Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91600 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Persistent SearchConduit, ReadingFanatic, and/or Adware infection [Sol


  • This topic is locked This topic is locked
79 replies to this topic

#16 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 01:12 PM

Attached File  snap001.bmp   507.36KB   67 downloads

 

No Spyhunter uninstall in its folder.  I attached a screenshot of the Spyhunter folder for you.

Is there no way to imbed a pic in my post (other than URL --> hosting site)?  I kind of doubt you like opening attachments from people with infected computers...

 

 

 


    Advertisements

Register to Remove


#17 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2014 - 01:48 PM

OK

 

Open OTL.exe
  •  
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
 
 
:OTL
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
 
 
:Services
 
:Reg
 
:Files
ipconfig /flushdns /c
C:\Program Files\Enigma Software Group
 
 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
 
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
Then run a new scan with OTL and post the new log please

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#18 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 01:59 PM

Custom run fix log:

 

 

All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File  C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dean\Desktop\cmd.bat deleted successfully.
C:\Users\Dean\Desktop\cmd.txt deleted successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Dean
->Temp folder emptied: 12451 bytes
->Temporary Internet Files folder emptied: 83525913 bytes
->Flash cache emptied: 1046 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715879 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61566 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 79196 bytes
RecycleBin emptied: 86849652 bytes
 
Total Files Cleaned = 164.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01052014_145410

Files\Folders moved on Reboot...
C:\Users\Dean\AppData\Local\Temp\log.txt moved successfully.
C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



#19 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 02:06 PM

...and the scan log:

 

 

OTL logfile created on: 1/5/2014 3:00:16 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dean\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.88 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 75.45% Memory free
9.07 Gb Paging File | 7.05 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.53 Gb Total Space | 644.12 Gb Free Space | 93.82% Space Free | Partition Type: NTFS
 
Computer Name: DEANSPC | User Name: Dean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (THAccelSvc) -- C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe (TOSHIBA CORPORATION)
SRV:64bit: - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\Teco\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (NAT) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe (Symantec Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (dts_apo_service) -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe ()
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NAT) -- C:\Windows\SysNative\Drivers\NATx64\010A000.009\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (THAccel) -- C:\Windows\SysNative\Drivers\THAccel.sys (TOSHIBA Corporation)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys (Symantec Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Thotkey) -- C:\Windows\SysNative\Drivers\Thotkey.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\Drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\Drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\Drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0403000.00E\ccSetx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140104.006\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140104.006\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140103.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131203.001\BHDrvx64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}
IE:64bit: - HKLM\..\SearchScopes\{7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7C3E91D1-3008-4275-BBB1-F4A3D368CDEE}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2014/01/02 21:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013/12/25 21:30:01 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95690AD-E721-40F7-BA8B-AC2EC40E6954}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/01/01 20:02:29 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/05 14:54:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/05 10:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/01/05 10:38:35 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2014/01/05 10:37:30 | 040,658,208 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\Dean\Desktop\spybot-2.2.exe
[2014/01/05 10:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/01/04 21:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/04 21:03:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/01/04 21:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/04 19:48:58 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/01/04 19:46:02 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Dean\Desktop\JRT.exe
[2014/01/04 18:05:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/02 21:36:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dean\Desktop\OTL.exe
[2014/01/02 21:09:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/01 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\TuneUp Software
[2014/01/01 20:26:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/01 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\MFAData
[2014/01/01 20:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/01 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/12/31 21:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/31 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/31 20:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/29 19:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013/12/29 19:07:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\CrashDumps
[2013/12/29 12:02:50 | 000,000,000 | ---D | C] -- C:\Users\Dean\.android
[2013/12/29 12:02:49 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\cache
[2013/12/29 12:02:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\genienext
[2013/12/28 12:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
[2013/12/26 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Malwarebytes
[2013/12/26 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Skype
[2013/12/26 21:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/26 21:37:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/12/26 21:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/26 21:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/12/26 11:43:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/12/26 10:59:48 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/26 10:59:48 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/12/26 10:59:47 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/26 10:59:46 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/12/26 10:59:45 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/12/26 10:59:44 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/12/26 10:59:42 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/12/26 10:59:39 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll
[2013/12/26 10:59:36 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll
[2013/12/26 10:59:36 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll
[2013/12/26 10:59:29 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/12/26 10:59:27 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll
[2013/12/26 10:59:24 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2013/12/26 10:59:24 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/12/26 10:59:22 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2013/12/26 10:59:22 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013/12/26 10:59:22 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2013/12/26 10:59:22 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll
[2013/12/26 10:59:22 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/12/26 10:59:22 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/12/26 10:59:22 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2013/12/26 10:59:22 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll
[2013/12/26 10:59:21 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2013/12/26 10:59:21 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013/12/26 10:59:21 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll
[2013/12/26 10:59:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll
[2013/12/26 10:59:16 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/12/26 10:59:14 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013/12/26 10:59:13 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2013/12/26 10:59:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/12/26 10:59:13 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2013/12/26 10:59:13 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2013/12/26 10:59:13 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2013/12/26 10:59:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2013/12/26 10:59:13 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll
[2013/12/26 10:59:12 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll
[2013/12/26 10:59:12 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll
[2013/12/26 10:59:12 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll
[2013/12/26 10:59:11 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2013/12/26 10:59:02 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/12/26 10:59:00 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll
[2013/12/26 10:59:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013/12/26 10:58:59 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll
[2013/12/26 10:58:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll
[2013/12/26 10:58:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2013/12/26 10:58:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/12/26 10:58:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll
[2013/12/26 10:58:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll
[2013/12/26 10:58:26 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dskquota.dll
[2013/12/26 10:58:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dskquota.dll
[2013/12/26 10:58:13 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hal.dll
[2013/12/26 10:58:10 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetsrc.dll
[2013/12/26 10:58:10 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll
[2013/12/26 10:58:09 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetcore.dll
[2013/12/26 10:58:09 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmpeg2srcsnk.dll
[2013/12/26 10:58:09 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2013/12/26 10:58:09 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll
[2013/12/26 10:57:48 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2013/12/26 10:57:47 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll
[2013/12/26 10:57:47 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BCP47Langs.dll
[2013/12/26 10:57:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BCP47Langs.dll
[2013/12/26 10:57:41 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysWow64\rars.rs
[2013/12/26 10:57:41 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysNative\rars.rs
[2013/12/26 10:57:39 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll
[2013/12/26 10:57:39 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\stobject.dll
[2013/12/26 10:57:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netplwiz.dll
[2013/12/26 10:57:38 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Magnify.exe
[2013/12/26 10:57:37 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll
[2013/12/26 10:57:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psmsrv.dll
[2013/12/26 10:57:35 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netplwiz.dll
[2013/12/26 10:57:35 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/12/26 10:57:32 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll
[2013/12/26 10:57:32 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl
[2013/12/26 10:57:32 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AuthHost.exe
[2013/12/26 10:57:31 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Magnify.exe
[2013/12/26 10:57:31 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2013/12/26 10:57:31 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\biwinrt.dll
[2013/12/26 10:57:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\biwinrt.dll
[2013/12/26 10:57:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl
[2013/12/26 10:57:17 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bisrv.dll
[2013/12/26 10:57:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe
[2013/12/26 10:57:13 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2013/12/26 10:57:08 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\muifontsetup.dll
[2013/12/26 10:57:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\muifontsetup.dll
[2013/12/26 10:56:56 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\autochk.exe
[2013/12/26 10:56:56 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\untfs.dll
[2013/12/26 10:56:56 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\untfs.dll
[2013/12/26 10:56:55 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\autochk.exe
[2013/12/26 10:56:54 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/12/26 10:56:31 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/12/26 10:56:27 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/12/26 10:56:21 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll
[2013/12/26 10:56:21 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2013/12/26 10:56:20 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/12/26 10:56:20 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Globalization.dll
[2013/12/26 10:56:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/12/26 10:56:20 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcfgx.dll
[2013/12/26 10:56:19 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013/12/26 10:56:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll
[2013/12/26 10:56:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll
[2013/12/26 10:56:18 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2013/12/26 10:56:18 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2013/12/26 10:56:18 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll
[2013/12/26 10:56:18 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/12/26 10:56:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcfgx.dll
[2013/12/26 10:56:18 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll
[2013/12/26 10:55:56 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll
[2013/12/26 10:55:55 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\discan.dll
[2013/12/26 10:55:54 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powercfg.cpl
[2013/12/26 10:55:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\powercfg.cpl
[2013/12/26 10:55:54 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NdisImPlatform.dll
[2013/12/26 10:55:54 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storahci.sys
[2013/12/26 10:55:54 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDPrintProxy.DLL
[2013/12/26 10:55:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll
[2013/12/26 10:55:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll
[2013/12/26 10:55:42 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/12/26 10:55:32 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2013/12/26 10:55:31 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/12/26 10:55:31 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/12/26 10:55:31 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2013/12/26 10:55:31 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/12/26 10:55:31 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/12/26 10:55:30 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013/12/26 10:55:29 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2013/12/26 10:55:29 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2013/12/26 10:55:29 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/12/26 10:55:29 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/12/26 10:55:29 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/12/26 10:55:29 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/12/26 10:55:29 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/12/26 10:55:28 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscms.dll
[2013/12/26 10:55:28 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/12/26 10:55:28 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DeviceSetupManager.dll
[2013/12/26 10:55:28 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/12/26 10:55:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samlib.dll
[2013/12/26 10:55:28 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MbaeParserTask.exe
[2013/12/26 10:55:27 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/12/26 10:54:46 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2013/12/26 10:54:45 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/12/26 10:54:45 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/12/26 10:54:26 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013/12/26 10:54:26 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013/12/26 10:54:24 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/12/26 10:54:10 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/12/26 10:54:09 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/12/26 10:53:58 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013/12/26 10:53:58 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013/12/26 10:53:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL
[2013/12/26 10:53:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL
[2013/12/26 10:53:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/26 10:53:42 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/12/26 10:53:42 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/12/26 10:53:42 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/12/26 10:53:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/12/26 10:53:09 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2013/12/26 10:53:03 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/12/26 10:53:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013/12/26 10:53:02 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013/12/26 10:53:02 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013/12/26 10:53:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/12/26 10:53:02 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013/12/26 10:53:01 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncInfo.dll
[2013/12/26 10:53:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncInfo.dll
[2013/12/26 10:52:57 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wdc.dll
[2013/12/26 10:52:57 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wdc.dll
[2013/12/26 10:52:57 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wvc.dll
[2013/12/26 10:52:57 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysmon.ocx
[2013/12/26 10:52:57 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wvc.dll
[2013/12/26 10:52:57 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sysmon.ocx
[2013/12/26 10:52:56 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/12/26 10:52:56 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/12/26 10:52:56 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/12/26 10:52:41 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013/12/26 10:52:26 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013/12/26 10:52:21 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAutomationCore.dll
[2013/12/26 10:52:19 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAutomationCore.dll
[2013/12/26 10:52:19 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2013/12/26 10:52:19 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll
[2013/12/26 10:52:18 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tpm.sys
[2013/12/26 10:52:18 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys
[2013/12/26 10:52:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/12/26 10:52:18 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/12/26 10:52:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2013/12/26 10:52:12 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/12/26 10:52:12 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/12/26 10:51:45 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NotificationUI.exe
[2013/12/26 10:51:44 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSService.dll
[2013/12/26 10:51:43 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppobjs.dll
[2013/12/26 10:51:42 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2013/12/26 10:51:42 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2013/12/26 10:51:42 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/12/26 10:51:42 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSClient.dll
[2013/12/26 10:51:42 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/12/26 10:51:42 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSSync.dll
[2013/12/26 10:51:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSClient.dll
[2013/12/26 10:51:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSSync.dll
[2013/12/26 10:51:42 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/12/26 10:51:42 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppc.dll
[2013/12/26 10:51:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2013/12/26 10:51:42 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sppc.dll
[2013/12/26 10:51:42 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys
[2013/12/26 10:51:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/26 10:51:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/26 10:51:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupcln.dll
[2013/12/26 10:51:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setupcln.dll
[2013/12/26 10:51:36 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/12/26 10:51:36 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/12/26 10:51:36 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/12/26 10:51:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/12/26 10:51:36 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/12/26 10:51:14 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/26 10:51:09 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/12/26 10:51:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/26 10:51:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/26 10:50:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/26 10:50:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/26 10:50:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/26 10:50:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/26 10:50:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013/12/26 10:50:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/26 10:50:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013/12/26 10:50:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/26 10:50:51 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/12/26 10:50:37 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msftedit.dll
[2013/12/26 10:50:37 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msftedit.dll
[2013/12/26 10:50:37 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013/12/26 10:50:36 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2013/12/26 10:50:35 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WerFault.exe
[2013/12/26 10:50:35 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanconn.dll
[2013/12/26 10:50:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/12/26 10:50:35 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WerFault.exe
[2013/12/26 10:50:35 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/12/26 10:50:35 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/12/26 10:50:35 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmsvc.dll
[2013/12/26 10:50:35 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSCard.dll
[2013/12/26 10:50:35 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/12/26 10:50:35 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmmbase.dll
[2013/12/26 10:50:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmmbase.dll
[2013/12/26 10:50:35 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/12/26 10:50:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmm.dll
[2013/12/26 10:50:34 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/12/26 10:50:34 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanmm.dll
[2013/12/26 10:50:34 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wwanadvui.dll
[2013/12/26 10:50:34 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/12/26 10:50:34 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpioclx.sys
[2013/12/26 10:50:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\openfiles.exe
[2013/12/26 10:50:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmcsp.dll
[2013/12/26 10:50:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\openfiles.exe
[2013/12/26 10:50:33 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/12/26 10:50:33 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\LocationApi.dll
[2013/12/26 10:50:33 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LocationApi.dll
[2013/12/26 10:49:43 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/12/26 10:49:43 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2013/12/26 10:49:43 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/12/26 10:49:43 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resutils.dll
[2013/12/26 10:49:43 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2013/12/26 10:49:43 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\clusapi.dll
[2013/12/26 10:49:42 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2013/12/26 10:49:42 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\resutils.dll
[2013/12/26 10:49:42 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2013/12/26 10:49:41 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\clusapi.dll
[2013/12/26 10:49:40 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys
[2013/12/26 10:49:40 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/12/26 10:49:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/12/26 10:49:40 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2013/12/26 10:49:40 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/12/26 10:49:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2013/12/26 10:49:40 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/12/26 10:49:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/12/26 10:49:40 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2013/12/26 10:49:23 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wfplwfs.sys
[2013/12/26 10:48:37 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/12/26 10:48:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgentc.exe
[2013/12/26 10:48:30 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgentc.exe
[2013/12/26 10:47:56 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll
[2013/12/26 10:47:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2013/12/26 10:47:41 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/12/26 10:47:41 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/12/26 10:44:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/12/26 10:44:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/12/26 10:43:00 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/12/26 10:41:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/12/26 10:41:10 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepapi.dll
[2013/12/26 10:41:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepsync.dll
[2013/12/26 10:41:09 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepapi.dll
[2013/12/26 10:41:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepsync.dll
[2013/12/26 10:40:56 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/12/26 10:40:09 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/26 10:39:58 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrobj.dll
[2013/12/26 10:39:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/26 10:39:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrobj.dll
[2013/12/26 10:39:58 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/26 10:39:58 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/26 10:39:58 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/26 10:39:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/26 10:39:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/12/26 10:39:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/12/26 10:39:38 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/12/26 10:39:38 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/12/26 10:39:37 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/26 10:39:37 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/26 10:39:36 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/26 10:39:36 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/26 10:39:03 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/12/26 10:39:02 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/12/26 10:39:02 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/12/26 10:39:02 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2013/12/26 10:39:01 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/12/26 10:39:01 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2013/12/26 10:39:00 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/12/26 10:39:00 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/12/26 09:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/12/25 23:59:33 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Diagnostics
[2013/12/25 21:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/25 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Programs
[2013/12/25 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Adobe
[2013/12/25 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Apple Computer
[2013/12/25 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Apple Computer
[2013/12/25 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/25 15:35:20 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013/12/25 15:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/25 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/12/25 15:34:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Apple
[2013/12/25 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/12/25 15:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/25 15:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/25 15:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/25 11:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Book Place
[2013/12/25 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\Documents\Book Place
[2013/12/25 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Book Place
[2013/12/25 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Macromedia
[2013/12/25 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Toshiba
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\Searches
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\Contacts
[2013/12/25 10:26:41 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/25 10:26:41 | 000,000,000 | -H-D | C] -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/25 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Adobe
[2013/12/25 10:26:29 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\WinBatch
[2013/12/25 10:24:52 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\VirtualStore
[2013/12/25 10:24:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/12/25 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Packages
[2013/12/25 10:23:57 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Temporary Internet Files
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Templates
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Start Menu
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\SendTo
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Recent
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\PrintHood
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\NetHood
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Videos
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Pictures
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Music
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\My Documents
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Local Settings
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\History
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Cookies
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Application Data
[2013/12/25 10:23:50 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Application Data
[2013/12/25 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Temp
[2013/12/25 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Microsoft
[2013/12/25 10:23:46 | 000,000,000 | --SD | C] -- C:\Users\Dean\AppData\Roaming\Microsoft
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Videos
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Saved Games
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Pictures
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Music
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Links
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Favorites
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Downloads
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Documents
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\Desktop
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/25 10:23:46 | 000,000,000 | R--D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/12/25 10:23:46 | 000,000,000 | -H-D | C] -- C:\Users\Dean\AppData
[2013/12/25 10:23:46 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/05 14:58:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/05 14:56:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/05 14:56:20 | 2475,704,319 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 14:07:05 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/05 14:07:05 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/05 14:07:05 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/05 10:38:38 | 000,001,390 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/05 10:38:00 | 040,658,208 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\Dean\Desktop\spybot-2.2.exe
[2014/01/05 10:28:33 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014/01/05 09:19:32 | 000,139,264 | ---- | M] () -- C:\Users\Dean\Desktop\SystemLook.exe
[2014/01/04 21:03:03 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 19:46:02 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Dean\Desktop\JRT.exe
[2014/01/04 18:04:56 | 001,233,962 | ---- | M] () -- C:\Users\Dean\Desktop\AdwCleaner.exe
[2014/01/02 21:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dean\Desktop\OTL.exe
[2014/01/01 20:02:29 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/12/31 21:24:58 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/28 12:40:26 | 002,557,862 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/12/26 23:00:36 | 000,282,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/26 22:44:24 | 000,053,686 | ---- | M] () -- C:\Users\Dean\Documents\cc_20131226_224412.reg
[2013/12/26 21:37:07 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/26 00:04:18 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/12/25 21:29:18 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/12/25 21:29:18 | 000,007,631 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/12/25 21:29:18 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/12/25 15:35:26 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 10:58:27 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/12/25 10:31:25 | 000,001,435 | ---- | M] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/19 13:55:20 | 000,023,702 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20131219.024
 
========== Files Created - No Company Name ==========
 
[2014/01/05 10:38:38 | 000,001,402 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/01/05 10:38:38 | 000,001,390 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/05 09:19:32 | 000,139,264 | ---- | C] () -- C:\Users\Dean\Desktop\SystemLook.exe
[2014/01/04 21:03:03 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 18:04:56 | 001,233,962 | ---- | C] () -- C:\Users\Dean\Desktop\AdwCleaner.exe
[2014/01/01 20:02:29 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/12/31 21:25:34 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2013/12/31 21:24:57 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/26 23:00:25 | 000,282,472 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/26 22:44:20 | 000,053,686 | ---- | C] () -- C:\Users\Dean\Documents\cc_20131226_224412.reg
[2013/12/26 21:37:06 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/26 10:51:41 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/12/26 10:49:41 | 000,385,528 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/12/26 00:04:18 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/12/25 15:35:26 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 15:34:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/25 10:58:27 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/12/25 10:31:25 | 000,001,435 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/25 10:26:35 | 000,001,441 | ---- | C] () -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/25 10:23:47 | 000,000,352 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/25 10:23:47 | 000,000,334 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/25 09:10:11 | 2475,704,319 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/20 00:25:59 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/02/22 16:49:46 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/02/22 16:43:09 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013/02/22 16:43:08 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/12/10 16:12:50 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013/12/26 21:36:21 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



#20 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2014 - 02:43 PM

Logs are looking good.   Are you still having issues with Conduit ?   How is your system behaving now ?


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#21 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 02:51 PM

System seems to be behaving ok, but I'm still getting bombed with imbedded AdChoices junk on pretty much every web page I open.

 

Is it normal to have a little blue circle next to the pointer arrow (Windows 8) while the machine is thinking/pages are loading?  Forgive my IE8 n00bishness.... I feel like a caveman getting used to a new machine (Toshiba, all I ever had before were ThinkPads) and moving from XP to Windows 8.


Edited by Dean N, 05 January 2014 - 02:56 PM.


#22 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2014 - 03:21 PM

Give this a shot

 

Open IE

 

1. Press Alt+X and go to Manage add-ons.
2. Go to Toolbars and Extensions, and remove AdChoices.
3. Click Search Providers on the left.
4. Remove the unwanted search engine and select another one.
5. Save changes and close window. Press Alt+X again.
6. Go to Internet Options, under the General tab, replace current home page address with your desired one. Click OK.


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#23 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 04:20 PM

I looked.. there was no AdChoices or other unwanted item found in either setting.  I do remember previously removing Conduit stuff from both settings previously.



#24 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2014 - 04:27 PM

Open IE and go to Tools >  Internet Options > Advanced Tab > Reset Internet Explorer Setting >  Then click on Reset .....it may take a few seconds ...when its done ok your way out and close IE.   Then reopen IE and see if it fixed it


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#25 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 04:48 PM

Done... :(  ...AdChoices ads are still showing up on the right side and in the middle of web pages (e.g. MSN).


    Advertisements

Register to Remove


#26 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2014 - 05:32 PM

Plug these into System Look

 

 

:folderfind
AdChoices
Ad Choices
:filefind
AdChoices
Ad Choices
:regfind
AdChoices
Ad Choices

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#27 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 05:45 PM

Not much info here:

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 18:37 on 05/01/2014 by Dean
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "AdChoices"
No folders found.

Searching for "Ad Choices"
No folders found.

========== filefind ==========

Searching for "AdChoices"
No files found.

Searching for "Ad Choices"
No files found.

========== regfind ==========

Searching for "AdChoices"
No data found.

Searching for "Ad Choices"
No data found.

-= EOF =-



#28 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2014 - 06:13 PM

When you downloaded SystemLook, did you download the 64 BIT version ?  If not drag SystemLook to the trash and download the 64 BIT version and try inputing that search again

 

http://jpshortstuff....temLook_x64.exe


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#29 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 06:21 PM

Take 2  (looks identical):

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:18 on 05/01/2014 by Dean
Administrator - Elevation successful

========== folderfind ==========

Searching for "AdChoices"
No folders found.

Searching for "Ad Choices"
No folders found.

========== filefind ==========

Searching for "AdChoices"
No files found.

Searching for "Ad Choices"
No files found.

========== regfind ==========

Searching for "AdChoices"
No data found.

Searching for "Ad Choices"
No data found.

-= EOF =-



#30 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2014 - 06:24 PM

This is new to me, never dealt with AdChoices before.   

 

 

Please download SuperAntiSpyware Free
Install the program
  •  
  • Run SuperAntiSpyware and click: Check for updates  
  • Once the update is finished, on the main screen, click: Scan your computer
  • Check: Perform Complete Scan
  • Click Next to start the scan.
 
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
 
It is possible that the program asks to reboot in order to delete some files.
 
Obtain the SuperAntiSpyware log as follows:
  •  
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
 
Please provide the SuperAntiSpyware log in your next r

 

 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users