WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Persistent SearchConduit, ReadingFanatic, and/or Adware infection [Sol

Started by Dean N , Jan 02 2014 09:07 PM

This topic is locked

79 replies to this topic

#1 Dean N

Authentic Member

Authentic Member
152 posts

Posted 02 January 2014 - 09:07 PM

Santa brought me a new laptop last week, and I promptly got it infected. I tried various software (Malwarebytes, Spybot, a few others) and I tried manually removing stuff, but the scumware is still hiding in there somewhere.... help!

OTL logfile created on: 1/2/2014 9:40:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dean\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 6.21 Gb Available Physical Memory | 78.83% Memory free
9.07 Gb Paging File | 7.42 Gb Available in Paging File | 81.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.53 Gb Total Space | 644.97 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: DEANSPC | User Name: Dean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dean\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (THAccelSvc) -- C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe (TOSHIBA CORPORATION)
SRV:64bit: - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\Teco\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (NAT) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe (Symantec Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (dts_apo_service) -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe ()
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NAT) -- C:\Windows\SysNative\Drivers\NATx64\010A000.009\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (THAccel) -- C:\Windows\SysNative\Drivers\THAccel.sys (TOSHIBA Corporation)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys (Symantec Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Thotkey) -- C:\Windows\SysNative\Drivers\Thotkey.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\Drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\Drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\Drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0403000.00E\ccSetx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140102.001\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140102.001\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140101.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131203.001\BHDrvx64.sys (Symantec Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}
IE:64bit: - HKLM\..\SearchScopes\{7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.tb.ask...or={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2014/01/02 21:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013/12/25 21:30:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95690AD-E721-40F7-BA8B-AC2EC40E6954}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/01/01 20:02:29 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/02 21:09:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/01 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\TuneUp Software
[2014/01/01 20:26:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/01 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\MFAData
[2014/01/01 20:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/01 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/01/01 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/01/01 19:48:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/31 21:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/31 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/31 20:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/31 20:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/29 19:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013/12/29 19:07:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\CrashDumps
[2013/12/29 12:02:50 | 000,000,000 | ---D | C] -- C:\Users\Dean\.android
[2013/12/29 12:02:49 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\cache
[2013/12/29 12:02:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\genienext
[2013/12/28 12:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
[2013/12/26 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Malwarebytes
[2013/12/26 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Skype
[2013/12/26 21:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/26 21:37:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/12/26 21:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/26 21:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/12/26 11:43:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/12/26 10:59:48 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/26 10:59:48 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/12/26 10:59:47 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/26 10:59:46 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/12/26 10:59:45 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/12/26 10:59:44 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/12/26 10:59:42 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/12/26 10:59:39 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll
[2013/12/26 10:59:36 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll
[2013/12/26 10:59:36 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll
[2013/12/26 10:59:29 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/12/26 10:59:27 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll
[2013/12/26 10:59:24 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2013/12/26 10:59:24 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/12/26 10:59:22 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2013/12/26 10:59:22 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013/12/26 10:59:22 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2013/12/26 10:59:22 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll
[2013/12/26 10:59:22 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/12/26 10:59:22 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/12/26 10:59:22 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2013/12/26 10:59:22 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll
[2013/12/26 10:59:21 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2013/12/26 10:59:21 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013/12/26 10:59:21 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll
[2013/12/26 10:59:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll
[2013/12/26 10:59:16 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/12/26 10:59:14 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013/12/26 10:59:13 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2013/12/26 10:59:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/12/26 10:59:13 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2013/12/26 10:59:13 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2013/12/26 10:59:13 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2013/12/26 10:59:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2013/12/26 10:59:13 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll
[2013/12/26 10:59:12 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll
[2013/12/26 10:59:12 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll
[2013/12/26 10:59:12 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll
[2013/12/26 10:59:11 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2013/12/26 10:59:02 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/12/26 10:59:00 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll
[2013/12/26 10:59:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013/12/26 10:58:59 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll
[2013/12/26 10:58:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll
[2013/12/26 10:58:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2013/12/26 10:58:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/12/26 10:58:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll
[2013/12/26 10:58:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll
[2013/12/26 10:58:26 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dskquota.dll
[2013/12/26 10:58:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dskquota.dll
[2013/12/26 10:58:13 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hal.dll
[2013/12/26 10:58:10 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetsrc.dll
[2013/12/26 10:58:10 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll
[2013/12/26 10:58:09 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetcore.dll
[2013/12/26 10:58:09 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmpeg2srcsnk.dll
[2013/12/26 10:58:09 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2013/12/26 10:58:09 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll
[2013/12/26 10:57:48 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2013/12/26 10:57:47 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll
[2013/12/26 10:57:47 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BCP47Langs.dll
[2013/12/26 10:57:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BCP47Langs.dll
[2013/12/26 10:57:41 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysWow64\rars.rs
[2013/12/26 10:57:41 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysNative\rars.rs
[2013/12/26 10:57:39 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll
[2013/12/26 10:57:39 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\stobject.dll
[2013/12/26 10:57:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netplwiz.dll
[2013/12/26 10:57:38 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Magnify.exe
[2013/12/26 10:57:37 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll
[2013/12/26 10:57:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psmsrv.dll
[2013/12/26 10:57:35 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netplwiz.dll
[2013/12/26 10:57:35 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/12/26 10:57:32 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll
[2013/12/26 10:57:32 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl
[2013/12/26 10:57:32 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AuthHost.exe
[2013/12/26 10:57:31 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Magnify.exe
[2013/12/26 10:57:31 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2013/12/26 10:57:31 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\biwinrt.dll
[2013/12/26 10:57:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\biwinrt.dll
[2013/12/26 10:57:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl
[2013/12/26 10:57:17 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bisrv.dll
[2013/12/26 10:57:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe
[2013/12/26 10:57:13 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2013/12/26 10:57:08 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\muifontsetup.dll
[2013/12/26 10:57:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\muifontsetup.dll
[2013/12/26 10:56:56 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\autochk.exe
[2013/12/26 10:56:56 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\untfs.dll
[2013/12/26 10:56:56 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\untfs.dll
[2013/12/26 10:56:55 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\autochk.exe
[2013/12/26 10:56:54 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/12/26 10:56:31 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/12/26 10:56:27 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/12/26 10:56:21 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll
[2013/12/26 10:56:21 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2013/12/26 10:56:20 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/12/26 10:56:20 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Globalization.dll
[2013/12/26 10:56:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/12/26 10:56:20 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcfgx.dll
[2013/12/26 10:56:19 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013/12/26 10:56:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll
[2013/12/26 10:56:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll
[2013/12/26 10:56:18 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2013/12/26 10:56:18 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2013/12/26 10:56:18 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll
[2013/12/26 10:56:18 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/12/26 10:56:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcfgx.dll
[2013/12/26 10:56:18 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll
[2013/12/26 10:55:56 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll
[2013/12/26 10:55:55 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\discan.dll
[2013/12/26 10:55:54 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powercfg.cpl
[2013/12/26 10:55:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\powercfg.cpl
[2013/12/26 10:55:54 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NdisImPlatform.dll
[2013/12/26 10:55:54 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storahci.sys
[2013/12/26 10:55:54 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDPrintProxy.DLL
[2013/12/26 10:55:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll
[2013/12/26 10:55:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll
[2013/12/26 10:55:42 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/12/26 10:55:32 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2013/12/26 10:55:31 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/12/26 10:55:31 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/12/26 10:55:31 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2013/12/26 10:55:31 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/12/26 10:55:31 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/12/26 10:55:30 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013/12/26 10:55:29 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2013/12/26 10:55:29 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2013/12/26 10:55:29 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/12/26 10:55:29 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/12/26 10:55:29 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/12/26 10:55:29 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/12/26 10:55:29 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/12/26 10:55:28 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscms.dll
[2013/12/26 10:55:28 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/12/26 10:55:28 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DeviceSetupManager.dll
[2013/12/26 10:55:28 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/12/26 10:55:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samlib.dll
[2013/12/26 10:55:28 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MbaeParserTask.exe
[2013/12/26 10:55:27 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/12/26 10:54:46 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2013/12/26 10:54:45 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/12/26 10:54:45 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/12/26 10:54:26 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013/12/26 10:54:26 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013/12/26 10:54:24 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/12/26 10:54:10 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/12/26 10:54:09 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/12/26 10:53:58 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013/12/26 10:53:58 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013/12/26 10:53:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL
[2013/12/26 10:53:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL
[2013/12/26 10:53:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/26 10:53:42 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/12/26 10:53:42 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/12/26 10:53:42 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/12/26 10:53:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/12/26 10:53:09 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2013/12/26 10:53:03 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/12/26 10:53:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013/12/26 10:53:02 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013/12/26 10:53:02 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013/12/26 10:53:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/12/26 10:53:02 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013/12/26 10:53:01 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncInfo.dll
[2013/12/26 10:53:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncInfo.dll
[2013/12/26 10:52:57 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wdc.dll
[2013/12/26 10:52:57 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wdc.dll
[2013/12/26 10:52:57 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wvc.dll
[2013/12/26 10:52:57 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysmon.ocx
[2013/12/26 10:52:57 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wvc.dll
[2013/12/26 10:52:57 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sysmon.ocx
[2013/12/26 10:52:56 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/12/26 10:52:56 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/12/26 10:52:56 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/12/26 10:52:41 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013/12/26 10:52:26 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013/12/26 10:52:21 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAutomationCore.dll
[2013/12/26 10:52:19 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAutomationCore.dll
[2013/12/26 10:52:19 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2013/12/26 10:52:19 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll
[2013/12/26 10:52:18 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tpm.sys
[2013/12/26 10:52:18 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys
[2013/12/26 10:52:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/12/26 10:52:18 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/12/26 10:52:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2013/12/26 10:52:12 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/12/26 10:52:12 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/12/26 10:51:45 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NotificationUI.exe
[2013/12/26 10:51:44 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSService.dll
[2013/12/26 10:51:43 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppobjs.dll
[2013/12/26 10:51:42 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2013/12/26 10:51:42 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2013/12/26 10:51:42 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/12/26 10:51:42 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSClient.dll
[2013/12/26 10:51:42 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/12/26 10:51:42 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSSync.dll
[2013/12/26 10:51:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSClient.dll
[2013/12/26 10:51:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSSync.dll
[2013/12/26 10:51:42 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/12/26 10:51:42 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppc.dll
[2013/12/26 10:51:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2013/12/26 10:51:42 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sppc.dll
[2013/12/26 10:51:42 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys
[2013/12/26 10:51:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/26 10:51:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/26 10:51:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupcln.dll
[2013/12/26 10:51:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setupcln.dll
[2013/12/26 10:51:36 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/12/26 10:51:36 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/12/26 10:51:36 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/12/26 10:51:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/12/26 10:51:36 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/12/26 10:51:14 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/26 10:51:09 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/12/26 10:51:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/26 10:51:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/26 10:50:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/26 10:50:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/26 10:50:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/26 10:50:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/26 10:50:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013/12/26 10:50:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/26 10:50:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013/12/26 10:50:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/26 10:50:51 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/12/26 10:50:37 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msftedit.dll
[2013/12/26 10:50:37 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msftedit.dll
[2013/12/26 10:50:37 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013/12/26 10:50:36 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2013/12/26 10:50:35 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WerFault.exe
[2013/12/26 10:50:35 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanconn.dll
[2013/12/26 10:50:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/12/26 10:50:35 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WerFault.exe
[2013/12/26 10:50:35 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/12/26 10:50:35 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/12/26 10:50:35 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmsvc.dll
[2013/12/26 10:50:35 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSCard.dll
[2013/12/26 10:50:35 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/12/26 10:50:35 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmmbase.dll
[2013/12/26 10:50:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmmbase.dll
[2013/12/26 10:50:35 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/12/26 10:50:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmm.dll
[2013/12/26 10:50:34 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/12/26 10:50:34 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanmm.dll
[2013/12/26 10:50:34 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wwanadvui.dll
[2013/12/26 10:50:34 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/12/26 10:50:34 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpioclx.sys
[2013/12/26 10:50:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\openfiles.exe
[2013/12/26 10:50:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmcsp.dll
[2013/12/26 10:50:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\openfiles.exe
[2013/12/26 10:50:33 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/12/26 10:50:33 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\LocationApi.dll
[2013/12/26 10:50:33 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LocationApi.dll
[2013/12/26 10:49:43 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/12/26 10:49:43 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2013/12/26 10:49:43 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/12/26 10:49:43 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resutils.dll
[2013/12/26 10:49:43 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2013/12/26 10:49:43 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\clusapi.dll
[2013/12/26 10:49:42 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2013/12/26 10:49:42 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\resutils.dll
[2013/12/26 10:49:42 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2013/12/26 10:49:41 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\clusapi.dll
[2013/12/26 10:49:40 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys
[2013/12/26 10:49:40 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/12/26 10:49:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/12/26 10:49:40 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2013/12/26 10:49:40 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/12/26 10:49:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2013/12/26 10:49:40 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/12/26 10:49:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/12/26 10:49:40 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2013/12/26 10:49:23 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wfplwfs.sys
[2013/12/26 10:48:37 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/12/26 10:48:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgentc.exe
[2013/12/26 10:48:30 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgentc.exe
[2013/12/26 10:47:56 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll
[2013/12/26 10:47:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2013/12/26 10:47:41 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/12/26 10:47:41 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/12/26 10:44:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/12/26 10:44:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/12/26 10:43:00 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/12/26 10:41:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/12/26 10:41:10 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepapi.dll
[2013/12/26 10:41:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepsync.dll
[2013/12/26 10:41:09 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepapi.dll
[2013/12/26 10:41:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepsync.dll
[2013/12/26 10:40:56 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/12/26 10:40:09 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/26 10:39:58 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrobj.dll
[2013/12/26 10:39:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/26 10:39:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrobj.dll
[2013/12/26 10:39:58 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/26 10:39:58 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/26 10:39:58 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/26 10:39:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/26 10:39:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/12/26 10:39:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/12/26 10:39:38 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/12/26 10:39:38 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/12/26 10:39:37 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/26 10:39:37 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/26 10:39:36 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/26 10:39:36 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/26 10:39:03 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/12/26 10:39:02 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/12/26 10:39:02 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/12/26 10:39:02 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2013/12/26 10:39:01 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/12/26 10:39:01 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2013/12/26 10:39:00 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/12/26 10:39:00 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/12/26 09:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/12/25 23:59:33 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Diagnostics
[2013/12/25 21:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/25 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Programs
[2013/12/25 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Adobe
[2013/12/25 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Apple Computer
[2013/12/25 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Apple Computer
[2013/12/25 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/25 15:35:20 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013/12/25 15:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/12/25 15:34:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Apple
[2013/12/25 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/12/25 15:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/25 15:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/25 15:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/25 11:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Book Place
[2013/12/25 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\Documents\Book Place
[2013/12/25 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Book Place
[2013/12/25 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Macromedia
[2013/12/25 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Toshiba
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\Searches
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\Contacts
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/25 10:26:41 | 000,000,000 | -H-D | C] -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/25 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Adobe
[2013/12/25 10:26:29 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\WinBatch
[2013/12/25 10:24:52 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\VirtualStore
[2013/12/25 10:24:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/12/25 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Packages
[2013/12/25 10:23:57 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Temporary Internet Files
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Templates
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Start Menu
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\SendTo
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Recent
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\PrintHood
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\NetHood
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Videos
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Pictures
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Music
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\My Documents
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Local Settings
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\History
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Cookies
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Application Data
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Application Data
[2013/12/25 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Temp
[2013/12/25 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Microsoft
[2013/12/25 10:23:46 | 000,000,000 | --SD | C] -- C:\Users\Dean\AppData\Roaming\Microsoft
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Videos
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Saved Games
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Pictures
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Music
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Links
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Favorites
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Downloads
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Documents
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Desktop
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/12/25 10:23:46 | 000,000,000 | -H-D | C] -- C:\Users\Dean\AppData
[2013/12/25 10:23:46 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/02 21:21:05 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/02 21:21:05 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/02 21:21:05 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/02 21:17:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/02 21:15:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/02 21:15:50 | 2475,704,319 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 20:02:29 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/12/31 21:25:37 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2013/12/31 21:24:58 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/28 12:40:26 | 002,557,862 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/12/26 23:00:36 | 000,282,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/26 22:44:24 | 000,053,686 | ---- | M] () -- C:\Users\Dean\Documents\cc_20131226_224412.reg
[2013/12/26 21:37:07 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/26 00:04:18 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/12/25 21:29:18 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/12/25 21:29:18 | 000,007,631 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/12/25 21:29:18 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/12/25 15:35:26 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 10:58:27 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/12/25 10:31:25 | 000,001,435 | ---- | M] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/19 13:55:20 | 000,023,702 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20131219.024
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/01 20:02:29 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/12/31 21:25:34 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2013/12/31 21:24:57 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/26 23:00:25 | 000,282,472 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/26 22:44:20 | 000,053,686 | ---- | C] () -- C:\Users\Dean\Documents\cc_20131226_224412.reg
[2013/12/26 21:37:06 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/26 10:51:41 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/12/26 10:49:41 | 000,385,528 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/12/26 00:04:18 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/12/25 15:35:26 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 15:34:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/25 10:58:27 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/12/25 10:31:25 | 000,001,435 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/25 10:26:35 | 000,001,441 | ---- | C] () -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/25 10:23:47 | 000,000,352 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/25 10:23:47 | 000,000,334 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/25 09:10:11 | 2475,704,319 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/20 00:25:59 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/02/22 16:49:46 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/02/22 16:43:09 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013/02/22 16:43:08 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/12/10 16:12:50 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/12/26 21:36:21 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/25 11:16:26 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Book Place
[2014/01/01 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\TuneUp Software
[2013/12/25 10:26:29 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.0.LOCALSETTINGUNIT >
[2013/12/31 22:42:02 | 000,000,359 | -HS- | M] () MD5=B08612E21E7511AEA948FA32DE2FBE32 -- C:\Users\Dean\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-explorer\Explorer.0.localsettingunit

< MD5 for: EXPLORER.ADML >
[2012/07/26 02:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/26 02:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/26 02:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16726_en-us_7c0d0eaaf3e727f8\Explorer.adml
[2012/07/26 02:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012/07/26 02:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20837_en-us_7c8cdbd40d0bfd0a\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2012/06/02 09:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/06/02 09:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/06/02 09:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/06/02 09:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/06/02 09:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2012/10/11 00:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/06/01 06:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 06:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/06/01 05:17:57 | 002,116,520 | ---- | M] (Microsoft Corporation) MD5=15C505AD0118275E7363A539009EF3AF -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2014/01/02 20:25:26 | 000,220,321 | ---- | M] () MD5=1B95C81FD784B673659571D561DBE572 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2014/01/02 20:25:29 | 000,217,360 | ---- | M] () MD5=1CD1288E24BCD122B5F3ACAE291A81EE -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2012/07/25 22:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2014/01/02 20:25:21 | 000,221,955 | ---- | M] () MD5=8BD0280C0B12913254FF57480057FEE3 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012/10/11 00:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2014/01/02 20:25:23 | 000,220,310 | ---- | M] () MD5=D4F751F4E76CDC34FEF77213B5E743AC -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/06/01 05:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 05:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2012/07/26 02:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\en-US\explorer.exe.mui
[2012/07/26 02:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/26 02:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/26 02:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui

< MD5 for: EXPLORER.EXE-03C49D11.PF >
[2013/12/31 21:52:07 | 000,289,062 | ---- | M] () MD5=F18CA4F659114BB075B8F7523646F15F -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf

< MD5 for: IEXPLORE.EXE >
[2012/10/11 01:34:54 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=06E77B5F6BB60E11A377B68BA4AA1DA7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2013/02/21 06:11:26 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=0A1FC149D1F01AEE5D66D42953CDD751 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_2b57ad3f3a4a8d28\iexplore.exe
[2012/10/11 02:33:47 | 000,775,168 | ---- | M] (Microsoft Corporation) MD5=0A5074651C95792D32BCF536D64D0463 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2012/07/25 22:36:56 | 000,770,504 | ---- | M] (Microsoft Corporation) MD5=1249974F2A658D07E2647DD9C3592B9E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2012/10/11 02:24:22 | 000,775,168 | ---- | M] (Microsoft Corporation) MD5=13F97D5006C3E37D0A4AABC767C0E553 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2012/07/25 23:58:31 | 000,775,112 | ---- | M] (Microsoft Corporation) MD5=29CD24D8CA72FDB986B39277E70A48B6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2012/10/23 22:14:41 | 000,770,528 | ---- | M] (Microsoft Corporation) MD5=39F90724C1A98648CCCDDF13631F2D4A -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2013/02/05 00:23:09 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=4B20825770C794AF430529FCD962FDF5 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20624_none_2b6907973a3e3ccd\iexplore.exe
[2013/02/04 17:49:56 | 000,775,136 | ---- | M] (Microsoft Corporation) MD5=50BB41EF1CBC08E10CAB2993EEA15586 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16519_none_37eb619aec2f65fa\iexplore.exe
[2013/02/21 07:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/21 07:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_37da8ff2ec3b1c8f\iexplore.exe
[2012/10/23 22:20:45 | 000,770,528 | ---- | M] (Microsoft Corporation) MD5=79FF6755B94FF918441D8F8162E5AC9C -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
[2012/10/23 23:43:41 | 000,775,136 | ---- | M] (Microsoft Corporation) MD5=8E1B68702CDB0DDC6597357766E941D9 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2013/02/05 01:45:26 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=97808A1A701DC42B07725F8C3D3BDF8D -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20624_none_21145d4505dd7ad2\iexplore.exe
[2012/10/11 00:41:41 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=BCF25D644DF1288CD9A6524FF7AB23C8 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2013/02/05 00:23:07 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=DEAE808A574CF9FC667D6939387FC1CE -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16519_none_42400bed209027f5\iexplore.exe
[2013/02/21 06:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/21 06:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_422f3a45209bde8a\iexplore.exe
[2013/02/21 08:13:16 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=E61732C1203A6BCA2FFB91022CA48AC6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_210302ed05e9cb2d\iexplore.exe
[2012/10/24 01:08:39 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=F78F14096EB41341C4D880CEA6D681A2 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe

< MD5 for: IEXPLORE.EXE.LOG >
[2013/12/26 22:15:35 | 000,000,940 | ---- | M] () MD5=88E688033345772670C446FD0D62F075 -- C:\Users\Dean\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\IEXPLORE.EXE.log

< MD5 for: IEXPLORE.EXE.MUI >
[2012/07/26 02:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 02:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 02:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/26 02:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-6C28DB75.PF >
[2013/12/29 15:37:26 | 000,123,010 | ---- | M] () MD5=609747EF35BAB50BB7FE098D810933EF -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB75.pf

< MD5 for: IEXPLORE.EXE-6C28DB76.PF >
[2013/12/29 15:37:17 | 000,186,522 | ---- | M] () MD5=903531E90BE728231F975DB8BADE5AC0 -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB76.pf

< MD5 for: IEXPLORE.EXE-7A9337F2.PF >
[2014/01/02 21:40:16 | 000,098,452 | ---- | M] () MD5=C81D1275124A9F9551D5F732A3306234 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf

< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF >
[2014/01/02 21:40:09 | 000,304,762 | ---- | M] () MD5=A92F3464FC7650E0BAE011858C0A04CC -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf

< MD5 for: SERVICES >
[2012/07/26 00:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services

< MD5 for: SERVICES.ASFX >
[2012/09/23 22:44:02 | 000,002,648 | ---- | M] () MD5=0865ABFC40AE2C730EF33F0E29C2C780 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/09/23 22:43:52 | 000,002,588 | ---- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/09/23 22:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/09/23 22:43:54 | 000,002,619 | ---- | M] () MD5=2468CEF75419234DCA72F892392DFB6C -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/09/23 22:43:50 | 000,002,525 | ---- | M] () MD5=34EB1E120DAE2C8346BA3747D562355B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/09/23 22:43:44 | 000,002,851 | ---- | M] () MD5=364469E5C8724EB95F2E142438C8CECF -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/09/23 22:43:48 | 000,002,556 | ---- | M] () MD5=3BE849A0D8DEEF6E14BEC19D565A965D -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\sv_SE\Services\Services.asfx
[2012/09/23 22:43:50 | 000,002,577 | ---- | M] () MD5=4160D76537EB300F681419BEA7589192 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/09/23 22:43:58 | 000,002,601 | ---- | M] () MD5=4E7A75C5564D7E08200E3B7F656BF227 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/09/23 22:43:56 | 000,002,760 | ---- | M] () MD5=69BCCC8BA799AD320C723B14DAE327EB -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/09/23 22:44:02 | 000,003,264 | ---- | M] () MD5=6A3669AC3D692776A76DB4C513B73718 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/09/23 22:44:06 | 000,002,497 | ---- | M] () MD5=6ECF361623A3B738642C61790DF3BF73 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/09/23 22:43:46 | 000,002,533 | ---- | M] () MD5=72E505C96C0A40BE1DFD0F5FB982F527 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/09/23 22:43:58 | 000,003,374 | ---- | M] () MD5=7DE29C93BAEEB470EE77CF5C1B1C03A1 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ru_RU\Services\Services.asfx
[2012/09/23 22:43:52 | 000,002,653 | ---- | M] () MD5=881E2DDB014FD5D09B84AA45F2E86077 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/09/23 22:43:48 | 000,002,628 | ---- | M] () MD5=8A84C89E1D2A0916D4464D5AD46FB8AC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/09/23 22:44:02 | 000,002,539 | ---- | M] () MD5=8DEA878E25C893461D45C8974160B559 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/09/23 22:43:42 | 000,002,616 | ---- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/09/23 22:44:00 | 000,002,516 | ---- | M] () MD5=9B850C525959D9F53CD576DEF11F6ED4 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/09/23 22:44:04 | 000,002,640 | ---- | M] () MD5=A86B5BD2B198C0870542D6478C3CC6BC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/09/23 22:43:50 | 000,002,493 | ---- | M] () MD5=A8C9725DBFAA9DB585F9691060B1FFA3 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/09/23 22:43:54 | 000,002,488 | ---- | M] () MD5=B1468F053A250799FCE421BEC8AA9A57 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/09/23 22:43:54 | 000,002,457 | ---- | M] () MD5=BE0958E015FED942FAD670540F2BCEC1 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/09/23 22:44:04 | 000,002,543 | ---- | M] () MD5=C2EDC3B5BB19B6F41226433A889EFE48 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/09/23 22:43:56 | 000,002,543 | ---- | M] () MD5=C66A95C06294259E63522BBB0E8B3ED8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/09/23 22:43:46 | 000,002,546 | ---- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012/09/23 22:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2012/09/20 01:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/07/26 00:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012/09/20 01:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\windows\SysNative\services.exe
[2012/09/20 01:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2012/07/26 02:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\windows\SysNative\en-US\services.exe.mui
[2012/07/26 02:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui

< MD5 for: SERVICES.JS >
[2013/12/26 11:03:17 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 11:02:46 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 11:03:09 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 11:02:18 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 11:03:55 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 14:47:46 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 14:43:08 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 01:23:16 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 16:54:24 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 14:43:26 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\common\js\services.js

< MD5 for: SERVICES.LNK >
[2012/07/25 15:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk

< MD5 for: SERVICES.MOF >
[2012/06/02 09:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2012/06/02 09:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof

< MD5 for: SERVICES.MSC >
[2012/07/26 02:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\windows\SysNative\en-US\services.msc
[2012/06/02 09:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\windows\SysNative\services.msc
[2012/07/26 02:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/02 09:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/26 02:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/02 09:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 09:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 02:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc

< MD5 for: SERVICES.PTXML >
[2012/07/25 15:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/25 15:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2012/07/26 02:50:44 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2012/06/02 09:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2012/09/20 01:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/09/20 01:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/25 22:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012/10/11 00:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\windows\SysNative\winlogon.exe
[2012/10/11 00:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012/10/11 00:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2012/07/26 02:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\windows\SysNative\en-US\winlogon.exe.mui
[2012/07/26 02:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2012/07/26 02:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\windows\SysNative\wbem\en-US\winlogon.mfl
[2012/07/26 02:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2012/07/25 15:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\windows\SysNative\wbem\winlogon.mof
[2012/07/25 15:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2014/01/01 20:02:29 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/07/25 22:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/02 09:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2014/01/02 21:15:50 | 2475,704,319 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/02 21:15:50 | 1275,068,416 | -HS- | M] () -- C:\pagefile.sys
[2014/01/02 21:15:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

< %systemroot%\Fonts\*.com >
[2012/12/21 12:33:28 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2012/12/21 12:33:28 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2012/12/21 12:33:28 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2012/12/21 12:33:28 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012/07/26 03:11:41 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2012/07/26 03:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is TI10664600G
Volume Serial Number is 0E19-9C92
Directory of C:\
07/26/2012 02:22 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
07/26/2012 02:22 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/26/2012 02:22 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/26/2012 02:22 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/26/2012 02:22 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 02:22 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
07/26/2012 02:22 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/26/2012 02:22 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
07/26/2012 02:22 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/26/2012 02:22 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/26/2012 02:22 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/26/2012 02:22 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 02:22 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Dean
12/25/2013 10:23 AM    <JUNCTION>     Application Data [C:\Users\Dean\AppData\Roaming]
12/25/2013 10:23 AM    <JUNCTION>     Cookies [C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies]
12/25/2013 10:23 AM    <JUNCTION>     Local Settings [C:\Users\Dean\AppData\Local]
12/25/2013 10:23 AM    <JUNCTION>     My Documents [C:\Users\Dean\Documents]
12/25/2013 10:23 AM    <JUNCTION>     NetHood [C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/25/2013 10:23 AM    <JUNCTION>     PrintHood [C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/25/2013 10:23 AM    <JUNCTION>     Recent [C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Recent]
12/25/2013 10:23 AM    <JUNCTION>     SendTo [C:\Users\Dean\AppData\Roaming\Microsoft\Windows\SendTo]
12/25/2013 10:23 AM    <JUNCTION>     Start Menu [C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu]
12/25/2013 10:23 AM    <JUNCTION>     Templates [C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Dean\AppData\Local
12/25/2013 10:23 AM    <JUNCTION>     Application Data [C:\Users\Dean\AppData\Local]
12/25/2013 10:23 AM    <JUNCTION>     History [C:\Users\Dean\AppData\Local\Microsoft\Windows\History]
12/25/2013 10:23 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Dean\Documents
12/25/2013 10:23 AM    <JUNCTION>     My Music [C:\Users\Dean\Music]
12/25/2013 10:23 AM    <JUNCTION>     My Pictures [C:\Users\Dean\Pictures]
12/25/2013 10:23 AM    <JUNCTION>     My Videos [C:\Users\Dean\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Default
07/26/2012 02:22 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/26/2012 02:22 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/26/2012 02:22 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/26/2012 02:22 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/26/2012 02:22 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/26/2012 02:22 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/26/2012 02:22 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/26/2012 02:22 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/26/2012 02:22 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/26/2012 02:22 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
07/26/2012 02:22 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/26/2012 02:22 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/26/2012 02:22 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
07/26/2012 02:22 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/26/2012 02:22 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/26/2012 02:22 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
07/26/2012 02:22 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/26/2012 02:22 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/26/2012 02:22 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              48 Dir(s) 692,533,739,520 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/12/25 10:31:25 | 000,000,223 | -HS- | M] () -- C:\Users\Dean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 1/2/2014 9:40:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dean\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 6.21 Gb Available Physical Memory | 78.83% Memory free
9.07 Gb Paging File | 7.42 Gb Available in Paging File | 81.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.53 Gb Total Space | 644.97 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: DEANSPC | User Name: Dean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2EE87C-F1B5-48C7-82CB-704DB6DEE3F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{132D682D-5688-42B2-B4A0-04E24C3D9748}" = rport=138 | protocol=17 | dir=out | app=system |
"{157C2C21-58AA-48C3-8358-C0EC0983CDA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{2337CD5D-DA95-413D-B42E-3AAD0C27BB8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{281AE15C-800E-469D-B51D-7ED48E2E926F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{284758DF-12BC-43DE-84B9-9833725E0DA0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{321A6294-CB6F-46BD-B423-2533362EFB7F}" = lport=139 | protocol=6 | dir=in | app=system |
"{3DE301AF-CCC7-4FD6-902F-E6A9D47BE359}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{671C7272-771C-43AB-8F2F-EC70BDBA6F59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F5F82BD-E8CD-4BEF-A64D-E95143A6EC5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7113BB4E-F9D7-4442-8BCC-1F8217654462}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{784BE824-EA30-4930-83C4-336793AD26CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F4686DB-0E9A-44C6-82AB-6424268432C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC5CA3D5-8682-472F-AB6A-61E851146066}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2F73F5B-D626-4877-904F-575BE14BC677}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7439AC5-39C3-4240-9D5D-3199A1355396}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CCE821B7-31DE-452C-9733-C59D16AE6F3B}" = lport=137 | protocol=17 | dir=in | app=system |
"{D43705F6-6B1A-4434-8DD9-CBF0F59441A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D85BCF0E-9370-48B4-A399-8E2A421ADA7A}" = lport=138 | protocol=17 | dir=in | app=system |
"{E20EE57E-60A9-4B04-A863-BA73230DC566}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD78E725-8404-4D89-813E-77A64FF1408F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F016C9-FE84-438C-AB47-BE81929FB0EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{013959AD-0CF6-489D-BCAF-3FC35CAC8547}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C1FC60-21E6-4744-A203-22BBA9EC8A4A}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{02378BF8-C048-49E1-87E8-4227ABE405BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{093A8A42-F564-4A93-9D2A-57AAA0274057}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D9542CC-281B-42E7-9502-861A4E8BBF2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F53F25D-E0D4-49EE-A49D-1275E86B5EB8}" = dir=out | name=stumbleupon |
"{0F590B45-6201-43C4-B44B-B84CEC4C16C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{11F1892D-BB0C-4925-8750-41025071D78C}" = dir=out | name=toshiba central |
"{12E7FD8D-B43E-4877-943A-F16BA3D4F572}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{15FFFD46-0318-4FED-B333-83B2F9B84BEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20EE6FBB-7C37-41E4-B12B-95066275AD23}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{23854D41-2E98-457E-BD16-20C1EE67E2CA}" = protocol=6 | dir=out | app=system |
"{2614AB2B-8A4D-4B34-B0C7-711913AEFB93}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{27D6BB61-B789-494F-8C8D-9DEE4E838C0F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{321ECBDB-7B33-4E74-8B61-BDD3EA3A770B}" = dir=out | name=hulu plus |
"{3380EFAB-728C-4ECD-8791-56D1F3CFCC64}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{339D8465-D50F-409D-9CE8-AE5149F0126A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{34902674-2159-48C6-8D8B-E091E87B988E}" = dir=out | name=book place |
"{34E650E2-6157-414B-9D66-CBABF9656B81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36E5DD39-D991-4887-AC78-61EB2F767555}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3861A849-1FCE-4825-A8B1-A346B27DA137}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3ABCB86A-B195-42F1-B063-7B681A9F6361}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{3FDD33FB-4EE8-435D-854F-1F484932D66B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4306FA17-090F-4CDA-951C-2E2755F16ECC}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{44E2D834-1533-45E1-AEB1-9CC6F196B625}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{44E4B58B-CF04-494A-B05C-13527FBD7493}" = dir=in | name=ebay |
"{46EFD1C9-F21D-4ADD-8E0B-DC9BCCD89C57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55CFE5D8-169F-4957-865B-FA691331269B}" = dir=out | name=- games app - |
"{56118A82-5FA2-461B-9F9D-8F98B7546CB1}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{5632F79A-EB6D-4110-8B63-43B942C727A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D6376FA-E615-465A-A611-B6527FE75030}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7527FA66-2590-44F7-AE11-D7F1A33A6AF4}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{779D7161-4208-4573-BCDE-0BA3FAA1D040}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{785D9D70-400B-4557-B242-F705C06A0A0C}" = protocol=58 | dir=in | app=system |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84BA362F-4341-4BA4-A818-0C4CE8345E1C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96E583CF-A239-42B1-8528-7A46E7D60277}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{971448FF-B7DC-44C0-9474-47B2AE9917B6}" = dir=out | name=iheartradio |
"{990E3B4F-355E-4142-8FCF-71A7F5B218C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A0E3849-4FF7-4B2E-BA16-7EE53467A8DA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9AF0FDEF-37B8-4DF1-9196-7495318676BD}" = dir=out | name=news place |
"{9B136DC6-77B2-4CB5-B6E5-26E169FDC65D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9C443074-86C5-40A8-9D74-EEBF4C8C873E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{9F232B80-68D6-4A01-984D-202822CD94F1}" = dir=out | name=evernote |
"{B66E9C3B-63EE-48FF-89C2-523255A7BAE1}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{BA769731-2B05-4062-98B8-A0C617D1D647}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{BF3C86A6-B2E8-4BFF-BCD6-F8942230BB7C}" = dir=out | name=norton studio |
"{C685C772-8CED-477C-8228-98A65BAF6F19}" = dir=out | name=ebay |
"{CE52D3FA-8A3D-4FB4-A8CF-1C80F0917646}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D04D7225-4DAA-492F-AC28-2ED39EF579C4}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D44B7DCD-9A4D-47E5-80E0-0BC7F9013CE8}" = dir=out | name=windows_ie_ac_001 |
"{D64C6D0F-D50A-4DBC-AEF0-F982832555B4}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D7014D65-FAC8-4265-9861-4A9C6D4FF56F}" = dir=out | name=toshiba media player by smedio truelink+ |
"{D79C01DD-D67B-4D50-BF02-DCC3126DF813}" = dir=in | name=evernote |
"{DC44B58F-E7AE-4AB0-9C36-B73354ADAD9E}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{DE12BD40-A225-406B-AC5D-EE9109820895}" = dir=out | name=vimeo |
"{E079080C-BEDE-4E98-981E-D38152F20E8F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{E3533BC5-D814-4F96-906A-01BFAE06F2CE}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{E609E150-232F-4907-8594-FA191AB41536}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EAD9465E-DAEC-416F-A8EF-48326CE162FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED688106-D247-40A7-AD9D-13BA61465C07}" = dir=out | name=amazon |
"{F06C5C5F-AFDF-47B4-9E3F-73CD90CC1E66}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F49F6413-5901-4B05-AC2B-5AF6564A0EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{F4B34F77-52C4-4A88-900B-A9DD02C17C35}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F6380F2A-532A-42AF-B6A4-63D345C3ED75}" = dir=in | name=toshiba media player by smedio truelink+ |
"{F6EA592E-AADC-4A66-BC17-65982E5502D5}" = dir=out | name=netflix |
"{F9870B25-CE80-43F3-AFBE-1E0C1E1C3898}" = dir=out | name=deals & offers |
"{FC3C1606-2044-42C8-A5D4-F72E22843F18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1515F5E3-29EA-4CD1-A981-032D88880F09}" = TOSHIBA Audio Enhancement
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF33396-F041-49F5-BA3D-39425529CE9C}" = Intel® Rapid Storage Technology
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{6499E894-43F8-458B-AE35-724F4732BCDE}" = TOSHIBA Service Station
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}" = TOSHIBA HDD Accelerator
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{11244D6B-9842-440F-8579-6A4D771A0D9B}" = Toshiba Book Place
"{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}" = DTS Sound
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI MUI
"{B1786E63-2127-42C9-95A3-146E5F727BF1}" = TOSHIBA Password Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"NARA" = Norton Online Backup ARA
"NAT" = Norton Anti-Theft
"NIS" = Norton Internet Security
"Norton PC Checkup_is1" = Norton PC Checkup
"Origin" = Origin
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-036ebbde-654b-46d4-9157-40def0706849" = Plants vs. Zombies - Game of the Year
"WTA-1473d981-97c4-45e5-a8da-1ae9a049b74d" = Chuzzle Deluxe
"WTA-35dbbed9-107a-4952-b5f3-6df45528369e" = Luxor Evolved
"WTA-45566bc8-2907-45da-9169-85b30491e22d" = Jack of All Tribes
"WTA-703c1ad7-91e6-4b13-b4f5-571352da0ac3" = King Oddball
"WTA-8b4a0e9e-531f-41bb-b753-bfcb79c638d9" = Wonderland Solitaire
"WTA-ac18fae5-0a5b-41af-9ba1-2bf142b02056" = Bejeweled 3
"WTA-d145cfd3-e952-459e-b4d0-995b1128f87f" = Elementals - The Magic Key

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76" = Toshiba Start

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2013 1:28:11 AM | Computer Name = DeansPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/26/2013 1:28:11 AM | Computer Name = DeansPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7735

Error - 12/26/2013 1:28:11 AM | Computer Name = DeansPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7735

Error - 12/27/2013 12:03:08 AM | Computer Name = DeansPC | Source = Toshiba App Place | ID = 0
Description =

Error - 12/27/2013 12:55:33 AM | Computer Name = DeansPC | Source = Toshiba App Place | ID = 0
Description =

Error - 12/27/2013 1:04:22 AM | Computer Name = DeansPC | Source = Toshiba App Place | ID = 0
Description =

Error - 12/28/2013 1:28:44 AM | Computer Name = DeansPC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 12/26/2013 1:34:42 PM | Computer Name = DeansPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 40. The Windows SChannel error state is 107.

Error - 12/26/2013 1:34:42 PM | Computer Name = DeansPC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2013 1:34:42 PM | Computer Name = DeansPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 40. The Windows SChannel error state is 107.

Error - 12/26/2013 1:34:43 PM | Computer Name = DeansPC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2013 1:34:43 PM | Computer Name = DeansPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 40. The Windows SChannel error state is 107.

Error - 12/26/2013 1:34:45 PM | Computer Name = DeansPC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2013 1:34:45 PM | Computer Name = DeansPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 40. The Windows SChannel error state is 107.

Error - 12/28/2013 11:23:01 AM | Computer Name = DeansPC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/29/2013 12:43:25 PM | Computer Name = DeansPC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 10.0.0.7. The computer with the IP address 10.0.0.2 did not allow
the name to be claimed by this computer.

Error - 12/29/2013 2:40:56 PM | Computer Name = DeansPC | Source = bowser | ID = 8003
Description =

< End of report >

Advertisements

Register to Remove

#2 Dean N

Authentic Member

Authentic Member
152 posts

Posted 02 January 2014 - 09:13 PM

Note: The topic title should be AdChoices, not Adware.

#3 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 04 January 2014 - 11:57 AM

:welcome:

When you reply to your own posts it removes you from the Zero replies our helpers look for to help you and your thread can be over looked

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

Vista/Windows 7/8 users right-click and select Run As Administrator.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.

Copy and paste the contents of that logfile in your next reply.

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#4 Dean N

Authentic Member

Authentic Member
152 posts

Posted 04 January 2014 - 05:12 PM

Sorry about the additional post; I couldn't edit the original one. Here's the log - looks pretty empty:

# AdwCleaner v3.016 - Report created 04/01/2014 at 18:05:27
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Dean - DEANSPC
# Running from : C:\Users\Dean\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

*************************

AdwCleaner[R5].txt - [468 octets] - [04/01/2014 18:05:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [527 octets] ##########

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 04 January 2014 - 05:37 PM

Thats fine, hope your doing well

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Next

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#6 Dean N

Authentic Member

Authentic Member
152 posts

Posted 04 January 2014 - 08:31 PM

Hello again Ken, Hope you're well too! Here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8 x64
Ran by Dean on Sat 01/04/2014 at 19:49:05.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/04/2014 at 19:54:22.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.04.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Dean :: DEANSPC [administrator]

1/4/2014 9:04:59 PM
mbam-log-2014-01-04 (21-04-59).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

#7 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2014 - 12:11 AM

Hi,

Not seeing anything related to Conduit. Malwarebytes most times takes somewhere around 10 minutes or so to scan your system and your scan is only showing 2 minutes, also its not showing if it removed any files or folders ???? Did you post the entire log ?

Just a heads up on this, not the best software around, I wouldn't want it on my system, you can uninstall it via Programs and Features in the Control Panel

SpyHunter - spyware remover of somewhat dubious reput

Enigma Software Group USA, LLC.

I would like you to run this quick scan, you will need the 64 bit version

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

64 Bit Version

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:folderfind
Conduit
:filefind
Conduit
:regfind
Conduit

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#8 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2014 - 08:34 AM

I had downloaded a bunch of software and run it prior to asking for help here. That Spy Hunter was one of them. It was completely annoying (and apparently hadn't uninstalled cleanly). And you were right, it looks like I screwed up the cut and paste for Malwarebytes. I reposted below. Nothing on the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:23 on 05/01/2014 by Dean
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "Conduit"
No folders found.

========== filefind ==========

Searching for "Conduit"
No files found.

========== regfind ==========

Searching for "Conduit"
No data found.

-= EOF =-

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.04.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Dean :: DEANSPC [administrator]

1/4/2014 9:04:59 PM
mbam-log-2014-01-04 (21-04-59).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2014 - 08:49 AM

Ok Thanks.

A bit of advice, before you download and install any program, Google it and see what other people say. Where you able to uninstall SpyHunter ?

Why dont you run a new scan with Spybot and post the log and let me see if there are any entries for Conduit

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#10 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2014 - 09:47 AM

I Googled/read for quite some time and tried a bunch of software prior to asking for help here. Spyhunter was one of the programs recommended, as was AdwCleaner. And Spybot..

I've looked via control panel (and CCleaner) for any sign of Spyhunter or Enigma, nothing there.

New download of spybot ---> scan ---> here's the log:

Search results from Spybot - Search & Destroy

1/5/2014 10:39:58 AM
Scan took 00:00:00.
1 items found.

Error: Service check: the Services.sbs file is missing. Please use the update to get a new copy!

DoubleClick: Tracking cookie (Internet Explorer (User): Dean) (Browser: Cookie, nothing done)

--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2014-01-05 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2010-08-13 Includes\Cookies.sbi (*)

Advertisements

Register to Remove

#11 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2014 - 10:36 AM

Did it find any reference to Conduit as the report could be longer ?

Open up Internet Explorer and click on Tools > Manage Add-Ons > Search Providers and if Conduit is in there delete it

Open up Firefox and on the Top Right where you use your searches, click on the little down arrow next to the Search Icon and then select Manage Search Engines and if Conduit is in there delete it

Open up Chrome and click on the 3 bars up on the Top Right and go to Settings > Manage Search Engines and if Conduit is in there delete it.

Then run a new scan with OTL and post the log please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#12 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2014 - 11:07 AM

I'm pretty sure Malwarebytes removed some Conduit junk prior to my posting here. Also, the first thing I did when I noticed infection was to manually remove SearchConduit on the Add-Ons --> Providers.

I feel like my efforts to resolve this myself has made it harder for you to do your job here! :wall:

I have neither Firefox nor Chrome on this machine. Should I download them and look?

There are two Desktop.ini files on my desktop. I'm not sure how they got there. Are they suspect?

OTL:

OTL logfile created on: 1/5/2014 11:57:43 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dean\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 74.47% Memory free
9.07 Gb Paging File | 7.02 Gb Available in Paging File | 77.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.53 Gb Total Space | 644.25 Gb Free Space | 93.84% Space Free | Partition Type: NTFS

Computer Name: DEANSPC | User Name: Dean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dean\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (THAccelSvc) -- C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe (TOSHIBA CORPORATION)
SRV:64bit: - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\Teco\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (NAT) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe (Symantec Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (dts_apo_service) -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe ()
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NAT) -- C:\Windows\SysNative\Drivers\NATx64\010A000.009\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (THAccel) -- C:\Windows\SysNative\Drivers\THAccel.sys (TOSHIBA Corporation)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys (Symantec Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Thotkey) -- C:\Windows\SysNative\Drivers\Thotkey.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\Drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\Drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\Drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0403000.00E\ccSetx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140104.006\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140104.006\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140103.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131203.001\BHDrvx64.sys (Symantec Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}
IE:64bit: - HKLM\..\SearchScopes\{7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2014/01/02 21:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013/12/25 21:30:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95690AD-E721-40F7-BA8B-AC2EC40E6954}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/01/01 20:02:29 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/05 10:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/01/05 10:38:35 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2014/01/05 10:37:30 | 040,658,208 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\Dean\Desktop\spybot-2.2.exe
[2014/01/05 10:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/01/04 21:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/04 21:03:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/01/04 21:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/04 19:48:58 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/01/04 19:46:02 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Dean\Desktop\JRT.exe
[2014/01/04 18:05:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/02 21:09:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/01 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\TuneUp Software
[2014/01/01 20:26:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/01 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\MFAData
[2014/01/01 20:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/01 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/01/01 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/12/31 21:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/31 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/31 20:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/29 19:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013/12/29 19:07:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\CrashDumps
[2013/12/29 12:02:50 | 000,000,000 | ---D | C] -- C:\Users\Dean\.android
[2013/12/29 12:02:49 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\cache
[2013/12/29 12:02:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\genienext
[2013/12/28 12:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
[2013/12/26 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Malwarebytes
[2013/12/26 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Skype
[2013/12/26 21:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/26 21:37:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/12/26 21:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/26 21:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/12/26 11:43:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/12/26 10:59:48 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/26 10:59:48 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/12/26 10:59:47 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/26 10:59:46 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/12/26 10:59:45 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/12/26 10:59:44 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/12/26 10:59:42 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/12/26 10:59:39 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll
[2013/12/26 10:59:36 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll
[2013/12/26 10:59:36 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll
[2013/12/26 10:59:29 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/12/26 10:59:27 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll
[2013/12/26 10:59:24 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2013/12/26 10:59:24 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/12/26 10:59:22 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2013/12/26 10:59:22 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013/12/26 10:59:22 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2013/12/26 10:59:22 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll
[2013/12/26 10:59:22 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/12/26 10:59:22 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/12/26 10:59:22 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2013/12/26 10:59:22 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll
[2013/12/26 10:59:21 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2013/12/26 10:59:21 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013/12/26 10:59:21 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll
[2013/12/26 10:59:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll
[2013/12/26 10:59:16 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/12/26 10:59:14 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013/12/26 10:59:13 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2013/12/26 10:59:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/12/26 10:59:13 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2013/12/26 10:59:13 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2013/12/26 10:59:13 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2013/12/26 10:59:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2013/12/26 10:59:13 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll
[2013/12/26 10:59:12 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll
[2013/12/26 10:59:12 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll
[2013/12/26 10:59:12 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll
[2013/12/26 10:59:11 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2013/12/26 10:59:02 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/12/26 10:59:00 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll
[2013/12/26 10:59:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013/12/26 10:58:59 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll
[2013/12/26 10:58:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll
[2013/12/26 10:58:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2013/12/26 10:58:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/12/26 10:58:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll
[2013/12/26 10:58:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll
[2013/12/26 10:58:26 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dskquota.dll
[2013/12/26 10:58:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dskquota.dll
[2013/12/26 10:58:13 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hal.dll
[2013/12/26 10:58:10 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetsrc.dll
[2013/12/26 10:58:10 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll
[2013/12/26 10:58:09 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetcore.dll
[2013/12/26 10:58:09 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmpeg2srcsnk.dll
[2013/12/26 10:58:09 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2013/12/26 10:58:09 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll
[2013/12/26 10:57:48 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2013/12/26 10:57:47 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll
[2013/12/26 10:57:47 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BCP47Langs.dll
[2013/12/26 10:57:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BCP47Langs.dll
[2013/12/26 10:57:41 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysWow64\rars.rs
[2013/12/26 10:57:41 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysNative\rars.rs
[2013/12/26 10:57:39 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll
[2013/12/26 10:57:39 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\stobject.dll
[2013/12/26 10:57:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netplwiz.dll
[2013/12/26 10:57:38 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Magnify.exe
[2013/12/26 10:57:37 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll
[2013/12/26 10:57:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psmsrv.dll
[2013/12/26 10:57:35 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netplwiz.dll
[2013/12/26 10:57:35 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/12/26 10:57:32 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll
[2013/12/26 10:57:32 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl
[2013/12/26 10:57:32 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AuthHost.exe
[2013/12/26 10:57:31 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Magnify.exe
[2013/12/26 10:57:31 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2013/12/26 10:57:31 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\biwinrt.dll
[2013/12/26 10:57:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\biwinrt.dll
[2013/12/26 10:57:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl
[2013/12/26 10:57:17 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bisrv.dll
[2013/12/26 10:57:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe
[2013/12/26 10:57:13 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2013/12/26 10:57:08 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\muifontsetup.dll
[2013/12/26 10:57:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\muifontsetup.dll
[2013/12/26 10:56:56 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\autochk.exe
[2013/12/26 10:56:56 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\untfs.dll
[2013/12/26 10:56:56 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\untfs.dll
[2013/12/26 10:56:55 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\autochk.exe
[2013/12/26 10:56:54 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/12/26 10:56:31 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/12/26 10:56:27 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/12/26 10:56:21 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll
[2013/12/26 10:56:21 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2013/12/26 10:56:20 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/12/26 10:56:20 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Globalization.dll
[2013/12/26 10:56:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/12/26 10:56:20 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcfgx.dll
[2013/12/26 10:56:19 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013/12/26 10:56:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll
[2013/12/26 10:56:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll
[2013/12/26 10:56:18 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2013/12/26 10:56:18 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2013/12/26 10:56:18 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll
[2013/12/26 10:56:18 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/12/26 10:56:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcfgx.dll
[2013/12/26 10:56:18 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll
[2013/12/26 10:55:56 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll
[2013/12/26 10:55:55 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\discan.dll
[2013/12/26 10:55:54 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powercfg.cpl
[2013/12/26 10:55:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\powercfg.cpl
[2013/12/26 10:55:54 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NdisImPlatform.dll
[2013/12/26 10:55:54 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storahci.sys
[2013/12/26 10:55:54 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDPrintProxy.DLL
[2013/12/26 10:55:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll
[2013/12/26 10:55:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll
[2013/12/26 10:55:42 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/12/26 10:55:32 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2013/12/26 10:55:31 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/12/26 10:55:31 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/12/26 10:55:31 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2013/12/26 10:55:31 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/12/26 10:55:31 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/12/26 10:55:30 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013/12/26 10:55:29 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2013/12/26 10:55:29 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2013/12/26 10:55:29 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/12/26 10:55:29 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/12/26 10:55:29 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/12/26 10:55:29 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/12/26 10:55:29 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/12/26 10:55:28 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscms.dll
[2013/12/26 10:55:28 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/12/26 10:55:28 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DeviceSetupManager.dll
[2013/12/26 10:55:28 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/12/26 10:55:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samlib.dll
[2013/12/26 10:55:28 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MbaeParserTask.exe
[2013/12/26 10:55:27 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/12/26 10:54:46 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2013/12/26 10:54:45 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/12/26 10:54:45 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/12/26 10:54:26 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013/12/26 10:54:26 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013/12/26 10:54:24 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/12/26 10:54:10 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/12/26 10:54:09 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/12/26 10:53:58 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013/12/26 10:53:58 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013/12/26 10:53:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL
[2013/12/26 10:53:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL
[2013/12/26 10:53:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/26 10:53:42 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/12/26 10:53:42 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/12/26 10:53:42 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/12/26 10:53:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/12/26 10:53:09 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2013/12/26 10:53:03 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/12/26 10:53:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013/12/26 10:53:02 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013/12/26 10:53:02 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013/12/26 10:53:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/12/26 10:53:02 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013/12/26 10:53:01 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncInfo.dll
[2013/12/26 10:53:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncInfo.dll
[2013/12/26 10:52:57 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wdc.dll
[2013/12/26 10:52:57 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wdc.dll
[2013/12/26 10:52:57 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wvc.dll
[2013/12/26 10:52:57 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysmon.ocx
[2013/12/26 10:52:57 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wvc.dll
[2013/12/26 10:52:57 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sysmon.ocx
[2013/12/26 10:52:56 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/12/26 10:52:56 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/12/26 10:52:56 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/12/26 10:52:41 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013/12/26 10:52:26 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013/12/26 10:52:21 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAutomationCore.dll
[2013/12/26 10:52:19 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAutomationCore.dll
[2013/12/26 10:52:19 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2013/12/26 10:52:19 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll
[2013/12/26 10:52:18 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tpm.sys
[2013/12/26 10:52:18 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys
[2013/12/26 10:52:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/12/26 10:52:18 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/12/26 10:52:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2013/12/26 10:52:12 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/12/26 10:52:12 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/12/26 10:51:45 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NotificationUI.exe
[2013/12/26 10:51:44 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSService.dll
[2013/12/26 10:51:43 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppobjs.dll
[2013/12/26 10:51:42 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2013/12/26 10:51:42 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2013/12/26 10:51:42 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/12/26 10:51:42 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSClient.dll
[2013/12/26 10:51:42 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/12/26 10:51:42 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSSync.dll
[2013/12/26 10:51:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSClient.dll
[2013/12/26 10:51:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSSync.dll
[2013/12/26 10:51:42 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/12/26 10:51:42 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppc.dll
[2013/12/26 10:51:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2013/12/26 10:51:42 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sppc.dll
[2013/12/26 10:51:42 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys
[2013/12/26 10:51:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/26 10:51:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/26 10:51:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupcln.dll
[2013/12/26 10:51:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setupcln.dll
[2013/12/26 10:51:36 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/12/26 10:51:36 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/12/26 10:51:36 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/12/26 10:51:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/12/26 10:51:36 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/12/26 10:51:14 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/26 10:51:09 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/12/26 10:51:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/26 10:51:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/26 10:50:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/26 10:50:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/26 10:50:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/26 10:50:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/26 10:50:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013/12/26 10:50:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/26 10:50:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013/12/26 10:50:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/26 10:50:51 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/12/26 10:50:37 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msftedit.dll
[2013/12/26 10:50:37 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msftedit.dll
[2013/12/26 10:50:37 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013/12/26 10:50:36 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2013/12/26 10:50:35 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WerFault.exe
[2013/12/26 10:50:35 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanconn.dll
[2013/12/26 10:50:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/12/26 10:50:35 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WerFault.exe
[2013/12/26 10:50:35 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/12/26 10:50:35 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/12/26 10:50:35 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmsvc.dll
[2013/12/26 10:50:35 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSCard.dll
[2013/12/26 10:50:35 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/12/26 10:50:35 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmmbase.dll
[2013/12/26 10:50:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmmbase.dll
[2013/12/26 10:50:35 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/12/26 10:50:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmm.dll
[2013/12/26 10:50:34 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/12/26 10:50:34 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanmm.dll
[2013/12/26 10:50:34 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wwanadvui.dll
[2013/12/26 10:50:34 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/12/26 10:50:34 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpioclx.sys
[2013/12/26 10:50:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\openfiles.exe
[2013/12/26 10:50:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmcsp.dll
[2013/12/26 10:50:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\openfiles.exe
[2013/12/26 10:50:33 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/12/26 10:50:33 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\LocationApi.dll
[2013/12/26 10:50:33 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LocationApi.dll
[2013/12/26 10:49:43 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/12/26 10:49:43 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2013/12/26 10:49:43 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/12/26 10:49:43 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resutils.dll
[2013/12/26 10:49:43 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2013/12/26 10:49:43 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\clusapi.dll
[2013/12/26 10:49:42 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2013/12/26 10:49:42 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\resutils.dll
[2013/12/26 10:49:42 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2013/12/26 10:49:41 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\clusapi.dll
[2013/12/26 10:49:40 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys
[2013/12/26 10:49:40 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/12/26 10:49:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/12/26 10:49:40 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2013/12/26 10:49:40 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/12/26 10:49:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2013/12/26 10:49:40 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/12/26 10:49:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/12/26 10:49:40 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2013/12/26 10:49:23 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wfplwfs.sys
[2013/12/26 10:48:37 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/12/26 10:48:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgentc.exe
[2013/12/26 10:48:30 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgentc.exe
[2013/12/26 10:47:56 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll
[2013/12/26 10:47:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2013/12/26 10:47:41 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/12/26 10:47:41 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/12/26 10:44:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/12/26 10:44:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/12/26 10:43:00 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/12/26 10:41:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/12/26 10:41:10 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepapi.dll
[2013/12/26 10:41:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepsync.dll
[2013/12/26 10:41:09 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepapi.dll
[2013/12/26 10:41:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepsync.dll
[2013/12/26 10:40:56 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/12/26 10:40:09 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/26 10:39:58 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrobj.dll
[2013/12/26 10:39:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/26 10:39:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrobj.dll
[2013/12/26 10:39:58 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/26 10:39:58 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/26 10:39:58 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/26 10:39:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/26 10:39:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/12/26 10:39:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/12/26 10:39:38 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/12/26 10:39:38 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/12/26 10:39:37 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/26 10:39:37 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/26 10:39:36 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/26 10:39:36 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/26 10:39:03 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/12/26 10:39:02 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/12/26 10:39:02 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/12/26 10:39:02 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2013/12/26 10:39:01 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/12/26 10:39:01 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2013/12/26 10:39:00 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/12/26 10:39:00 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/12/26 09:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/12/25 23:59:33 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Diagnostics
[2013/12/25 21:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/25 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Programs
[2013/12/25 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Adobe
[2013/12/25 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Apple Computer
[2013/12/25 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Apple Computer
[2013/12/25 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/25 15:35:20 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013/12/25 15:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/12/25 15:34:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Apple
[2013/12/25 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/12/25 15:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/25 15:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/25 15:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/25 11:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Book Place
[2013/12/25 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\Documents\Book Place
[2013/12/25 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Book Place
[2013/12/25 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Macromedia
[2013/12/25 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Toshiba
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\Searches
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\Contacts
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/25 10:26:41 | 000,000,000 | -H-D | C] -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/25 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Adobe
[2013/12/25 10:26:29 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\WinBatch
[2013/12/25 10:24:52 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\VirtualStore
[2013/12/25 10:24:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/12/25 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Packages
[2013/12/25 10:23:57 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Temporary Internet Files
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Templates
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Start Menu
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\SendTo
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Recent
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\PrintHood
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\NetHood
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Videos
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Pictures
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Music
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\My Documents
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Local Settings
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\History
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Cookies
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Application Data
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Application Data
[2013/12/25 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Temp
[2013/12/25 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Microsoft
[2013/12/25 10:23:46 | 000,000,000 | --SD | C] -- C:\Users\Dean\AppData\Roaming\Microsoft
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Videos
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Saved Games
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Pictures
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Music
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Links
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Favorites
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Downloads
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Documents
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Desktop
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/12/25 10:23:46 | 000,000,000 | -H-D | C] -- C:\Users\Dean\AppData
[2013/12/25 10:23:46 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/05 11:45:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/05 10:38:38 | 000,001,390 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/05 10:38:00 | 040,658,208 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\Dean\Desktop\spybot-2.2.exe
[2014/01/05 10:34:53 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/05 10:34:53 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/05 10:34:53 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/05 10:29:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/05 10:29:58 | 2475,704,319 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 10:28:33 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014/01/05 09:49:09 | 000,743,862 | ---- | M] () -- C:\Users\Dean\Desktop\snap003.bmp
[2014/01/05 09:47:23 | 001,096,254 | ---- | M] () -- C:\Users\Dean\Desktop\snap002.bmp
[2014/01/05 09:45:27 | 001,233,990 | ---- | M] () -- C:\Users\Dean\Desktop\snap001.bmp
[2014/01/05 09:19:32 | 000,139,264 | ---- | M] () -- C:\Users\Dean\Desktop\SystemLook.exe
[2014/01/04 21:03:03 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 19:46:02 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Dean\Desktop\JRT.exe
[2014/01/04 18:04:56 | 001,233,962 | ---- | M] () -- C:\Users\Dean\Desktop\AdwCleaner.exe
[2014/01/01 20:02:29 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/12/31 21:24:58 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/28 12:40:26 | 002,557,862 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/12/26 23:00:36 | 000,282,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/26 22:44:24 | 000,053,686 | ---- | M] () -- C:\Users\Dean\Documents\cc_20131226_224412.reg
[2013/12/26 21:37:07 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/26 00:04:18 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/12/25 21:29:18 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/12/25 21:29:18 | 000,007,631 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/12/25 21:29:18 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/12/25 15:35:26 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 10:58:27 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/12/25 10:31:25 | 000,001,435 | ---- | M] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/19 13:55:20 | 000,023,702 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20131219.024
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/05 10:38:38 | 000,001,402 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/01/05 10:38:38 | 000,001,390 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/05 09:49:09 | 000,743,862 | ---- | C] () -- C:\Users\Dean\Desktop\snap003.bmp
[2014/01/05 09:47:23 | 001,096,254 | ---- | C] () -- C:\Users\Dean\Desktop\snap002.bmp
[2014/01/05 09:45:26 | 001,233,990 | ---- | C] () -- C:\Users\Dean\Desktop\snap001.bmp
[2014/01/05 09:19:32 | 000,139,264 | ---- | C] () -- C:\Users\Dean\Desktop\SystemLook.exe
[2014/01/04 21:03:03 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 18:04:56 | 001,233,962 | ---- | C] () -- C:\Users\Dean\Desktop\AdwCleaner.exe
[2014/01/01 20:02:29 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/12/31 21:25:34 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2013/12/31 21:24:57 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/26 23:00:25 | 000,282,472 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/26 22:44:20 | 000,053,686 | ---- | C] () -- C:\Users\Dean\Documents\cc_20131226_224412.reg
[2013/12/26 21:37:06 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/26 10:51:41 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/12/26 10:49:41 | 000,385,528 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/12/26 00:04:18 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/12/25 15:35:26 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 15:34:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/25 10:58:27 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/12/25 10:31:25 | 000,001,435 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/25 10:26:35 | 000,001,441 | ---- | C] () -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/25 10:23:47 | 000,000,352 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/25 10:23:47 | 000,000,334 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/25 09:10:11 | 2475,704,319 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/20 00:25:59 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/02/22 16:49:46 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/02/22 16:43:09 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013/02/22 16:43:08 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/12/10 16:12:50 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/12/26 21:36:21 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#13 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2014 - 11:13 AM

Read this, you may have gotten conduit when you installed SpyHunter by Enigma Software Group

http://www.systemloo...ftware Group&s=

Try uninstalling it

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#14 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2014 - 11:29 AM

I'm 99% sure I had infection prior to Spyhunter, but of course I could be wrong. I was looking at sites for free ebooks and something helped itself to my hard drive (Book Fanatic, I think) and that's when the trouble started..

You'll need to advise me on how to uninstall Spyhunter; It's not showing up in any form on my add/remove, or CCleaner uninstall. A search brings up no Spyhunter files at all. The fact that I'm figuring out Windows 8 as I go here is a total exercise in frustration too. (No start button? Huh? And what's this desktop thingy that's not really the desktop, and forces a full page view? I could go on... ugh... ok sorry end rant.)

#15 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2014 - 12:15 PM

I went to a friends house about 4 months ago that got a bit infected downloading a bogus Flash Player update, didn't know it till I got there that it was Windows 8, it was really frustrating trying to find my way around but finally did. I always love a challenge and was about due for a new computer anyway and I got a Dell All in One with Windows 8, upgraded to Windows 8.1 and so far I am pretty happy with it.

First go here and see if there is an uninstall for SpyHunter

C:\Program Files\Enigma Software Group\SpyHunter

If not we can check a few other things

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme

Persistent SearchConduit, ReadingFanatic, and/or Adware infection [Sol

#1 Dean N

Advertisements

Register to Remove

#2 Dean N

#3 ken545

#4 Dean N

#5 ken545

#6 Dean N

#7 ken545

#8 Dean N

#9 ken545

#10 Dean N

Advertisements

Register to Remove

#11 ken545

#12 Dean N

#13 ken545

#14 Dean N

#15 ken545

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Persistent SearchConduit, ReadingFanatic, and/or Adware infection [Sol

#1 Dean N

Advertisements Register to Remove

#2 Dean N

#3 ken545

#4 Dean N

#5 ken545

#6 Dean N

#7 ken545

#8 Dean N

#9 ken545

#10 Dean N

Advertisements Register to Remove

#11 ken545

#12 Dean N

#13 ken545

#14 Dean N

#15 ken545

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove