Hello Everyone,
Today November 13, 2013 I was working on my computer and everything was fin until I uninstalled Microsoft Office 2013 Professional Plus and rebooted. Once reboot Avast popup stating it has detected a rootkit. Somewhere in C:\ProgramFles if my memory serves me right. I deleted the rootkit Avast detected and did a boot scan. The scan turned up empty. Yet, I am still woried. That is why I am here. Here are the OTL.txt and Extras.txt
OTL logfile created on: 11/13/2013 10:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anna\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.47 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 57.29% Memory free
4.10 Gb Paging File | 1.82 Gb Available in Paging File | 44.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.00 Gb Total Space | 401.63 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.46 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
Drive G: | 232.83 Gb Total Space | 232.31 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
Computer Name: ANNAPERSONALPC | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE (Oracle Corporation)
PRC - c:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe (Oracle Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (TinyWall) -- C:\Program Files (x86)\TinyWall\TinyWall.exe (Károly Pados)
SRV - (HPConnectedRemote) -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPRegistrationSvc) -- c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe (Hewlett-Packard)
SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe (Oracle Corporation)
SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE (Oracle Corporation)
SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe ()
SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE (Oracle Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\WINDOWS\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{34DC9E98-373F-4B8E-9386-6AF33F502E3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{34DC9E98-373F-4B8E-9386-6AF33F502E3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1F1249A4-1DD1-4AA8-852A-B05F1216A713}
IE - HKCU\..\SearchScopes\{1F1249A4-1DD1-4AA8-852A-B05F1216A713}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
O1 HOSTS File: ([2013/07/08 07:35:00 | 000,567,880 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15455 more lines...
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [TinyWall Controller] C:\Program Files (x86)\TinyWall\TinyWall.exe (Károly Pados)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: devry.edu ([lab] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D606D-DF18-4FF0-A21C-F2A90B8C80DD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/08 09:59:46 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/13 22:16:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2013/11/13 20:50:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/13 14:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013/11/13 10:59:04 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\LibreOffice
[2013/11/12 16:04:01 | 003,395,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2013/11/12 16:03:58 | 006,639,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2013/11/12 16:03:56 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013/11/12 16:03:56 | 005,769,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2013/11/12 16:03:55 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013/11/12 16:03:54 | 004,104,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/11/12 16:03:53 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013/11/12 16:03:53 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/11/12 16:03:52 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013/11/12 16:03:52 | 001,231,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2013/11/12 16:03:52 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2013/11/12 16:03:51 | 002,328,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013/11/12 16:03:51 | 002,065,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2013/11/12 16:03:51 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2013/11/12 16:03:50 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/11/12 16:03:50 | 001,067,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2013/11/12 16:03:50 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2013/11/12 16:03:50 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2013/11/12 16:03:49 | 000,883,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2013/11/12 16:03:49 | 000,839,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/11/12 16:03:49 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/11/12 16:03:49 | 000,481,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2013/11/12 16:03:48 | 004,599,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2013/11/12 16:03:48 | 002,134,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2013/11/12 16:03:48 | 001,287,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/11/12 16:03:48 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2013/11/12 16:03:48 | 000,699,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10level9.dll
[2013/11/12 16:03:48 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/11/12 16:03:48 | 000,380,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2013/11/12 16:03:47 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013/11/12 16:03:47 | 001,373,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2013/11/12 16:03:47 | 001,011,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll
[2013/11/12 16:03:47 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2013/11/12 16:03:47 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/11/12 16:03:46 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013/11/12 16:03:46 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2013/11/12 16:03:46 | 000,708,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll
[2013/11/12 16:03:46 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2013/11/12 16:03:46 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2013/11/12 16:03:46 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll
[2013/11/12 16:03:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll
[2013/11/12 16:03:45 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[2013/11/12 16:03:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2013/11/12 16:03:45 | 000,558,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2013/11/12 16:03:45 | 000,518,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2013/11/12 16:03:45 | 000,465,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2013/11/12 16:03:45 | 000,391,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsmf.dll
[2013/11/12 16:03:45 | 000,345,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsmf.dll
[2013/11/12 16:03:45 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll
[2013/11/12 16:03:45 | 000,317,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2013/11/12 16:03:45 | 000,171,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_8086.dll
[2013/11/12 16:03:45 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2013/11/12 16:03:45 | 000,031,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2013/11/12 16:03:44 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2013/11/12 16:03:44 | 000,371,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/11/12 16:03:44 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcsvDevice.dll
[2013/11/12 16:03:44 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll
[2013/11/12 16:03:44 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msched.dll
[2013/11/12 16:03:44 | 000,104,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll
[2013/11/12 16:03:44 | 000,088,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll
[2013/11/12 16:03:44 | 000,044,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll
[2013/11/12 16:03:43 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013/11/12 16:03:43 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013/11/12 16:03:43 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013/11/12 16:03:43 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll
[2013/11/12 16:03:43 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shsetup.dll
[2013/11/12 16:03:43 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2013/11/12 16:03:43 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWbPrxy.exe
[2013/11/12 16:03:43 | 000,057,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys
[2013/11/12 16:03:43 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013/11/12 16:03:43 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013/11/12 16:03:42 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013/11/12 16:03:42 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll
[2013/11/12 16:03:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2013/11/12 16:03:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\shsetup.dll
[2013/11/12 16:03:41 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/11/12 16:03:41 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/11/12 16:03:41 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll
[2013/11/12 16:03:41 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll
[2013/11/12 16:03:41 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WiFiDisplay.dll
[2013/11/12 16:03:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll
[2013/11/12 16:03:41 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll
[2013/11/12 16:03:40 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/11/12 16:03:40 | 001,704,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013/11/12 16:03:40 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/11/12 16:03:40 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2013/11/12 16:03:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ftp.exe
[2013/11/12 16:03:38 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe
[2013/11/12 16:03:38 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/12 16:03:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/12 16:03:37 | 000,909,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2013/11/12 16:03:37 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2013/11/12 16:03:37 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\miutils.dll
[2013/11/12 16:03:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\miutils.dll
[2013/11/12 16:03:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ftp.exe
[2013/11/12 16:03:13 | 002,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2013/11/12 16:03:13 | 001,085,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2013/11/12 16:03:13 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2013/11/12 16:03:10 | 018,577,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/11/12 16:03:08 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/11/12 16:03:07 | 013,176,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/11/12 16:03:06 | 011,674,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/11/12 16:03:05 | 001,341,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2013/11/12 16:03:04 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/11/12 16:03:04 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/11/12 16:03:04 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2013/11/12 16:03:04 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2013/11/12 16:03:04 | 000,136,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2013/11/12 16:02:52 | 001,943,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2013/11/12 15:24:46 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe
[2013/11/12 15:24:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe
[2013/11/12 15:24:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe
[2013/11/12 15:24:43 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2013/11/12 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/11/12 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/11/12 09:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/12 09:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/12 09:18:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/11/12 09:18:29 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/11/12 09:18:29 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/11/12 09:18:29 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/11/12 09:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/12 09:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/07 08:57:26 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\NetBeans
[2013/11/07 08:57:25 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\NetBeans
[2013/11/02 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Citrix
[2013/11/02 10:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/02 10:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/02 07:21:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\Oracle
[2013/11/02 07:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 11g Express Edition
[2013/11/02 07:19:58 | 000,000,000 | ---D | C] -- C:\oraclexe
[2013/11/02 04:36:09 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Eclipse Project
[2013/11/02 04:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse
[2013/10/31 06:51:30 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Media Player Classic
[2013/10/31 06:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
[2013/10/31 06:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2013/10/30 10:51:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\.eclipse
[2013/10/30 10:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
[2013/10/30 10:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.4
[2013/10/30 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\.nbi
[2013/10/29 08:05:46 | 000,872,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/10/29 08:05:45 | 000,698,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/10/26 06:58:28 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\TinyWall
[2013/10/26 06:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TinyWall
[2013/10/26 06:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
[2013/10/26 06:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TinyWall
[2013/10/24 18:47:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/10/24 10:29:55 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/10/24 10:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/10/24 10:28:35 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/10/24 10:28:35 | 000,977,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/10/24 10:28:34 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/10/24 10:28:34 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/10/24 10:28:34 | 001,286,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/10/24 10:28:34 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/10/24 10:28:34 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/10/24 10:28:34 | 000,294,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/10/24 10:28:34 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/10/24 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/10/24 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/10/24 10:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/10/24 10:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/10/24 10:25:23 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/24 10:25:23 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2013/10/24 10:25:22 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2013/10/24 10:25:21 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2013/10/24 10:25:20 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/24 10:25:19 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2013/10/24 08:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/24 08:08:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2013/10/24 08:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/24 07:20:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\assembly
[2013/10/24 07:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/24 07:10:27 | 001,032,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2013/10/24 07:10:27 | 000,409,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2013/10/24 07:10:27 | 000,092,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2013/10/24 07:10:27 | 000,084,328 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2013/10/24 07:10:27 | 000,038,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswFsBlk.sys
[2013/10/24 07:10:24 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/10/24 07:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/24 06:56:58 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\ElevatedDiagnostics
[2013/10/24 06:53:08 | 000,000,000 | R--D | C] -- C:\Users\Anna\SkyDrive
[2013/10/24 06:51:34 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Identities
[2013/10/24 06:36:13 | 000,000,000 | --SD | C] -- C:\Users\Anna\AppData\Roaming\Microsoft
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\Favorites
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\Documents
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\Desktop
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\Temporary Internet Files
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Templates
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Start Menu
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\SendTo
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Recent
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\PrintHood
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\NetHood
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Documents\My Videos
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Documents\My Pictures
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Documents\My Music
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\My Documents
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Local Settings
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\History
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Cookies
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Application Data
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\Application Data
[2013/10/24 06:36:13 | 000,000,000 | -H-D | C] -- C:\Users\Anna\AppData
[2013/10/24 06:36:13 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Temp
[2013/10/24 06:36:13 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Microsoft
[2013/10/24 06:36:13 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/24 06:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/10/24 06:32:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013/10/24 06:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013/10/24 06:31:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/10/24 05:28:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\AMD
[2013/10/24 05:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/10/24 05:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/10/24 05:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/10/24 05:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/10/24 05:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/10/24 05:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/24 05:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/10/24 05:23:40 | 000,000,000 | ---D | C] -- C:\AMD
[2013/10/15 14:40:19 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\AVAST Software
========== Files - Modified Within 30 Days ==========
[2013/11/13 22:16:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2013/11/13 21:40:16 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/13 21:38:14 | 000,517,144 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/11/13 21:38:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/13 21:01:08 | 2983,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 11:08:39 | 000,002,959 | ---- | M] () -- C:\Users\Anna\Documents\New Database.odb
[2013/11/13 10:37:48 | 000,007,687 | ---- | M] () -- C:\Users\Anna\Documents\Untitled 1.odt
[2013/11/12 17:13:39 | 000,995,700 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/11/12 17:13:39 | 000,825,210 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/11/12 17:13:39 | 000,169,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/11/12 15:24:37 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2013/11/12 15:24:35 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe
[2013/11/12 15:24:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe
[2013/11/12 15:24:34 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe
[2013/11/12 09:18:22 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/11/12 09:18:21 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/11/12 09:18:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/11/12 09:18:21 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/11/11 13:13:28 | 001,032,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2013/11/11 13:13:28 | 000,334,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2013/11/11 13:13:28 | 000,084,328 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2013/11/11 13:13:28 | 000,038,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswFsBlk.sys
[2013/11/11 13:13:27 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/11/06 11:55:32 | 000,409,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2013/11/05 18:31:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/11/05 18:31:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/05 11:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/11/05 11:11:46 | 018,577,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/11/05 09:30:00 | 011,674,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/11/05 09:29:00 | 013,176,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/11/02 07:21:39 | 001,009,226 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/01 07:38:12 | 000,000,145 | ---- | M] () -- C:\Users\Anna\.appletviewer
[2013/10/26 06:58:28 | 000,013,116 | ---- | M] () -- C:\WINDOWS\SysNative\InstallUtil.InstallLog
[2013/10/25 19:11:28 | 000,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/10/24 10:28:35 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/10/24 10:28:35 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/10/24 10:28:34 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/10/24 10:28:34 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/10/24 10:28:34 | 001,286,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/10/24 10:28:34 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/10/24 10:28:34 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/10/24 10:28:34 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/10/24 10:28:34 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/10/24 07:10:25 | 000,205,320 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2013/10/24 07:10:25 | 000,092,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2013/10/24 07:10:25 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2013/10/24 06:57:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/10/24 06:48:37 | 000,032,388 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/10/24 06:48:37 | 000,032,388 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/10/24 06:48:21 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/10/24 06:32:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013/10/23 06:29:02 | 000,044,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll
[2013/10/23 06:13:34 | 000,171,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_8086.dll
[2013/10/23 06:01:19 | 000,872,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/10/23 03:59:16 | 000,698,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/10/23 00:27:30 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/23 00:09:21 | 004,104,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/10/23 00:04:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/22 23:55:03 | 000,839,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/10/22 23:46:07 | 000,700,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/10/22 03:18:52 | 001,287,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2013/10/22 00:15:38 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2013/10/21 22:56:17 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2013/10/21 22:44:06 | 000,761,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2013/10/21 21:22:39 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013/10/21 21:13:33 | 001,704,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013/10/21 21:07:57 | 002,617,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013/10/21 20:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2013/10/21 20:47:12 | 002,295,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013/10/19 03:51:07 | 000,481,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2013/10/19 02:12:06 | 000,380,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2013/10/19 00:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2013/10/19 00:19:05 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/10/19 00:10:24 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/10/18 23:48:38 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2013/10/18 23:31:56 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/10/18 22:57:16 | 002,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/10/18 22:55:02 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/10/18 22:28:22 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/10/18 22:26:57 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2013/10/18 22:14:29 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2013/10/17 10:42:33 | 001,373,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2013/10/17 10:42:31 | 001,399,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013/10/17 09:04:13 | 001,204,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013/10/16 10:58:02 | 001,943,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2013/10/16 04:34:26 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2013/10/16 04:33:06 | 000,631,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2013/10/15 14:21:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
========== Files Created - No Company Name ==========
[2013/11/13 10:39:32 | 000,002,959 | ---- | C] () -- C:\Users\Anna\Documents\New Database.odb
[2013/11/13 10:37:46 | 000,007,687 | ---- | C] () -- C:\Users\Anna\Documents\Untitled 1.odt
[2013/11/12 16:03:43 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/11/02 04:35:14 | 000,001,115 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eclipse.lnk
[2013/11/01 07:38:12 | 000,000,145 | ---- | C] () -- C:\Users\Anna\.appletviewer
[2013/10/25 16:33:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/10/24 07:10:27 | 000,205,320 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2013/10/24 07:10:27 | 000,065,776 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2013/10/24 06:57:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/10/24 06:51:37 | 000,001,444 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/24 06:48:21 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/10/24 06:40:40 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/10/24 06:36:13 | 000,000,352 | ---- | C] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/24 06:36:13 | 000,000,334 | ---- | C] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/24 06:36:03 | 000,032,388 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/10/24 06:36:03 | 000,032,388 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/10/24 06:33:53 | 001,009,226 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/24 06:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/10/08 08:45:08 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2013/09/26 18:02:38 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/26 18:02:38 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/26 18:02:36 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/26 18:02:18 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/26 18:02:18 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/09/26 18:02:12 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/09/16 18:56:24 | 000,000,079 | ---- | C] () -- C:\WINDOWS\XP400.ini
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 22:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/02/05 16:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2013/02/05 16:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 16:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 16:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2013/01/29 09:44:13 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/07/25 15:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 15:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 15:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
========== ZeroAccess Check ==========
[2013/11/02 07:21:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 15:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 13:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/15 14:40:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AVAST Software
[2013/04/09 15:55:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\e-academy Inc
[2013/09/16 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Epson
[2013/04/09 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICAClient
[2013/09/16 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Leadertech
[2013/11/13 10:59:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\LibreOffice
[2013/11/07 08:57:47 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\NetBeans
[2013/10/20 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Samsung
[2013/10/26 06:58:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TinyWall
[2013/05/13 17:29:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WebApp
[2013/04/10 08:52:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2013/09/29 22:48:10 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.3.9600.16384_en-us_13bedf9d3e4c78d1\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2013/06/18 09:57:40 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.3.9600.16384_none_067909bec4cce684\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013/11/13 09:49:23 | 000,133,444 | ---- | M] () MD5=3DDF61E1B538A1205612192A61CC2376 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013/11/13 16:57:15 | 000,127,825 | ---- | M] () MD5=983D8A3EB94B05A199D3744C0F0C475F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\en-US\explorer.exe.mui
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_f6b0e7284798d168\explorer.exe.mui
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_0105917a7bf99363\explorer.exe.mui
< MD5 for: EXPLORER.EXE-03C49D11.PF >
[2013/11/13 22:01:31 | 000,275,326 | ---- | M] () MD5=9B3F40AA0C2211E6134FAD97EF3368A0 -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
< MD5 for: EXPLORER.PROPERTIES >
[2013/11/07 09:06:58 | 000,000,039 | ---- | M] () MD5=2BB97C1EFB43BE88E1BBDB121CAA9327 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Preferences\org\openide\explorer.properties
< MD5 for: EXPLORER.WSMODE >
[2013/11/08 21:43:46 | 000,000,529 | ---- | M] () MD5=D6F21F6A9F8622776A062DB76714709C -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Modes\explorer.wsmode
< MD5 for: IEXPLORE.EXE >
[2013/08/22 07:34:04 | 000,804,464 | ---- | M] (Microsoft Corporation) MD5=1C39C41D50FF7113748D825F4327D406 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/08/22 07:34:04 | 000,804,464 | ---- | M] (Microsoft Corporation) MD5=1C39C41D50FF7113748D825F4327D406 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_9c7bbe6690ba5bc1\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/08/22 00:20:05 | 000,805,992 | ---- | M] (Microsoft Corporation) MD5=EE889775E0F9755C90FAEBFB93FBD781 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/08/22 00:20:05 | 000,805,992 | ---- | M] (Microsoft Corporation) MD5=EE889775E0F9755C90FAEBFB93FBD781 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_a6d068b8c51b1dbc\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_962853ddc8679ca8\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_a07cfe2ffcc85ea3\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-6C28DB75.PF >
[2013/11/10 22:39:56 | 000,155,202 | ---- | M] () MD5=62F1D836F2B9D75FFE62A9F66EA8BC30 -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB75.pf
< MD5 for: IEXPLORE.EXE-6C28DB76.PF >
[2013/11/10 22:39:57 | 000,297,692 | ---- | M] () MD5=FA28644D3C3E3C7C3E9C74525AC2027B -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB76.pf
< MD5 for: IEXPLORE.EXE-7A9337F2.PF >
[2013/11/13 22:19:00 | 000,096,008 | ---- | M] () MD5=F98FFB735020DFA2153BDAA1E8F4C87D -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
< MD5 for: IEXPLORE.EXE-7A9337F4.PF >
[2013/11/13 05:58:26 | 000,170,726 | ---- | M] () MD5=BC621D49AE0F41DFF6E6DFA400D27650 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F4.pf
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF >
[2013/11/13 22:16:07 | 000,354,292 | ---- | M] () MD5=18805D41FC904AE90A59B43CE44C6D14 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
< MD5 for: IEXPLORE.VISUALELEMENTSMANIFEST.XML >
[2013/06/18 09:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Program Files\Internet Explorer\iexplore.VisualElementsManifest.xml
[2013/06/18 09:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Windows\WinSxS\amd64_microsoft-windows-immersivebrowser_31bf3856ad364e35_11.0.9600.16384_none_c673d0d2f4ca87f4\iexplore.VisualElementsManifest.xml
< MD5 for: SERVICES >
[2013/08/22 10:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
[2013/10/24 05:37:43 | 000,092,875 | ---- | M] () MD5=9CEA05C6911F6F2DA50ED6C470313CF2 -- C:\Users\Anna\AppData\Roaming\Microsoft\MMC\services
< MD5 for: SERVICES.EXE >
[2013/08/22 08:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\WINDOWS\SysNative\services.exe
[2013/08/22 08:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2013/09/29 22:47:46 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2013/09/29 22:47:46 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui
< MD5 for: SERVICES.JS >
[2013/09/29 22:53:03 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\common\js\services.js
[2013/09/29 22:53:12 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.205_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:27 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.202_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
< MD5 for: SERVICES.LNK >
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk
< MD5 for: SERVICES.MOF >
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof
< MD5 for: SERVICES.MSC >
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc
< MD5 for: SERVICES.PTXML >
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml
< MD5 for: SERVICES.SETTINGS >
[2013/11/08 21:43:46 | 000,001,622 | ---- | M] () MD5=9D486393976FDCB5F1706828D147FE43 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Components\services.settings
< MD5 for: SERVICES.WSTCGRP >
[2013/11/08 21:43:46 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2013/11/08 21:43:46 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp
< MD5 for: SERVICES.WSTCREF >
[2013/11/08 21:43:46 | 000,000,129 | ---- | M] () MD5=73E5717A2B2C3FF0F7ED6EFDD0A658B3 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Modes\explorer\services.wstcref
< MD5 for: WINLOGON.ADML >
[2013/09/29 23:18:27 | 000,002,631 | ---- | M] () MD5=3FC16D999444A213C04297050F42DA07 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.3.9600.16384_en-us_85c27192b0d9003d\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2013/08/22 09:57:15 | 000,001,101 | ---- | M] () MD5=513B8C31BC439F0A37EA44D540F98916 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.3.9600.16384_none_6bcbbccd4d39421a\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2013/08/22 04:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\WINDOWS\SysNative\winlogon.exe
[2013/08/22 04:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2013/09/29 22:48:02 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\WINDOWS\SysNative\en-US\winlogon.exe.mui
[2013/09/29 22:48:02 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.3.9600.16384_en-us_bbb6f195d80d78ae\winlogon.exe.mui
< MD5 for: WINLOGON.EXE-0D9AB72B.PF >
[2013/11/13 17:03:24 | 000,030,862 | ---- | M] () MD5=B4C85DFFF5B13CC50EF557DECC32437B -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
< MD5 for: WINLOGON.MFL >
[2013/09/29 22:48:02 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\WINDOWS\SysNative\wbem\en-US\winlogon.mfl
[2013/09/29 22:48:02 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.3.9600.16384_en-us_19794360f345d243\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2013/08/22 01:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\WINDOWS\SysNative\wbem\winlogon.mof
[2013/08/22 01:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.3.9600.16384_none_70f729db49dee3dc\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2012/07/25 22:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2013/06/18 07:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2013/11/13 21:01:08 | 2983,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 09:43:24 | 000,000,000 | RHS- | M] () -- C:\OS
[2013/11/13 21:38:05 | 671,088,640 | -HS- | M] () -- C:\pagefile.sys
[2013/11/13 21:38:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
< %systemroot%\Fonts\*.com >
[2013/10/24 10:26:11 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2013/10/24 10:26:11 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2013/10/24 10:26:11 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2013/10/24 10:26:11 | 000,043,318 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2013/08/22 10:35:03 | 000,000,065 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2013/11/11 13:13:27 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/28 05:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2013/08/22 10:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 06E2-8684
Directory of C:\
08/22/2013 09:45 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 09:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 09:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 09:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 09:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\SYSTEM.SAV\LOGS\SymLogs
01/29/2013 09:37 AM <SYMLINKD> cclog [C:\Users\Public\Symantec\SymSilent\cclog]
0 File(s) 0 bytes
Directory of C:\Users
08/22/2013 09:45 AM <SYMLINKD> All Users [C:\ProgramData]
08/22/2013 09:45 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 09:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 09:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 09:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 09:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Anna
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\Anna\AppData\Roaming]
10/24/2013 06:36 AM <JUNCTION> Cookies [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCookies]
10/24/2013 06:36 AM <JUNCTION> Local Settings [C:\Users\Anna\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> My Documents [C:\Users\Anna\Documents]
10/24/2013 06:36 AM <JUNCTION> NetHood [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/24/2013 06:36 AM <JUNCTION> PrintHood [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/24/2013 06:36 AM <JUNCTION> Recent [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Recent]
10/24/2013 06:36 AM <JUNCTION> SendTo [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\SendTo]
10/24/2013 06:36 AM <JUNCTION> Start Menu [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu]
10/24/2013 06:36 AM <JUNCTION> Templates [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\Anna\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> History [C:\Users\Anna\AppData\Local\Microsoft\Windows\History]
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local\Microsoft\Windows
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache
10/24/2013 06:51 AM <JUNCTION> Content.IE5 [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache\Low
10/24/2013 08:03 AM <JUNCTION> Content.IE5 [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
0 File(s) 0 bytes
Directory of C:\Users\Anna\Documents
10/24/2013 06:36 AM <JUNCTION> My Music [C:\Users\Anna\Music]
10/24/2013 06:36 AM <JUNCTION> My Pictures [C:\Users\Anna\Pictures]
10/24/2013 06:36 AM <JUNCTION> My Videos [C:\Users\Anna\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013 09:45 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013 09:45 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
08/22/2013 09:45 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
08/22/2013 09:45 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013 09:45 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013 09:45 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013 09:45 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013 09:45 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013 09:45 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
08/22/2013 09:45 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013 09:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013 09:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
08/22/2013 09:45 AM <JUNCTION> My Music [C:\Users\Default\Music]
08/22/2013 09:45 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
08/22/2013 09:45 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default.migrated\Documents
07/26/2012 02:22 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/26/2012 02:22 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/26/2012 02:22 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
10/24/2013 06:36 AM <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCookies]
10/24/2013 06:36 AM <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> My Documents [C:\Users\DefaultAppPool\Documents]
10/24/2013 06:36 AM <JUNCTION> NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/24/2013 06:36 AM <JUNCTION> PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/24/2013 06:36 AM <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
10/24/2013 06:36 AM <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
10/24/2013 06:36 AM <JUNCTION> Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
10/24/2013 06:36 AM <JUNCTION> Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\Documents
10/24/2013 06:36 AM <JUNCTION> My Music [C:\Users\DefaultAppPool\Music]
10/24/2013 06:36 AM <JUNCTION> My Pictures [C:\Users\DefaultAppPool\Pictures]
10/24/2013 06:36 AM <JUNCTION> My Videos [C:\Users\DefaultAppPool\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
08/22/2013 09:45 AM <JUNCTION> My Music [C:\Users\Public\Music]
08/22/2013 09:45 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
08/22/2013 09:45 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
10/24/2013 07:19 AM <JUNCTION> Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
10/24/2013 07:19 AM <JUNCTION> Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
75 Dir(s) 431,249,899,520 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/04/09 12:45:14 | 000,000,223 | -HS- | M] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/08/22 10:35:52 | 000,000,148 | -HS- | M] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013/11/13 22:16:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 199 bytes -> C:\Users\Anna\SkyDrive:ms-properties
< End of report >
OTL Extras logfile created on: 11/13/2013 10:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anna\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.47 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 57.29% Memory free
4.10 Gb Paging File | 1.82 Gb Available in Paging File | 44.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.00 Gb Total Space | 401.63 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.46 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
Drive G: | 232.83 Gb Total Space | 232.31 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
Computer Name: ANNAPERSONALPC | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5C5FB8-EF52-48DC-9BB7-989631B04986}" = lport=5357 | protocol=6 | dir=in | app=system |
"{13A7CE7D-4E11-419B-A064-43FD8AE3929C}" = rport=53 | protocol=6 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{13EF2457-F140-41DE-AB1C-7F3B6E269B2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{156FB420-81C0-4736-A799-68368787E66C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{19F58E2A-4AB1-4662-BAF9-2C733809BD08}" = rport=53 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{26F3DF8D-8B13-4A91-ACD9-C61C18205795}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37CC76B7-12FC-4149-BAC8-3726207FAFA4}" = rport=2 | protocol=6 | dir=in | name=[tw5yrosa0dqr7t][tcp][in] malware port block |
"{39A04B12-4352-4105-BCB9-345142037AD5}" = rport=547 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{3F7B60E2-AD2B-4B8B-9112-A85CA2C3BC8D}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{46EF4CA2-CE0D-48A1-AC13-5D8F098C56DF}" = rport=2 | protocol=17 | dir=in | name=[tw5yrosa0dqr7t][udp][in] malware port block |
"{4F5AE2F9-1AB9-4364-B981-1AE8F7ABD045}" = lport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{558965ED-D48A-4B58-864D-3E4F4A00BEE5}" = rport=5357 | protocol=6 | dir=out | app=system |
"{66096A95-4D1C-4451-93B7-0EC33EA41268}" = rport=547 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{6D31E3B2-D679-475A-8E3F-9946762471AD}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{6E039F13-7681-4A14-BAA7-73BD2E7C208C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7B9C33F5-0614-4727-B9EF-8CEFF176D223}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=c:\windows\system32\svchost.exe |
"{7CE1B31E-2E4E-46F7-9E29-C20A585F5AF3}" = rport=2 | protocol=17 | dir=out | name=[tw5yrosa0dqr7t][udp][out] malware port block |
"{8FF253C5-0B72-4720-BC13-21300D2C8BD6}" = rport=2 | protocol=6 | dir=out | name=[tw5yrosa0dqr7t][tcp][out] malware port block |
"{97D23637-6792-4BFA-B2EC-73B32A44DD33}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9DB3A9DC-25AF-4EC6-B14E-8B16724C2B62}" = rport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9E4B10EF-C95D-48FF-AFEA-4F576D437C4B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{AB7596E4-7E50-4CC1-95BE-CD2D2054D80B}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{B1071333-BA8A-4BB3-879E-1400DFF2DCFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CBDF1546-56B5-45C7-AED6-098E6FAEF566}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{CC966182-7E35-45F2-8803-EA85C721B7C3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{DD61F81E-55E0-439C-BE09-B5A375B1C5C0}" = rport=67 | protocol=17 | dir=out | svc=lmhosts | app=c:\windows\system32\svchost.exe |
"{EAB80BF9-9663-4FC0-B40C-5E6167A7151A}" = lport=2869 | protocol=6 | dir=in | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FC2FE091-3A2E-47E8-B789-ECF4AA149A4E}" = rport=123 | protocol=17 | dir=in | svc=w32time | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EE99C5-5E7D-4CBE-8BBF-D8EBFCABAD9E}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{0F644321-461C-4AA2-BD7F-AE51134DFC94}" = protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{1B8F2B01-C445-48A7-B5B1-889DC1524B08}" = protocol=58 | dir=out | name=[twuwvaxiayjmt8] icmpv6 (echo-req) out |
"{2466D0B8-AACE-49EE-8D33-AFE67BEFDA30}" = protocol=17 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{405684C3-96EB-455B-9B92-FBC65227322C}" = protocol=6 | dir=out | app=c:\program files\avast software\avast\avastsvc.exe |
"{4E7AEA3E-724A-4D75-9F87-46BAFE389F0D}" = protocol=6 | dir=out | svc=wuauserv | app=c:\windows\system32\svchost.exe |
"{4FE65608-9526-4856-869D-31FDEEF5AEC5}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{73A785EC-032D-4AD0-99F2-FB0A5BAF9A94}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{7883537C-7191-4E2E-BF28-3873D3FD12B9}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastsvc.exe |
"{9E6B12B1-FE0A-4115-BAE3-9C6B9F2D2109}" = protocol=17 | dir=out | app=c:\program files\avast software\avast\avastsvc.exe |
"{BAC5F128-8A35-4605-BBF4-D3D98698CCDC}" = protocol=58 | dir=in | name=[twuwvaxiayjmt8] icmpv6 (safe) |
"{C244A919-EB26-4424-B67F-BE651DFB086D}" = protocol=1 | dir=in | name=[twuwvaxiayjmt8] icmpv4 (safe) |
"{C56D1611-1DF5-4C1C-B5D5-2B752394893D}" = protocol=6 | dir=out | app=c:\program files (x86)\tinywall\tinywall.exe |
"{E5C207F7-70B0-4814-B700-EBDA4DF8E58A}" = protocol=1 | dir=out | name=[twuwvaxiayjmt8] icmpv4 (echo-req) out |
"{E7927273-55C7-47E0-9064-4EB52F6BD0EE}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastsvc.exe |
"{FD513131-0390-4041-8FED-073AF36C41D7}" = protocol=6 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.0 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170450}" = Java SE Development Kit 7 Update 45 (64-bit)
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8AB933A1-603C-5B22-3D56-19593698C41A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall
"nbi-nb-base-7.4.0.0.201310111528" = NetBeans IDE 7.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{E87F67CD-B72A-4B47-A01D-28CD16AC0711}" = TinyWall
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF27F674-821E-4BA2-985B-DDF539C2CD03}" = HP Support Assistant
"Avast" = avast! Free Antivirus
"EPSON Scanner" = EPSON Scan
"InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09159dff-d00f-4249-92a9-d21bd2c23087" = Final Drive Fury
"WTA-0d2bf4b2-f3c1-42d8-9f95-f7020595d4cb" = Polar Golfer
"WTA-0f0375fa-8d74-4b22-b473-c63035d20911" = Governor of Poker 2 Premium Edition
"WTA-181dd5df-03b6-41c5-ae6f-d012b549a3b0" = Cradle of Rome 2
"WTA-2804a01c-98a5-4ad8-8497-d1adee2eff1e" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-31ae23af-5326-489e-bf3c-71e96da21e00" = John Deere Drive Green
"WTA-452d24a6-2630-41f5-8cdc-de303a21881c" = Luxor Evolved
"WTA-4a1d1efa-3285-47d8-8275-8a83c8c55b76" = Bejeweled 3
"WTA-4f1c660e-f86b-4041-9227-11ec091bfd45" = Roads of Rome 3
"WTA-5ae6d930-a0f2-4389-a7f6-fb54482b2395" = Peggle Nights
"WTA-5d1a4dbf-f606-4e54-b4ff-e5faa6915274" = Polar Bowler
"WTA-66cc5333-1ab7-4389-98ae-7cdb8f39d844" = Vacation Quest™ - Australia
"WTA-6b654f1e-3e9b-48de-9abf-0b2d4cd33975" = Build-a-lot 4 - Power Source
"WTA-6bb4aa06-bca4-486a-90aa-8d5bdb52b613" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-6f2cf829-048b-4d88-b4b5-ec1b45d4ccc8" = Tales of Lagoona
"WTA-8dda22ea-ef5e-46a0-ad77-1070ec24d7e9" = FATE: The Cursed King
"WTA-a9c17bdd-c791-4cb9-916a-c87a71b1f6ce" = Jewel Match 3
"WTA-aec06a9a-8d3b-408f-bc24-88dc0850c924" = Zuma's Revenge
"WTA-b4af75bb-a1a7-4650-859a-68eccc00cefe" = Chuzzle Deluxe
"WTA-ba5a9411-aea3-41ab-a930-0b28e9ace639" = Penguins!
"WTA-c3bb4900-dd8f-4ea7-8c60-93780d379ee2" = Cradle Of Egypt Collector's Edition
"WTA-d364e5e4-411c-48bf-a277-0b7d036617e0" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-db59cb34-a79a-46fa-86d1-bc7c955aeb47" = FlatOut 2
"WTA-e073819f-a49a-4f9c-a964-413c642aada2" = 4 Elements II
"WTA-e9258e1f-d5bb-4b3e-920e-e5f2d90c8b52" = Farm Frenzy
"WTA-f8201723-e249-4292-8aff-a40e96796301" = Hoyle Card Games
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/13/2013 9:37:40 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C020
Error - 11/13/2013 9:37:40 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C020 Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
Error - 11/13/2013 9:41:16 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C020
Error - 11/13/2013 9:41:16 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C020 Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
Error - 11/13/2013 9:42:04 PM | Computer Name = AnnaPersonalPC | Source = Microsoft Office 15 | ID = 2011
Description =
Error - 11/13/2013 9:42:04 PM | Computer Name = AnnaPersonalPC | Source = Microsoft Office 15 | ID = 2011
Description =
Error - 11/13/2013 9:49:01 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0x80072EFD
Error - 11/13/2013 9:49:01 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EFD Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
Error - 11/13/2013 9:49:13 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C020
Error - 11/13/2013 9:49:13 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C020 Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
[ System Events ]
Error - 11/11/2013 6:05:38 PM | Computer Name = AnnaPersonalPC | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.
Error - 11/11/2013 6:05:38 PM | Computer Name = AnnaPersonalPC | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.
Error - 11/11/2013 7:17:59 PM | Computer Name = AnnaPersonalPC | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x8009030d.
The internal error state is 10001.
Error - 11/11/2013 7:17:59 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/11/2013 7:17:59 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 11:31:40 AM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10016
Description =
Error - 11/12/2013 12:30:17 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 12:30:17 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 12:30:20 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 12:30:20 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
< End of report >
Any help would be much appreciated.
Thank you,
Angel of the Moon