Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
Hello Everyone,
Today November 13, 2013 I was working on my computer and everything was fin until I uninstalled Microsoft Office 2013 Professional Plus and rebooted. Once reboot Avast popup stating it has detected a rootkit. Somewhere in C:\ProgramFles if my memory serves me right. I deleted the rootkit Avast detected and did a boot scan. The scan turned up empty. Yet, I am still woried. That is why I am here. Here are the OTL.txt and Extras.txt
OTL logfile created on: 11/13/2013 10:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anna\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.47 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 57.29% Memory free
4.10 Gb Paging File | 1.82 Gb Available in Paging File | 44.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.00 Gb Total Space | 401.63 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.46 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
Drive G: | 232.83 Gb Total Space | 232.31 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
Computer Name: ANNAPERSONALPC | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE (Oracle Corporation)
PRC - c:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe (Oracle Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (TinyWall) -- C:\Program Files (x86)\TinyWall\TinyWall.exe (Károly Pados)
SRV - (HPConnectedRemote) -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPRegistrationSvc) -- c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe (Hewlett-Packard)
SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe (Oracle Corporation)
SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE (Oracle Corporation)
SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe ()
SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE (Oracle Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\WINDOWS\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{34DC9E98-373F-4B8E-9386-6AF33F502E3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{34DC9E98-373F-4B8E-9386-6AF33F502E3C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1F1249A4-1DD1-4AA8-852A-B05F1216A713}
IE - HKCU\..\SearchScopes\{1F1249A4-1DD1-4AA8-852A-B05F1216A713}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
O1 HOSTS File: ([2013/07/08 07:35:00 | 000,567,880 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15455 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [TinyWall Controller] C:\Program Files (x86)\TinyWall\TinyWall.exe (Károly Pados)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: devry.edu ([lab] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D606D-DF18-4FF0-A21C-F2A90B8C80DD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/08 09:59:46 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/13 22:16:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2013/11/13 20:50:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/13 14:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013/11/13 10:59:04 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\LibreOffice
[2013/11/12 16:04:01 | 003,395,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2013/11/12 16:03:58 | 006,639,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2013/11/12 16:03:56 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013/11/12 16:03:56 | 005,769,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2013/11/12 16:03:55 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013/11/12 16:03:54 | 004,104,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/11/12 16:03:53 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013/11/12 16:03:53 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/11/12 16:03:52 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013/11/12 16:03:52 | 001,231,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2013/11/12 16:03:52 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2013/11/12 16:03:51 | 002,328,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013/11/12 16:03:51 | 002,065,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2013/11/12 16:03:51 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2013/11/12 16:03:50 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/11/12 16:03:50 | 001,067,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2013/11/12 16:03:50 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2013/11/12 16:03:50 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2013/11/12 16:03:49 | 000,883,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2013/11/12 16:03:49 | 000,839,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/11/12 16:03:49 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/11/12 16:03:49 | 000,481,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2013/11/12 16:03:48 | 004,599,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2013/11/12 16:03:48 | 002,134,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2013/11/12 16:03:48 | 001,287,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/11/12 16:03:48 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2013/11/12 16:03:48 | 000,699,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10level9.dll
[2013/11/12 16:03:48 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/11/12 16:03:48 | 000,380,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2013/11/12 16:03:47 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013/11/12 16:03:47 | 001,373,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2013/11/12 16:03:47 | 001,011,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll
[2013/11/12 16:03:47 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2013/11/12 16:03:47 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/11/12 16:03:46 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013/11/12 16:03:46 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2013/11/12 16:03:46 | 000,708,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll
[2013/11/12 16:03:46 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2013/11/12 16:03:46 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2013/11/12 16:03:46 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll
[2013/11/12 16:03:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll
[2013/11/12 16:03:45 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[2013/11/12 16:03:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2013/11/12 16:03:45 | 000,558,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2013/11/12 16:03:45 | 000,518,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2013/11/12 16:03:45 | 000,465,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2013/11/12 16:03:45 | 000,391,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsmf.dll
[2013/11/12 16:03:45 | 000,345,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsmf.dll
[2013/11/12 16:03:45 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll
[2013/11/12 16:03:45 | 000,317,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2013/11/12 16:03:45 | 000,171,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_8086.dll
[2013/11/12 16:03:45 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2013/11/12 16:03:45 | 000,031,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2013/11/12 16:03:44 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2013/11/12 16:03:44 | 000,371,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/11/12 16:03:44 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcsvDevice.dll
[2013/11/12 16:03:44 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll
[2013/11/12 16:03:44 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msched.dll
[2013/11/12 16:03:44 | 000,104,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll
[2013/11/12 16:03:44 | 000,088,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll
[2013/11/12 16:03:44 | 000,044,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll
[2013/11/12 16:03:43 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013/11/12 16:03:43 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013/11/12 16:03:43 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013/11/12 16:03:43 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll
[2013/11/12 16:03:43 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shsetup.dll
[2013/11/12 16:03:43 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2013/11/12 16:03:43 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWbPrxy.exe
[2013/11/12 16:03:43 | 000,057,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys
[2013/11/12 16:03:43 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013/11/12 16:03:43 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013/11/12 16:03:42 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013/11/12 16:03:42 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll
[2013/11/12 16:03:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2013/11/12 16:03:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\shsetup.dll
[2013/11/12 16:03:41 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/11/12 16:03:41 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/11/12 16:03:41 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll
[2013/11/12 16:03:41 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll
[2013/11/12 16:03:41 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WiFiDisplay.dll
[2013/11/12 16:03:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll
[2013/11/12 16:03:41 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll
[2013/11/12 16:03:40 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/11/12 16:03:40 | 001,704,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013/11/12 16:03:40 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/11/12 16:03:40 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2013/11/12 16:03:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ftp.exe
[2013/11/12 16:03:38 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe
[2013/11/12 16:03:38 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/12 16:03:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/12 16:03:37 | 000,909,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2013/11/12 16:03:37 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2013/11/12 16:03:37 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\miutils.dll
[2013/11/12 16:03:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\miutils.dll
[2013/11/12 16:03:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ftp.exe
[2013/11/12 16:03:13 | 002,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2013/11/12 16:03:13 | 001,085,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2013/11/12 16:03:13 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2013/11/12 16:03:10 | 018,577,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/11/12 16:03:08 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/11/12 16:03:07 | 013,176,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/11/12 16:03:06 | 011,674,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/11/12 16:03:05 | 001,341,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2013/11/12 16:03:04 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/11/12 16:03:04 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/11/12 16:03:04 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2013/11/12 16:03:04 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2013/11/12 16:03:04 | 000,136,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2013/11/12 16:02:52 | 001,943,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2013/11/12 15:24:46 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe
[2013/11/12 15:24:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe
[2013/11/12 15:24:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe
[2013/11/12 15:24:43 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2013/11/12 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/11/12 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/11/12 09:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/12 09:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/12 09:18:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/11/12 09:18:29 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/11/12 09:18:29 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/11/12 09:18:29 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/11/12 09:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/12 09:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/07 08:57:26 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\NetBeans
[2013/11/07 08:57:25 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\NetBeans
[2013/11/02 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Citrix
[2013/11/02 10:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/02 10:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/02 07:21:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\Oracle
[2013/11/02 07:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 11g Express Edition
[2013/11/02 07:19:58 | 000,000,000 | ---D | C] -- C:\oraclexe
[2013/11/02 04:36:09 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Eclipse Project
[2013/11/02 04:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse
[2013/10/31 06:51:30 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Media Player Classic
[2013/10/31 06:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
[2013/10/31 06:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2013/10/30 10:51:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\.eclipse
[2013/10/30 10:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
[2013/10/30 10:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.4
[2013/10/30 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\.nbi
[2013/10/29 08:05:46 | 000,872,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/10/29 08:05:45 | 000,698,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/10/26 06:58:28 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\TinyWall
[2013/10/26 06:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TinyWall
[2013/10/26 06:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
[2013/10/26 06:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TinyWall
[2013/10/24 18:47:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/10/24 10:29:55 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/10/24 10:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/10/24 10:28:35 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/10/24 10:28:35 | 000,977,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/10/24 10:28:34 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/10/24 10:28:34 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/10/24 10:28:34 | 001,286,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/10/24 10:28:34 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/10/24 10:28:34 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/10/24 10:28:34 | 000,294,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/10/24 10:28:34 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/10/24 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/10/24 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/10/24 10:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/10/24 10:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/10/24 10:25:23 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/24 10:25:23 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2013/10/24 10:25:22 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2013/10/24 10:25:21 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2013/10/24 10:25:20 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/24 10:25:19 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2013/10/24 08:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/24 08:08:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2013/10/24 08:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/24 07:20:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\assembly
[2013/10/24 07:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/24 07:10:27 | 001,032,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2013/10/24 07:10:27 | 000,409,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2013/10/24 07:10:27 | 000,092,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2013/10/24 07:10:27 | 000,084,328 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2013/10/24 07:10:27 | 000,038,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswFsBlk.sys
[2013/10/24 07:10:24 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/10/24 07:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/24 06:56:58 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\ElevatedDiagnostics
[2013/10/24 06:53:08 | 000,000,000 | R--D | C] -- C:\Users\Anna\SkyDrive
[2013/10/24 06:51:34 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Identities
[2013/10/24 06:36:13 | 000,000,000 | --SD | C] -- C:\Users\Anna\AppData\Roaming\Microsoft
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\Favorites
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\Documents
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\Desktop
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/24 06:36:13 | 000,000,000 | R--D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\Temporary Internet Files
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Templates
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Start Menu
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\SendTo
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Recent
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\PrintHood
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\NetHood
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Documents\My Videos
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Documents\My Pictures
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Documents\My Music
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\My Documents
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Local Settings
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\History
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Cookies
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\Application Data
[2013/10/24 06:36:13 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\Application Data
[2013/10/24 06:36:13 | 000,000,000 | -H-D | C] -- C:\Users\Anna\AppData
[2013/10/24 06:36:13 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Temp
[2013/10/24 06:36:13 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Microsoft
[2013/10/24 06:36:13 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/24 06:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/10/24 06:32:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013/10/24 06:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013/10/24 06:31:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/10/24 05:28:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\AMD
[2013/10/24 05:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/10/24 05:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/10/24 05:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/10/24 05:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/10/24 05:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/10/24 05:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/24 05:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/10/24 05:23:40 | 000,000,000 | ---D | C] -- C:\AMD
[2013/10/15 14:40:19 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\AVAST Software
========== Files - Modified Within 30 Days ==========
[2013/11/13 22:16:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2013/11/13 21:40:16 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/13 21:38:14 | 000,517,144 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/11/13 21:38:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/13 21:01:08 | 2983,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 11:08:39 | 000,002,959 | ---- | M] () -- C:\Users\Anna\Documents\New Database.odb
[2013/11/13 10:37:48 | 000,007,687 | ---- | M] () -- C:\Users\Anna\Documents\Untitled 1.odt
[2013/11/12 17:13:39 | 000,995,700 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/11/12 17:13:39 | 000,825,210 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/11/12 17:13:39 | 000,169,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/11/12 15:24:37 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2013/11/12 15:24:35 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe
[2013/11/12 15:24:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe
[2013/11/12 15:24:34 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe
[2013/11/12 09:18:22 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/11/12 09:18:21 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/11/12 09:18:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/11/12 09:18:21 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/11/11 13:13:28 | 001,032,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2013/11/11 13:13:28 | 000,334,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2013/11/11 13:13:28 | 000,084,328 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2013/11/11 13:13:28 | 000,038,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswFsBlk.sys
[2013/11/11 13:13:27 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/11/06 11:55:32 | 000,409,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2013/11/05 18:31:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/11/05 18:31:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/05 11:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/11/05 11:11:46 | 018,577,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/11/05 09:30:00 | 011,674,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/11/05 09:29:00 | 013,176,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/11/02 07:21:39 | 001,009,226 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/01 07:38:12 | 000,000,145 | ---- | M] () -- C:\Users\Anna\.appletviewer
[2013/10/26 06:58:28 | 000,013,116 | ---- | M] () -- C:\WINDOWS\SysNative\InstallUtil.InstallLog
[2013/10/25 19:11:28 | 000,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/10/24 10:28:35 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/10/24 10:28:35 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/10/24 10:28:34 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/10/24 10:28:34 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/10/24 10:28:34 | 001,286,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/10/24 10:28:34 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/10/24 10:28:34 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/10/24 10:28:34 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/10/24 10:28:34 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/10/24 07:10:25 | 000,205,320 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2013/10/24 07:10:25 | 000,092,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2013/10/24 07:10:25 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2013/10/24 06:57:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/10/24 06:48:37 | 000,032,388 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/10/24 06:48:37 | 000,032,388 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/10/24 06:48:21 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/10/24 06:32:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013/10/23 06:29:02 | 000,044,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll
[2013/10/23 06:13:34 | 000,171,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_8086.dll
[2013/10/23 06:01:19 | 000,872,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/10/23 03:59:16 | 000,698,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/10/23 00:27:30 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/23 00:09:21 | 004,104,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/10/23 00:04:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/22 23:55:03 | 000,839,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/10/22 23:46:07 | 000,700,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/10/22 03:18:52 | 001,287,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2013/10/22 00:15:38 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2013/10/21 22:56:17 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2013/10/21 22:44:06 | 000,761,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2013/10/21 21:22:39 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013/10/21 21:13:33 | 001,704,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013/10/21 21:07:57 | 002,617,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013/10/21 20:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2013/10/21 20:47:12 | 002,295,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013/10/19 03:51:07 | 000,481,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2013/10/19 02:12:06 | 000,380,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2013/10/19 00:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2013/10/19 00:19:05 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/10/19 00:10:24 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/10/18 23:48:38 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2013/10/18 23:31:56 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/10/18 22:57:16 | 002,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/10/18 22:55:02 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/10/18 22:28:22 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/10/18 22:26:57 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2013/10/18 22:14:29 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2013/10/17 10:42:33 | 001,373,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2013/10/17 10:42:31 | 001,399,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013/10/17 09:04:13 | 001,204,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013/10/16 10:58:02 | 001,943,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2013/10/16 04:34:26 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2013/10/16 04:33:06 | 000,631,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2013/10/15 14:21:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
========== Files Created - No Company Name ==========
[2013/11/13 10:39:32 | 000,002,959 | ---- | C] () -- C:\Users\Anna\Documents\New Database.odb
[2013/11/13 10:37:46 | 000,007,687 | ---- | C] () -- C:\Users\Anna\Documents\Untitled 1.odt
[2013/11/12 16:03:43 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/11/02 04:35:14 | 000,001,115 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eclipse.lnk
[2013/11/01 07:38:12 | 000,000,145 | ---- | C] () -- C:\Users\Anna\.appletviewer
[2013/10/25 16:33:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/10/24 07:10:27 | 000,205,320 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2013/10/24 07:10:27 | 000,065,776 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2013/10/24 06:57:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/10/24 06:51:37 | 000,001,444 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/24 06:48:21 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/10/24 06:40:40 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/10/24 06:36:13 | 000,000,352 | ---- | C] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/24 06:36:13 | 000,000,334 | ---- | C] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/24 06:36:03 | 000,032,388 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/10/24 06:36:03 | 000,032,388 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/10/24 06:33:53 | 001,009,226 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/24 06:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/10/08 08:45:08 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2013/09/26 18:02:38 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/26 18:02:38 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/26 18:02:36 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/26 18:02:18 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/26 18:02:18 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/09/26 18:02:12 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/09/16 18:56:24 | 000,000,079 | ---- | C] () -- C:\WINDOWS\XP400.ini
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 22:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/02/05 16:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2013/02/05 16:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 16:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 16:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2013/01/29 09:44:13 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/07/25 15:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 15:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 15:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
========== ZeroAccess Check ==========
[2013/11/02 07:21:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 15:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 13:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/15 14:40:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AVAST Software
[2013/04/09 15:55:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\e-academy Inc
[2013/09/16 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Epson
[2013/04/09 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICAClient
[2013/09/16 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Leadertech
[2013/11/13 10:59:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\LibreOffice
[2013/11/07 08:57:47 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\NetBeans
[2013/10/20 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Samsung
[2013/10/26 06:58:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TinyWall
[2013/05/13 17:29:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WebApp
[2013/04/10 08:52:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2013/09/29 22:48:10 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.3.9600.16384_en-us_13bedf9d3e4c78d1\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2013/06/18 09:57:40 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.3.9600.16384_none_067909bec4cce684\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013/11/13 09:49:23 | 000,133,444 | ---- | M] () MD5=3DDF61E1B538A1205612192A61CC2376 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013/11/13 16:57:15 | 000,127,825 | ---- | M] () MD5=983D8A3EB94B05A199D3744C0F0C475F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\en-US\explorer.exe.mui
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_f6b0e7284798d168\explorer.exe.mui
[2013/09/29 22:47:55 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_0105917a7bf99363\explorer.exe.mui
< MD5 for: EXPLORER.EXE-03C49D11.PF >
[2013/11/13 22:01:31 | 000,275,326 | ---- | M] () MD5=9B3F40AA0C2211E6134FAD97EF3368A0 -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
< MD5 for: EXPLORER.PROPERTIES >
[2013/11/07 09:06:58 | 000,000,039 | ---- | M] () MD5=2BB97C1EFB43BE88E1BBDB121CAA9327 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Preferences\org\openide\explorer.properties
< MD5 for: EXPLORER.WSMODE >
[2013/11/08 21:43:46 | 000,000,529 | ---- | M] () MD5=D6F21F6A9F8622776A062DB76714709C -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Modes\explorer.wsmode
< MD5 for: IEXPLORE.EXE >
[2013/08/22 07:34:04 | 000,804,464 | ---- | M] (Microsoft Corporation) MD5=1C39C41D50FF7113748D825F4327D406 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/08/22 07:34:04 | 000,804,464 | ---- | M] (Microsoft Corporation) MD5=1C39C41D50FF7113748D825F4327D406 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_9c7bbe6690ba5bc1\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/08/22 00:20:05 | 000,805,992 | ---- | M] (Microsoft Corporation) MD5=EE889775E0F9755C90FAEBFB93FBD781 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/08/22 00:20:05 | 000,805,992 | ---- | M] (Microsoft Corporation) MD5=EE889775E0F9755C90FAEBFB93FBD781 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_a6d068b8c51b1dbc\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_962853ddc8679ca8\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_a07cfe2ffcc85ea3\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-6C28DB75.PF >
[2013/11/10 22:39:56 | 000,155,202 | ---- | M] () MD5=62F1D836F2B9D75FFE62A9F66EA8BC30 -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB75.pf
< MD5 for: IEXPLORE.EXE-6C28DB76.PF >
[2013/11/10 22:39:57 | 000,297,692 | ---- | M] () MD5=FA28644D3C3E3C7C3E9C74525AC2027B -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB76.pf
< MD5 for: IEXPLORE.EXE-7A9337F2.PF >
[2013/11/13 22:19:00 | 000,096,008 | ---- | M] () MD5=F98FFB735020DFA2153BDAA1E8F4C87D -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
< MD5 for: IEXPLORE.EXE-7A9337F4.PF >
[2013/11/13 05:58:26 | 000,170,726 | ---- | M] () MD5=BC621D49AE0F41DFF6E6DFA400D27650 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F4.pf
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF >
[2013/11/13 22:16:07 | 000,354,292 | ---- | M] () MD5=18805D41FC904AE90A59B43CE44C6D14 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
< MD5 for: IEXPLORE.VISUALELEMENTSMANIFEST.XML >
[2013/06/18 09:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Program Files\Internet Explorer\iexplore.VisualElementsManifest.xml
[2013/06/18 09:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Windows\WinSxS\amd64_microsoft-windows-immersivebrowser_31bf3856ad364e35_11.0.9600.16384_none_c673d0d2f4ca87f4\iexplore.VisualElementsManifest.xml
< MD5 for: SERVICES >
[2013/08/22 10:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
[2013/10/24 05:37:43 | 000,092,875 | ---- | M] () MD5=9CEA05C6911F6F2DA50ED6C470313CF2 -- C:\Users\Anna\AppData\Roaming\Microsoft\MMC\services
< MD5 for: SERVICES.EXE >
[2013/08/22 08:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\WINDOWS\SysNative\services.exe
[2013/08/22 08:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2013/09/29 22:47:46 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2013/09/29 22:47:46 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui
< MD5 for: SERVICES.JS >
[2013/09/29 22:53:03 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\common\js\services.js
[2013/09/29 22:53:12 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.205_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:27 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.202_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/24 07:10:26 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
< MD5 for: SERVICES.LNK >
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk
< MD5 for: SERVICES.MOF >
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof
< MD5 for: SERVICES.MSC >
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc
< MD5 for: SERVICES.PTXML >
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml
< MD5 for: SERVICES.SETTINGS >
[2013/11/08 21:43:46 | 000,001,622 | ---- | M] () MD5=9D486393976FDCB5F1706828D147FE43 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Components\services.settings
< MD5 for: SERVICES.WSTCGRP >
[2013/11/08 21:43:46 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2013/11/08 21:43:46 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp
< MD5 for: SERVICES.WSTCREF >
[2013/11/08 21:43:46 | 000,000,129 | ---- | M] () MD5=73E5717A2B2C3FF0F7ED6EFDD0A658B3 -- C:\Users\Anna\AppData\Roaming\NetBeans\7.4\config\Windows2Local\Modes\explorer\services.wstcref
< MD5 for: WINLOGON.ADML >
[2013/09/29 23:18:27 | 000,002,631 | ---- | M] () MD5=3FC16D999444A213C04297050F42DA07 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.3.9600.16384_en-us_85c27192b0d9003d\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2013/08/22 09:57:15 | 000,001,101 | ---- | M] () MD5=513B8C31BC439F0A37EA44D540F98916 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.3.9600.16384_none_6bcbbccd4d39421a\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2013/08/22 04:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\WINDOWS\SysNative\winlogon.exe
[2013/08/22 04:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2013/09/29 22:48:02 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\WINDOWS\SysNative\en-US\winlogon.exe.mui
[2013/09/29 22:48:02 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.3.9600.16384_en-us_bbb6f195d80d78ae\winlogon.exe.mui
< MD5 for: WINLOGON.EXE-0D9AB72B.PF >
[2013/11/13 17:03:24 | 000,030,862 | ---- | M] () MD5=B4C85DFFF5B13CC50EF557DECC32437B -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
< MD5 for: WINLOGON.MFL >
[2013/09/29 22:48:02 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\WINDOWS\SysNative\wbem\en-US\winlogon.mfl
[2013/09/29 22:48:02 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.3.9600.16384_en-us_19794360f345d243\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2013/08/22 01:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\WINDOWS\SysNative\wbem\winlogon.mof
[2013/08/22 01:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.3.9600.16384_none_70f729db49dee3dc\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2012/07/25 22:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2013/06/18 07:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2013/11/13 21:01:08 | 2983,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 09:43:24 | 000,000,000 | RHS- | M] () -- C:\OS
[2013/11/13 21:38:05 | 671,088,640 | -HS- | M] () -- C:\pagefile.sys
[2013/11/13 21:38:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
< %systemroot%\Fonts\*.com >
[2013/10/24 10:26:11 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2013/10/24 10:26:11 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2013/10/24 10:26:11 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2013/10/24 10:26:11 | 000,043,318 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2013/08/22 10:35:03 | 000,000,065 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2013/11/11 13:13:27 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/28 05:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2013/08/22 10:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 06E2-8684
Directory of C:\
08/22/2013 09:45 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 09:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 09:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 09:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 09:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\SYSTEM.SAV\LOGS\SymLogs
01/29/2013 09:37 AM <SYMLINKD> cclog [C:\Users\Public\Symantec\SymSilent\cclog]
0 File(s) 0 bytes
Directory of C:\Users
08/22/2013 09:45 AM <SYMLINKD> All Users [C:\ProgramData]
08/22/2013 09:45 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 09:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 09:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 09:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 09:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Anna
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\Anna\AppData\Roaming]
10/24/2013 06:36 AM <JUNCTION> Cookies [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCookies]
10/24/2013 06:36 AM <JUNCTION> Local Settings [C:\Users\Anna\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> My Documents [C:\Users\Anna\Documents]
10/24/2013 06:36 AM <JUNCTION> NetHood [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/24/2013 06:36 AM <JUNCTION> PrintHood [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/24/2013 06:36 AM <JUNCTION> Recent [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Recent]
10/24/2013 06:36 AM <JUNCTION> SendTo [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\SendTo]
10/24/2013 06:36 AM <JUNCTION> Start Menu [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu]
10/24/2013 06:36 AM <JUNCTION> Templates [C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\Anna\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> History [C:\Users\Anna\AppData\Local\Microsoft\Windows\History]
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local\Microsoft\Windows
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache
10/24/2013 06:51 AM <JUNCTION> Content.IE5 [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Directory of C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache\Low
10/24/2013 08:03 AM <JUNCTION> Content.IE5 [C:\Users\Anna\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
0 File(s) 0 bytes
Directory of C:\Users\Anna\Documents
10/24/2013 06:36 AM <JUNCTION> My Music [C:\Users\Anna\Music]
10/24/2013 06:36 AM <JUNCTION> My Pictures [C:\Users\Anna\Pictures]
10/24/2013 06:36 AM <JUNCTION> My Videos [C:\Users\Anna\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013 09:45 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013 09:45 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
08/22/2013 09:45 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
08/22/2013 09:45 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013 09:45 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013 09:45 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013 09:45 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013 09:45 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013 09:45 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
08/22/2013 09:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
08/22/2013 09:45 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013 09:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013 09:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
08/22/2013 09:45 AM <JUNCTION> My Music [C:\Users\Default\Music]
08/22/2013 09:45 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
08/22/2013 09:45 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default.migrated\Documents
07/26/2012 02:22 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/26/2012 02:22 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/26/2012 02:22 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
10/24/2013 06:36 AM <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCookies]
10/24/2013 06:36 AM <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> My Documents [C:\Users\DefaultAppPool\Documents]
10/24/2013 06:36 AM <JUNCTION> NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/24/2013 06:36 AM <JUNCTION> PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/24/2013 06:36 AM <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
10/24/2013 06:36 AM <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
10/24/2013 06:36 AM <JUNCTION> Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
10/24/2013 06:36 AM <JUNCTION> Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local
10/24/2013 06:36 AM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]
10/24/2013 06:36 AM <JUNCTION> History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows
10/24/2013 06:36 AM <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\Documents
10/24/2013 06:36 AM <JUNCTION> My Music [C:\Users\DefaultAppPool\Music]
10/24/2013 06:36 AM <JUNCTION> My Pictures [C:\Users\DefaultAppPool\Pictures]
10/24/2013 06:36 AM <JUNCTION> My Videos [C:\Users\DefaultAppPool\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
08/22/2013 09:45 AM <JUNCTION> My Music [C:\Users\Public\Music]
08/22/2013 09:45 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
08/22/2013 09:45 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
10/24/2013 07:19 AM <JUNCTION> Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
10/24/2013 07:19 AM <JUNCTION> Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
75 Dir(s) 431,249,899,520 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/04/09 12:45:14 | 000,000,223 | -HS- | M] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/08/22 10:35:52 | 000,000,148 | -HS- | M] () -- C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013/11/13 22:16:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 199 bytes -> C:\Users\Anna\SkyDrive:ms-properties
< End of report >
OTL Extras logfile created on: 11/13/2013 10:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anna\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.47 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 57.29% Memory free
4.10 Gb Paging File | 1.82 Gb Available in Paging File | 44.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.00 Gb Total Space | 401.63 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.46 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
Drive G: | 232.83 Gb Total Space | 232.31 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
Computer Name: ANNAPERSONALPC | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5C5FB8-EF52-48DC-9BB7-989631B04986}" = lport=5357 | protocol=6 | dir=in | app=system |
"{13A7CE7D-4E11-419B-A064-43FD8AE3929C}" = rport=53 | protocol=6 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{13EF2457-F140-41DE-AB1C-7F3B6E269B2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{156FB420-81C0-4736-A799-68368787E66C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{19F58E2A-4AB1-4662-BAF9-2C733809BD08}" = rport=53 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{26F3DF8D-8B13-4A91-ACD9-C61C18205795}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37CC76B7-12FC-4149-BAC8-3726207FAFA4}" = rport=2 | protocol=6 | dir=in | name=[tw5yrosa0dqr7t][tcp][in] malware port block |
"{39A04B12-4352-4105-BCB9-345142037AD5}" = rport=547 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{3F7B60E2-AD2B-4B8B-9112-A85CA2C3BC8D}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{46EF4CA2-CE0D-48A1-AC13-5D8F098C56DF}" = rport=2 | protocol=17 | dir=in | name=[tw5yrosa0dqr7t][udp][in] malware port block |
"{4F5AE2F9-1AB9-4364-B981-1AE8F7ABD045}" = lport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{558965ED-D48A-4B58-864D-3E4F4A00BEE5}" = rport=5357 | protocol=6 | dir=out | app=system |
"{66096A95-4D1C-4451-93B7-0EC33EA41268}" = rport=547 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{6D31E3B2-D679-475A-8E3F-9946762471AD}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{6E039F13-7681-4A14-BAA7-73BD2E7C208C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7B9C33F5-0614-4727-B9EF-8CEFF176D223}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=c:\windows\system32\svchost.exe |
"{7CE1B31E-2E4E-46F7-9E29-C20A585F5AF3}" = rport=2 | protocol=17 | dir=out | name=[tw5yrosa0dqr7t][udp][out] malware port block |
"{8FF253C5-0B72-4720-BC13-21300D2C8BD6}" = rport=2 | protocol=6 | dir=out | name=[tw5yrosa0dqr7t][tcp][out] malware port block |
"{97D23637-6792-4BFA-B2EC-73B32A44DD33}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9DB3A9DC-25AF-4EC6-B14E-8B16724C2B62}" = rport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9E4B10EF-C95D-48FF-AFEA-4F576D437C4B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{AB7596E4-7E50-4CC1-95BE-CD2D2054D80B}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{B1071333-BA8A-4BB3-879E-1400DFF2DCFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CBDF1546-56B5-45C7-AED6-098E6FAEF566}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{CC966182-7E35-45F2-8803-EA85C721B7C3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{DD61F81E-55E0-439C-BE09-B5A375B1C5C0}" = rport=67 | protocol=17 | dir=out | svc=lmhosts | app=c:\windows\system32\svchost.exe |
"{EAB80BF9-9663-4FC0-B40C-5E6167A7151A}" = lport=2869 | protocol=6 | dir=in | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FC2FE091-3A2E-47E8-B789-ECF4AA149A4E}" = rport=123 | protocol=17 | dir=in | svc=w32time | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EE99C5-5E7D-4CBE-8BBF-D8EBFCABAD9E}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{0F644321-461C-4AA2-BD7F-AE51134DFC94}" = protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{1B8F2B01-C445-48A7-B5B1-889DC1524B08}" = protocol=58 | dir=out | name=[twuwvaxiayjmt8] icmpv6 (echo-req) out |
"{2466D0B8-AACE-49EE-8D33-AFE67BEFDA30}" = protocol=17 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{405684C3-96EB-455B-9B92-FBC65227322C}" = protocol=6 | dir=out | app=c:\program files\avast software\avast\avastsvc.exe |
"{4E7AEA3E-724A-4D75-9F87-46BAFE389F0D}" = protocol=6 | dir=out | svc=wuauserv | app=c:\windows\system32\svchost.exe |
"{4FE65608-9526-4856-869D-31FDEEF5AEC5}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{73A785EC-032D-4AD0-99F2-FB0A5BAF9A94}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{7883537C-7191-4E2E-BF28-3873D3FD12B9}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastsvc.exe |
"{9E6B12B1-FE0A-4115-BAE3-9C6B9F2D2109}" = protocol=17 | dir=out | app=c:\program files\avast software\avast\avastsvc.exe |
"{BAC5F128-8A35-4605-BBF4-D3D98698CCDC}" = protocol=58 | dir=in | name=[twuwvaxiayjmt8] icmpv6 (safe) |
"{C244A919-EB26-4424-B67F-BE651DFB086D}" = protocol=1 | dir=in | name=[twuwvaxiayjmt8] icmpv4 (safe) |
"{C56D1611-1DF5-4C1C-B5D5-2B752394893D}" = protocol=6 | dir=out | app=c:\program files (x86)\tinywall\tinywall.exe |
"{E5C207F7-70B0-4814-B700-EBDA4DF8E58A}" = protocol=1 | dir=out | name=[twuwvaxiayjmt8] icmpv4 (echo-req) out |
"{E7927273-55C7-47E0-9064-4EB52F6BD0EE}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastsvc.exe |
"{FD513131-0390-4041-8FED-073AF36C41D7}" = protocol=6 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.0 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170450}" = Java SE Development Kit 7 Update 45 (64-bit)
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8AB933A1-603C-5B22-3D56-19593698C41A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall
"nbi-nb-base-7.4.0.0.201310111528" = NetBeans IDE 7.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{E87F67CD-B72A-4B47-A01D-28CD16AC0711}" = TinyWall
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF27F674-821E-4BA2-985B-DDF539C2CD03}" = HP Support Assistant
"Avast" = avast! Free Antivirus
"EPSON Scanner" = EPSON Scan
"InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09159dff-d00f-4249-92a9-d21bd2c23087" = Final Drive Fury
"WTA-0d2bf4b2-f3c1-42d8-9f95-f7020595d4cb" = Polar Golfer
"WTA-0f0375fa-8d74-4b22-b473-c63035d20911" = Governor of Poker 2 Premium Edition
"WTA-181dd5df-03b6-41c5-ae6f-d012b549a3b0" = Cradle of Rome 2
"WTA-2804a01c-98a5-4ad8-8497-d1adee2eff1e" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-31ae23af-5326-489e-bf3c-71e96da21e00" = John Deere Drive Green
"WTA-452d24a6-2630-41f5-8cdc-de303a21881c" = Luxor Evolved
"WTA-4a1d1efa-3285-47d8-8275-8a83c8c55b76" = Bejeweled 3
"WTA-4f1c660e-f86b-4041-9227-11ec091bfd45" = Roads of Rome 3
"WTA-5ae6d930-a0f2-4389-a7f6-fb54482b2395" = Peggle Nights
"WTA-5d1a4dbf-f606-4e54-b4ff-e5faa6915274" = Polar Bowler
"WTA-66cc5333-1ab7-4389-98ae-7cdb8f39d844" = Vacation Quest™ - Australia
"WTA-6b654f1e-3e9b-48de-9abf-0b2d4cd33975" = Build-a-lot 4 - Power Source
"WTA-6bb4aa06-bca4-486a-90aa-8d5bdb52b613" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-6f2cf829-048b-4d88-b4b5-ec1b45d4ccc8" = Tales of Lagoona
"WTA-8dda22ea-ef5e-46a0-ad77-1070ec24d7e9" = FATE: The Cursed King
"WTA-a9c17bdd-c791-4cb9-916a-c87a71b1f6ce" = Jewel Match 3
"WTA-aec06a9a-8d3b-408f-bc24-88dc0850c924" = Zuma's Revenge
"WTA-b4af75bb-a1a7-4650-859a-68eccc00cefe" = Chuzzle Deluxe
"WTA-ba5a9411-aea3-41ab-a930-0b28e9ace639" = Penguins!
"WTA-c3bb4900-dd8f-4ea7-8c60-93780d379ee2" = Cradle Of Egypt Collector's Edition
"WTA-d364e5e4-411c-48bf-a277-0b7d036617e0" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-db59cb34-a79a-46fa-86d1-bc7c955aeb47" = FlatOut 2
"WTA-e073819f-a49a-4f9c-a964-413c642aada2" = 4 Elements II
"WTA-e9258e1f-d5bb-4b3e-920e-e5f2d90c8b52" = Farm Frenzy
"WTA-f8201723-e249-4292-8aff-a40e96796301" = Hoyle Card Games
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/13/2013 9:37:40 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C020
Error - 11/13/2013 9:37:40 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C020 Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
Error - 11/13/2013 9:41:16 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C020
Error - 11/13/2013 9:41:16 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C020 Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
Error - 11/13/2013 9:42:04 PM | Computer Name = AnnaPersonalPC | Source = Microsoft Office 15 | ID = 2011
Description =
Error - 11/13/2013 9:42:04 PM | Computer Name = AnnaPersonalPC | Source = Microsoft Office 15 | ID = 2011
Description =
Error - 11/13/2013 9:49:01 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0x80072EFD
Error - 11/13/2013 9:49:01 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EFD Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
Error - 11/13/2013 9:49:13 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C020
Error - 11/13/2013 9:49:13 PM | Computer Name = AnnaPersonalPC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C020 Sku Id=2b88c4f2-ea8f-43cd-805e-4d41346e18a7
[ System Events ]
Error - 11/11/2013 6:05:38 PM | Computer Name = AnnaPersonalPC | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.
Error - 11/11/2013 6:05:38 PM | Computer Name = AnnaPersonalPC | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.
Error - 11/11/2013 7:17:59 PM | Computer Name = AnnaPersonalPC | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x8009030d.
The internal error state is 10001.
Error - 11/11/2013 7:17:59 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/11/2013 7:17:59 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 11:31:40 AM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10016
Description =
Error - 11/12/2013 12:30:17 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 12:30:17 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 12:30:20 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
Error - 11/12/2013 12:30:20 PM | Computer Name = AnnaPersonalPC | Source = DCOM | ID = 10010
Description =
< End of report >
Any help would be much appreciated.
Thank you,
Angel of the Moon
Let's try something different. 
