----a-w- c:\windows\system32\drivers\uliahci.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 59448 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak

2013-12-22 20:00 . 2013-12-22 17:58 226816 ----a-w- c:\windows\system32\drivers\udfs.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS.bak

2013-12-22 20:00 . 2013-12-22 17:58 72192 ----a-w- c:\windows\system32\drivers\tdx.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 53224 ----a-w- c:\windows\system32\drivers\termdd.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 29184 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 35944 ----a-w- c:\windows\system32\drivers\symc8xx.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 34920 ----a-w- c:\windows\system32\drivers\sym_u3.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 31848 ----a-w- c:\windows\system32\drivers\sym_hi.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 15288 ----a-w- c:\windows\system32\drivers\swenum.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 52992 ----a-w- c:\windows\system32\drivers\stream.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 180672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 122344 ----a-w- c:\windows\system32\drivers\Storport.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 66112 ----a-w- c:\windows\system32\drivers\ssudbus.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 110280 ----a-w- c:\windows\system32\drivers\sscdserd.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 114152 ----a-w- c:\windows\system32\drivers\ssadserd.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 305152 ----a-w- c:\windows\system32\drivers\srv.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 146432 ----a-w- c:\windows\system32\drivers\srv2.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 684032 ----a-w- c:\windows\system32\drivers\spsys.sys.bak

2013-12-22 20:00 . 2013-12-22 17:58 66560 ----a-w- c:\windows\system32\drivers\smb.sys.bak

2012-05-04 19:03 . 2012-04-28 11:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

"{efc335aa-59ec-45b0-b287-739521153d5b}"= "c:\program files\SearchFlyBar2\prxtbSear.dll" [2013-11-06 226592]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_CLASSES_ROOT\clsid\{efc335aa-59ec-45b0-b287-739521153d5b}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{efc335aa-59ec-45b0-b287-739521153d5b}]

2013-11-06 16:53 226592 ----a-w- c:\program files\SearchFlyBar2\prxtbSear.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

"{efc335aa-59ec-45b0-b287-739521153d5b}"= "c:\program files\SearchFlyBar2\prxtbSear.dll" [2013-11-06 226592]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_CLASSES_ROOT\clsid\{efc335aa-59ec-45b0-b287-739521153d5b}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

"{EFC335AA-59EC-45B0-B287-739521153D5B}"= "c:\program files\SearchFlyBar2\prxtbSear.dll" [2013-11-06 226592]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_CLASSES_ROOT\clsid\{efc335aa-59ec-45b0-b287-739521153d5b}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]

"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-10-11 2327248]

"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-09-22 3470624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-9-19 1953320]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-10-11 49360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk

backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA1100 Smart Wizard.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk

backup=c:\windows\pss\NETGEAR WNA1100 Smart Wizard.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA4100 Genie.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk

backup=c:\windows\pss\NETGEAR WNDA4100 Genie.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Anthony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer]

/C [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]

2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-07-23 18:25 6183456 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2008-07-23 18:29 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-07-02 17:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2012-05-07 10:04 890224 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

2007-05-31 16:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiSpywareOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ   wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ   WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

bthsvcs REG_MULTI_SZ   BthServ

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-22 c:\windows\Tasks\ArcadeFrontier.job

- c:\users\Anthony\AppData\Local\ArcadeFrontier\veragent.exe [2013-12-11 13:33]

.

.

------- Supplementary Scan -------

.



uInternet Settings,ProxyServer = http=;ftp=;https=;


IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\


FF - prefs.js: browser.search.selectedEngine - SearchFlyBar2 Customized Web Search



FF - ExtSQL: !HIDDEN! 2009-09-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: extensions.BabylonToolbar_i.id - a230e07b000000000000001cdfa12a8a

FF - user.js: extensions.BabylonToolbar_i.hardId - a230e07b000000000000001cdfa12a8a

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.incredibar_i.newTab - false


FF - user.js: extensions.incredibar_i.id - a230e07b000000000000001cdf0e69d5

FF - user.js: extensions.incredibar_i.instlDay - 15460

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:05

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef - 

FF - user.js: extensions.incredibar_i.dfltLng - 

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id - 

FF - user.js: extensions.incredibar_i.upn2 - 6R8rrNIR91

FF - user.js: extensions.incredibar_i.upn2n - 92824276867108883

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 453

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=010812_906_cln_3112_1

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com


FF - user.js: extensions.BabylonToolbar.id - a230e07b000000000000000c55f8df91

FF - user.js: extensions.BabylonToolbar.instlDay - 15555

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.119:51

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

HKCU-Run-SearchProtect - c:\users\Anthony\AppData\Roaming\SearchProtect\bin\cltmng.exe

HKLM-Run-eRecoveryService - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exe

MSConfigStartUp-Overwolf - c:\program files\Overwolf\Overwolf.exe

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe

AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files\kikin\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-12-22 13:19

Windows 6.0.6002 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight]

"ImagePath"="\??\"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(784)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'Explorer.exe'(5852)

c:\windows\system32\guard32.dll

c:\windows\system32\OneX.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\COMODO\launcher_service.exe

c:\windows\system32\nvvsvc.exe

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\System32\wltrysvc.exe

c:\windows\System32\bcmwltry.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\MyPC Backup\BackupStack.exe

c:\program files\SearchProtect\bin\CltMngSvc.exe

c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

c:\program files\iolo\Common\Lib\ioloServiceManager.exe

c:\program files\LogMeIn\x86\LMIGuardianSvc.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\OutfoxTV\OutfoxTvService.exe

c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe

c:\program files\NETGEAR\WNDA4100\Service\RaRegistry.exe

c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe

c:\program files\VMware\VMware Player\vmware-authd.exe

c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe

c:\windows\system32\vmnat.exe

c:\program files\Windows Firewall Control\wfcs.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\NETGEAR\WNA1100\WifiSvc.exe

c:\windows\system32\vmnetdhcp.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\System32\WUDFHost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2013-12-22  13:27:38 - machine was rebooted

ComboFix-quarantined-files.txt  2013-12-22 21:27

.

Pre-Run: 166,163,599,360 bytes free

Post-Run: 166,790,090,752 bytes free

.

- - End Of File - - D227CBCD64883A9DED41A25BC013B094

8C9F9E03865C35F0F3829A23CDA42F5D

 

ComboFix.txt

Link to post
Share on other sites

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.015 - Report created 22/12/2013 at 14:05:48

# Updated 10/12/2013 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Anthony - JDMCIVIC-PC

# Running from : C:\Users\Anthony\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : BackupStack

Service Deleted : CltMngSvc

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\Program Files\1ClickDownload

Folder Deleted : C:\Program Files\BabylonToolbar

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Fast Free Converter

Folder Deleted : C:\Program Files\File Type Helper

Folder Deleted : C:\Program Files\Free Offers from Freeze.com

Folder Deleted : C:\Program Files\Freeze.com

Folder Deleted : C:\Program Files\internethelper3.1

Folder Deleted : C:\Program Files\MyPC Backup

Folder Deleted : C:\Program Files\Searchprotect

Folder Deleted : C:\Program Files\SearchFlyBar2

Folder Deleted : C:\Program Files\uTorrentControl2

Folder Deleted : C:\Users\jdmcivic\AppData\Local\OpenCandy

Folder Deleted : C:\Users\jdmcivic\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\jdmcivic\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\jdmcivic\AppData\LocalLow\Fast Free Converter

Folder Deleted : C:\Users\jdmcivic\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\jdmcivic\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\jdmcivic\AppData\LocalLow\uTorrentControl2

Folder Deleted : C:\Users\jdmcivic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freeze.com

Folder Deleted : C:\Users\Anthony\AppData\Local\Conduit

Folder Deleted : C:\Users\Anthony\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\Fast Free Converter

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\internethelper3.1

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\SearchFlyBar2

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\uTorrentControl2

Folder Deleted : C:\Users\Anthony\AppData\Roaming\BabylonToolbar

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Complitly

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Media Finder

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Users\Anthony\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\ConduitCommon

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\CT3289663

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\CT3072253

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\CT3292715

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}

Folder Deleted : C:\Users\jdmcivic\AppData\Roaming\Mozilla\Firefox\Profiles\i5rernfj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Folder Deleted : C:\Users\jdmcivic\AppData\Roaming\Mozilla\Firefox\Profiles\i5rernfj.default\Extensions\{AA994882-F391-4D2E-806F-8908DA4814ED}

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\ffxtlbr@incredibar.com

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\OneClickDownload@OneClickDownload.com

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\{efc335aa-59ec-45b0-b287-739521153d5b}

File Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\Extensions\addon@defaulttab.com.xpi

File Deleted : C:\Users\Anthony\AppData\Roaming\BabMaint.exe

File Deleted : C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

File Deleted : C:\Users\Anthony\Desktop\MyPC Backup.lnk

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

File Deleted : C:\Program Files\Mozilla Firefox\nsprotector.js

File Deleted : C:\Users\jdmcivic\AppData\Roaming\Mozilla\Firefox\Profiles\i5rernfj.default\searchplugins\Askcom.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml

File Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\searchplugins\MyStart Search.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml

File Deleted : C:\Users\jdmcivic\AppData\Roaming\Mozilla\Firefox\Profiles\i5rernfj.default\user.js

File Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\user.js

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage

File Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKCU\Software\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999A567B-DA9A-4682-9137-54C39F9577B6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292715

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EFC335AA-59EC-45B0-B287-739521153D5B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B660A209-68A4-4CCF-B8B7-950A8F9B18E2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFC335AA-59EC-45B0-B287-739521153D5B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFC335AA-59EC-45B0-B287-739521153D5B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B660A209-68A4-4CCF-B8B7-950A8F9B18E2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFC335AA-59EC-45B0-B287-739521153D5B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B660A209-68A4-4CCF-B8B7-950A8F9B18E2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25AF9769-5E62-4B17-A0D0-6EB403BFFF08}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AB1E24B-618B-4A40-8472-9E35768101C3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B624FA6D-9ABC-4A41-8E09-89E828009479}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2A1A27E-09C5-420F-B255-6374D1EDED78}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EFC335AA-59EC-45B0-B287-739521153D5B}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EFC335AA-59EC-45B0-B287-739521153D5B}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EFC335AA-59EC-45B0-B287-739521153D5B}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EFC335AA-59EC-45B0-B287-739521153D5B}]

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\MediaFinder

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\alot

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\SearchFlyBar2

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\SimplyGen

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\Software\SearchFlyBar2

Key Deleted : HKLM\Software\uTorrentControl2

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16506

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v12.0 (en-GB)

 

[ File : C:\Users\jdmcivic\AppData\Roaming\Mozilla\Firefox\Profiles\i5rernfj.default\prefs.js ]

 

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Line Deleted : user_pref("browser.search.order.1", "Ask.com");


Line Deleted : user_pref("extensions.asktb.cbid", "FM");

Line Deleted : user_pref("extensions.asktb.config-updated", false);

Line Deleted : user_pref("extensions.asktb.crumb", "2010.11.25+09.27.06-toolbar004iad-US-TG9zIEFuZ2VsZXMsQ0EsVW5pdGVkIFN0YXRlcw%3D%3D");


Line Deleted : user_pref("extensions.asktb.dtid", "TES002A6US");

Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);




Line Deleted : user_pref("extensions.asktb.l", "dis");

Line Deleted : user_pref("extensions.asktb.last-config-req", "1334581887336");

Line Deleted : user_pref("extensions.asktb.locale", "en_US");

Line Deleted : user_pref("extensions.asktb.o", "14193");

Line Deleted : user_pref("extensions.asktb.qsrc", "2871");


Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);

Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);

Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

Line Deleted : user_pref("extensions.enabledAddons", "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,toolbar@ask.com:3.14.1.20007,{972ce4c6-7e08-4474-a285-3208198ce6fd}:12.0");

Line Deleted : user_pref("extensions.enabledItems", "{52EF0988-5232-4465-86E7-6434B5891030}:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{CAFEEFAC-0016[...]


 

[ File : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ick1ubuu.default\prefs.js ]

 

Line Deleted : user_pref("CT3072253..clientLogIsEnabled", false);



Line Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);


Line Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Fri Apr 27 2012 07:36:24 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);

Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);

Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);

Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);

Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);

Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);

Line Deleted : user_pref("CT3072253.CTID", "CT3072253");

Line Deleted : user_pref("CT3072253.CurrentServerDate", "29-9-2013");

Line Deleted : user_pref("CT3072253.DSInstall", false);

Line Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Sep 28 2013 15:36:08 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");

Line Deleted : user_pref("CT3072253.FirstServerDate", "31-3-2012");

Line Deleted : user_pref("CT3072253.FirstTime", true);

Line Deleted : user_pref("CT3072253.FirstTimeFF3", true);

Line Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);

Line Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);


Line Deleted : user_pref("CT3072253.HPInstall", false);

Line Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);

Line Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);


Line Deleted : user_pref("CT3072253.Initialize", true);

Line Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);

Line Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");

Line Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");

Line Deleted : user_pref("CT3072253.InstalledDate", "Sat Mar 31 2012 09:53:13 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);

Line Deleted : user_pref("CT3072253.IsGrouping", false);

Line Deleted : user_pref("CT3072253.IsInitSetupIni", true);

Line Deleted : user_pref("CT3072253.IsMulticommunity", false);

Line Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);

Line Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);

Line Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Sep 28 2013 15:36:08 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);


Line Deleted : user_pref("CT3072253.LastLogin_3.10.0.1", "Sun Apr 29 2012 10:26:29 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Wed Jun 20 2012 02:22:17 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Sat Jul 28 2012 14:07:29 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Sat Sep 28 2013 15:36:08 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.LatestVersion", "3.20.0.4");

Line Deleted : user_pref("CT3072253.Locale", "en");

Line Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");


Line Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);

Line Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.10.0.1");

Line Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 1);

Line Deleted : user_pref("CT3072253.SearchBoxWidth", 100);

Line Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");

Line Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Search the web (Babylon)");

Line Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);


Line Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Sep 28 2013 15:36:07 GMT-0700 (Pacific Daylight Time)");


Line Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);

Line Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);

Line Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);

Line Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Sep 28 2013 15:36:07 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sat Sep 28 2013 15:36:06 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.SettingsLastUpdate", "1380355962");


Line Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Sep 28 2013 15:36:06 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");

Line Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);


Line Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]

Line Deleted : user_pref("CT3072253.UserID", "UN34214875215389041");

Line Deleted : user_pref("CT3072253.ValidationData_Search", 2);

Line Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);

Line Deleted : user_pref("CT3072253.alertChannelId", "1463702");

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B665[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D69726F746E6F6F71");

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74736F78757A74757577242F4B49474F42357D5D5C3D");

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");

Line Deleted : user_pref("CT3072253.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]

Line Deleted : user_pref("CT3072253.backendstorage./9b-0?3g>d", "3C6E696E736F706E7A764773782079787C4F254E2253202A5357245658575C5B2E2C292F");

Line Deleted : user_pref("CT3072253.backendstorage./9b-0?3g@6:5;", "");

Line Deleted : user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Line Deleted : user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");

Line Deleted : user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Line Deleted : user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");

Line Deleted : user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3C6E3E696B4172757A4473784573497879204F507C");

Line Deleted : user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D69726F746E6E7778707778");

Line Deleted : user_pref("CT3072253.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");

Line Deleted : user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");

Line Deleted : user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");

Line Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");

Line Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F76746C7975702A7879727A78757E7A");

Line Deleted : user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");

Line Deleted : user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");

Line Deleted : user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");

Line Deleted : user_pref("CT3072253.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");

Line Deleted : user_pref("CT3072253.backendstorage.acp_personal.appstate", "656E61626C65");

Line Deleted : user_pref("CT3072253.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313338303430373737392C2275756964223A3639393531353434363038393137362C227365715F6964223A312C22737362223A313338303430373737397D");

Line Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");

Line Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "536174204D617220333120323031322030393A35333A343220474D542D30373030202850616369666963204461796C696768742054696D6529");

Line Deleted : user_pref("CT3072253.backendstorage.facebbok_user_cuid_100001893110698", "64336161303030312D383135302D356166332D303030302D303030303030303030303030");

Line Deleted : user_pref("CT3072253.backendstorage.facebbok_user_id", "313030303031383933313130363938");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_conduit_social_sskey_100001893110698", "337955435F2D72446B71424B474C304E34465264644436586554382E51324B4F314B366153364569");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_ctid_connect_send_n", "73656E646564");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_first_visit", "6E6F744669727374");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_last_message_choice", "616C6C");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_loggedin", "796573");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_login_refresh", "302E38353339313038383531373330373734");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_login_status", "33");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_lust_recieve", "31313531313137342C31313530383637312C");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_lust_recievegadet", "31313531313137342C31313530383637312C");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_mode", "32");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_toolbar_not_numer", "32");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_user_locale", "656E");

Line Deleted : user_pref("CT3072253.backendstorage.facebook_user_name", "3078303034312C3078303036452C3078303037342C3078303036382C3078303036462C3078303036452C3078303037392C3078303032302C3078303034322C3078303036462C30[...]

Line Deleted : user_pref("CT3072253.backendstorage.facebook_user_token", "41414141414D4E753949536742414C626B53425261574A73444942423045466856755A437266645A4365514250575A416B355A4261395243734F6B4D70794F49466E3072714E7[...]

Line Deleted : user_pref("CT3072253.backendstorage.facebooknotifications", "31");


Line Deleted : user_pref("CT3072253.backendstorage.last_client_stats_submit_2", "31333830343037373832");

Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_last_submit_6", "31333830343037373936");

Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_irrelevant", "31");

Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant", "31333830343037373936");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "74727565");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_acplus", "6F6E");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_easytobook", "6F6E");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_find-a-pro", "6F6E");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_windowshopper", "6F6E");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333830343037373739333730");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_calledsetupservice", "31");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A224143706C7573222C22637269746572696173223A5B7B2263726974657269614964223A2232353939653539352D[...]

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E31302E342E30");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_existingusersrecoverydone", "31");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333830343037373736373831");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_mamenabled", "74727565");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_new_welcome_experience", "31");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238335F30222C22697354657374223[...]

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "66616C7365");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_user_approval_interacted", "31");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_userid", "63663236346231632D356661382D343862322D613737372D653961626165303965326534");

Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_welcomedialogmode", "31");

Line Deleted : user_pref("CT3072253.backendstorage.pg_enable", "74727565");

Line Deleted : user_pref("CT3072253.backendstorage.searchappstate", "32");

Line Deleted : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");

Line Deleted : user_pref("CT3072253.backendstorage.sf_just_installed", "46414C5345");

Line Deleted : user_pref("CT3072253.backendstorage.sf_status", "454E41424C4544");

Line Deleted : user_pref("CT3072253.backendstorage.sf_user_id", "6369645F3238393230313331353336323137343537393638");

Line Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7468657069726174656261792E73652F7365617263682F66727569742532306E696E6A612F302F372F303A3A3A636C69636B68616E646C65723A3A3A31333336333[...]

Line Deleted : user_pref("CT3072253.components.129573915102477663", false);

Line Deleted : user_pref("CT3072253.components.129749445881800338", false);


Line Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Sep 28 2013 15:36:10 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);

Line Deleted : user_pref("CT3072253.initDone", true);

Line Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);

Line Deleted : user_pref("CT3072253.myStuffEnabled", true);

Line Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);


Line Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);


Line Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);

Line Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129805375651312503,129749445881800338,129573915102477663,1000080,1000515,1000,1001,1002,1003,1004,1005,[...]

Line Deleted : user_pref("CT3072253.revertSettingsEnabled", false);

Line Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);

Line Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);

Line Deleted : user_pref("CT3072253.testingCtid", "");

Line Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Sep 28 2013 15:36:08 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Sat Sep 28 2013 15:36:08 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3072253.usagesFlag", 2);

Line Deleted : user_pref("CT3292715.FF19Solved", "true");

Line Deleted : user_pref("CT3292715.UserID", "UN31068481962023119");

Line Deleted : user_pref("CT3292715.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3292715.fullUserID", "UN31068481962023119.IN.20131222082255");

Line Deleted : user_pref("CT3292715.installDate", "22/12/2013 08:23:17");

Line Deleted : user_pref("CT3292715.installSessionId", "{F8EBE406-8E86-4E7C-8627-5F73C6F79281}");

Line Deleted : user_pref("CT3292715.installSp", "TRUE");

Line Deleted : user_pref("CT3292715.installerVersion", "1.8.1.4");

Line Deleted : user_pref("CT3292715.keyword", "true");



Line Deleted : user_pref("CT3292715.originalSearchEngine", "Ask.com");

Line Deleted : user_pref("CT3292715.originalSearchEngineName", "Ask.com");

Line Deleted : user_pref("CT3292715.searchRevert", "true");

Line Deleted : user_pref("CT3292715.searchUninstallUserMode", "2");

Line Deleted : user_pref("CT3292715.searchUserMode", "2");

Line Deleted : user_pref("CT3292715.smartbar.homepage", "true");

Line Deleted : user_pref("CT3292715.toolbarInstallDate", "22-12-2013 08:22:59");

Line Deleted : user_pref("CT3292715.versionFromInstaller", "10.23.0.722");

Line Deleted : user_pref("CT3292715.xpeMode", "0");

























Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");


Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");

Line Deleted : user_pref("CommunityToolbar.globalUserId", "ffb45019-76a7-478b-b789-8586c8ed5c0b");

Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");

Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 28 2013 15:36:11 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 28 2013 15:36:18 GMT-0700 (Pacific Daylight Time)");


Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 28 2013 15:36:10 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);


Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Line Deleted : user_pref("CommunityToolbar.notifications.userId", "0d02c0ee-e521-4358-abe0-634f0b072926");


Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");


Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Line Deleted : user_pref("browser.search.defaultenginename", "SearchFlyBar2 Customized Web Search");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "SearchFlyBar2 Customized Web Search");


Line Deleted : user_pref("browser.search.order.1", "Ask.com");

Line Deleted : user_pref("browser.search.selectedEngine", "SearchFlyBar2 Customized Web Search");


Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=114066&tt=010812_906_cln_3112_1");

Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 2);

Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");

Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "782FE553E36EF175255FB6C11D2B13C7");

Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);

Line Deleted : user_pref("extensions.BabylonToolbar.id", "a230e07b000000000000000c55f8df91");

Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15555");

Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");


Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 2);

Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.29.119:51:02");

Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");

Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);


Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 82524065);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");

Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");


Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.29.119:51:02");

Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114066&tt=010812_906_cln_3112_1");

Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "a230e07b000000000000001cdfa12a8a");

Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "a230e07b000000000000001cdfa12a8a");

Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15428");

Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Line Deleted : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");

Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.119:51:02");

Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");


Line Deleted : user_pref("extensions.enabledAddons", "{33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1,OneClickDownload@OneClickDownload.com:1.0,plugin@searchgby.com:0.9.60,{687578b9-7132-4a7a-80e4-30ee31099e03}:3.14.1.0,[...]

Line Deleted : user_pref("extensions.enabledItems", "{52EF0988-5232-4465-86E7-6434B5891030}:1.0,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19,{CAFEEFAC-0016-0000-0022-AB[...]

Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Line Deleted : user_pref("extensions.incredibar_i.did", "10643");

Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);

Line Deleted : user_pref("extensions.incredibar_i.id", "a230e07b000000000000001cdf0e69d5");

Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15460");

Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Line Deleted : user_pref("extensions.incredibar_i.newTab", false);

Line Deleted : user_pref("extensions.incredibar_i.ppd", "453");

Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Line Deleted : user_pref("extensions.incredibar_i.productid", "26");

Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");


Line Deleted : user_pref("extensions.incredibar_i.upn2", "6R8rrNIR91");

Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92824276867108883");

Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:05:25");

Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");


Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3292715");



Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3292715");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3292715");

Line Deleted : user_pref("smartbar.machineId", "3FOXLBTY90TPGGNXEIZF+N9RBYC1L38PVM6ZVI3O0QNOXPIZV4QTDWZJJNEF59PV2CZ9UZ++0RCFPJHVVC/FJW");


 

-\\ Google Chrome v

 

[ File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [63088 octets] - [22/12/2013 14:01:03]

AdwCleaner[s0].txt - [63111 octets] - [22/12/2013 14:05:48]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [63172 octets] ##########

 

 

 

 


Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.22.05

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Anthony :: JDMCIVIC-PC [administrator]

 

Protection: Disabled

 

12/22/2013 2:25:43 PM

mbam-log-2013-12-22 (14-25-43).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 286640

Time elapsed: 11 minute(s), 50 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

PC is noticeably faster and freezes up way less often. But it is still slow, and sometimes it doesn't want to start up. (i have to mess with it and press "Ctrl+Alt+Del" and start the task manager. That usually get's things going.) Internet work's off and on, and i know it's not the modem, i get perfect connectivity with my other devices. Let me see...., speaking of devices. My HTC One S (t-mobile) used to work with my comp, but now the computer doesn't even know i've plugged anything into it. There are a bunch of programs on my Desktop that i never downloaded. haha, I would love to get a good workday out of this Computer one of these days. lol. I appreciate your help. 

Link to post
Share on other sites

PC is noticeably faster and freezes up way less often. But it is still slow, and sometimes it doesn't want to start up. (i have to mess with it and press "Ctrl+Alt+Del" and start the task manager. That usually get's things going.)
Internet work's off and on, and i know it's not the modem, i get perfect connectivity with my other devices. Let me see...., speaking of devices. My HTC One S (t-mobile) used to work with my comp, but now the computer doesn't even know i've plugged anything into it.


There's only so much I can do, you computer was badly infected not only with malware but loaded with adware/spyware. I never saw such a big log as the one from AdwCleaner.
You're going to have to sort through these problems.

There are a bunch of programs on my Desktop that i never downloaded.
Please delete them

-------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Yeah? It was that bad, huh? Maaaan, that's what happens when your sisters 5-yo get's a hold of it for a few hours a day. Problems just creep up on you in the worst of times. Look at the mess on the Desktop. That's my sister, I'm not flipping you off. lol.

0a3c20dd-2f61-43f4-94be-95f178d7b8c0.jpg

 

 Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 6 Update 22  
 Java 7 Update 45  
 Java 6 Update 5  
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 10.2.152.32 Flash Player out of Date!  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox 12.0 Firefox out of Date!  
 Google Chrome 29.0.1547.76  
 Google Chrome 30.0.1599.69  
 Google Chrome Extensions...  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe 
 Windows Firewall Control wfcs.exe   
 iolo Common Lib ioloServiceManager.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
Man, i just got kicked offline 4 times before i got this post out! <---I can't live like this! 
Link to post
Share on other sites

There's lots of trouble shooting links for Vista and connection problems, give them a look:

http://lmgtfy.com/?q=repair+internet+connection+vista

------------------------------------------------------

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


-------------------------------------------

Please uninstall these from your add/remove programs:

JavaFX 2.1.1
Java™ 6 Update 22
Java™ 6 Update 5

Java 7 Update 45 <---this one is OK

--------------------------------------

Uninstall these from your add/remove programs:
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.2.152.32 Flash Player out of Date!


Go to the link below and get the latest version:
http://get.adobe.com/flashplayer/

 

-------------------------

Adobe Reader 8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).


Mozilla Firefox 12.0 Firefox out of Date! <----please check for an update .

---------------------------------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.