Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Persistent SearchConduit, ReadingFanatic, and/or Adware infection [Sol


  • This topic is locked This topic is locked
79 replies to this topic

#31 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2014 - 07:12 PM

 
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
 
 

 

FYI, everything was automatically checked, and there was no Next --> Finish option, only Remove Threats.  Looked like 37 tracking cookies:

 

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/05/2014 at 07:52 PM

Application Version : 5.7.1016

Core Rules Database Version : 10957
Trace Rules Database Version: 8769

Scan type       : Complete Scan
Total Scan Time : 00:20:04

Operating System Information
 65 Edition 64-bit (Build 6.02.9200)
UAC On - Limited User

Memory items scanned      : 696
Memory threats detected   : 0
Registry items scanned    : 68863
Registry threats detected : 0
File items scanned        : 53316
File threats detected     : 37

Adware.Tracking Cookie
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\OXATNZEN.txt [ /serving-sys.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\S11JMWLI.txt [ /atdmt.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\FHJ1W7SX.txt [ /doubleclick.net ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\K75B0ZDN.txt [ /h.atdmt.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\6J4AA84F.txt [ /serving-sys.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBW0QJO2.txt [ /tribalfusion.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\90BYZWQH.txt [ /ru4.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\X6BUM6DQ.txt [ /ads.yahoo.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\ED3674IW.txt [ /msnbc.112.2o7.net ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJW7FOH2.txt [ /interclick.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\QPBV3UX0.txt [ /tacoda.at.atwola.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\VYSS5VCA.txt [ /advertising.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\54KYRH05.txt [ /zedo.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\A48YW2G0.txt [ /revsci.net ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\VKC8JQC2.txt [ /at.atwola.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z9WBYVBV.txt [ /invitemedia.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\B8OKCO4L.txt [ /ads.pubmatic.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\0MY9PNTD.txt [ /collective-media.net ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLQGOU94.txt [ /atdmt.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\EOPY70HB.txt [ /media6degrees.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBS2MFWW.txt [ /adtech.de ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\6COYT34L.txt [ /microsoftinternetexplorer.112.2o7.net ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJFCX06E.txt [ /doubleclick.net ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\7K2KC0WK.txt [ /c.atdmt.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\N57FU1Z3.txt [ /www.burstnet.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\8ZFE26MZ.txt [ /lucidmedia.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\H5MQ64QF.txt [ /mediaplex.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOXQSEPY.txt [ /amazon-adsystem.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9TC82BR.txt [ /legolas-media.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\O81KHESF.txt [ /clickbooth.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\H2UCDPX9.txt [ /smartadserver.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\V8PCOQPI.txt [ /imrworldwide.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\3LPGNP05.txt [ /h.atdmt.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\JE1TLTAV.txt [ /fastclick.net ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\7J0WV6EH.txt [ /adtechus.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSN73UJL.txt [ /insightexpressai.com ]
 C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OYIOU8T.txt [ /casalemedia.com ]


    Advertisements

Register to Remove


#32 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2014 - 05:57 AM

Good Morning,

 

Hang in the buddy we will figure this out.  I have Googled this to death and we have done everything the removal of this has suggested .

 

Plug this into SystemLook

 

 

:reg
[HKEY_CURRENT_USER\Software]
 
I wanted to add that SuperAntiSpyware is a legit program so its up to you to keep it or not, it can be uninstalled if your wish via Programs and Features in the Control Panel

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#33 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2014 - 09:32 AM

Hi Dean

 

Try this tool, nothing to install, just download it to your desktop and right click on it and run as administrator, if it finds Ad Choice select to remove it

 

   http://files.avast.c...ser-cleanup.exe


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#34 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 06 January 2014 - 06:10 PM

Hi Ken.  No worries!  This is a pretty pervasive thing, this AdChoices.  Hopefully many will be able to benefit from us (you) figuring out how to get this junk out of my machine.

 

System Look:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:01 on 06/01/2014 by Dean
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software]
(No values found)

[HKEY_CURRENT_USER\Software\Adobe]

[HKEY_CURRENT_USER\Software\AppDataLow]

[HKEY_CURRENT_USER\Software\Apple Computer, Inc.]

[HKEY_CURRENT_USER\Software\Apple Inc.]

[HKEY_CURRENT_USER\Software\IM Providers]

[HKEY_CURRENT_USER\Software\Intel]

[HKEY_CURRENT_USER\Software\kde.org]

[HKEY_CURRENT_USER\Software\Macromedia]

[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]

[HKEY_CURRENT_USER\Software\Microsoft]

[HKEY_CURRENT_USER\Software\MOZILLA]

[HKEY_CURRENT_USER\Software\MozillaPlugins]

[HKEY_CURRENT_USER\Software\Norton]

[HKEY_CURRENT_USER\Software\Piriform]

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\Realtek]

[HKEY_CURRENT_USER\Software\RegisteredApplications]

[HKEY_CURRENT_USER\Software\Safer Networking Limited]

[HKEY_CURRENT_USER\Software\SearchProtectP]

[HKEY_CURRENT_USER\Software\Skype]

[HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com]

[HKEY_CURRENT_USER\Software\Symantec]

[HKEY_CURRENT_USER\Software\Synaptics]

[HKEY_CURRENT_USER\Software\Toshiba]

[HKEY_CURRENT_USER\Software\Trolltech]

[HKEY_CURRENT_USER\Software\Wow6432Node]

[HKEY_CURRENT_USER\Software\Classes]

[]
Hive unrecognized.

-= EOF =-

 

 

 

 

 

 

And Avast Browser Cleanup: "Your browsers appear to be free from add-ons that have a poor reputation."

 

Ugh...



#35 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2014 - 06:53 PM

Lets run this through OTL

 

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  •  
     
    :OTL
     
     
    :Services
     
    :Reg
    [-HKEY_CURRENT_USER\Software\SearchProtectP]
     
    :Files
    ipconfig /flushdns /c
     
     
    :Commands
    [purity]
    [resethosts]
    [EMPTYJAVA] 
    [emptytemp]
    [start explorer]
    [Reboot]
     
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
  •  
     
     
    Post a new OTL log .  Be back soon, I think I need another pair of eyes on this, something where missing 

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #36 Dean N

    Dean N

      Authentic Member

    • Authentic Member
    • PipPip
    • 152 posts

    Posted 06 January 2014 - 07:31 PM

    Here you go!  A couple deletions:

     

     

     

    All processes killed
    Error: Unable to interpret < > in the current context!
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\SearchProtectP\ deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dean\Desktop\cmd.bat deleted successfully.
    C:\Users\Dean\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Dean
     
    User: Default
     
    User: Default User
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Dean
    ->Temp folder emptied: 151915 bytes
    ->Temporary Internet Files folder emptied: 24650457 bytes
    ->Flash cache emptied: 694 bytes
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4710 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 24.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 01062014_202729

    Files\Folders moved on Reboot...
    C:\Users\Dean\AppData\Local\Temp\log.txt moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLRSWEUW\like[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJ6YRMVE\-iGmidt4SirRkI4DjBoTLA[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJ6YRMVE\EvPKapBawcLZ3hbihjhqAfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJ6YRMVE\index[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJ6YRMVE\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S1L3EYK1\xd_arbiter[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S1L3EYK1\xd_arbiter[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LTBKHYP8\ELvCmRUbtOdCk3jbD-FqUPesZW2xOQ-xsNqO47m55DA[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LTBKHYP8\fastbutton[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LTBKHYP8\HqHm7BVC_nzzTui2lzQTDfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LTBKHYP8\postmessageRelay[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LTBKHYP8\RHp5spKuj-AQOgQKPITXrQ[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...



    #37 Dean N

    Dean N

      Authentic Member

    • Authentic Member
    • PipPip
    • 152 posts

    Posted 06 January 2014 - 07:36 PM

    Sorry, forgot to advise - I still have AdChoices showing up on web pages.



    #38 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 06 January 2014 - 07:57 PM

    Error: Unable to interpret < > in the current context!

     

    This is because you did not add :OTL and the beginning of the fix

     

    It has to start with :OTL

     

    Run a new fix please with the same script

     

    Let me ask you.  What if you went into lets say CNN.com and made that your start page, would you still be getting the Ad Choices garbage ?


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #39 Dean N

    Dean N

      Authentic Member

    • Authentic Member
    • PipPip
    • 152 posts

    Posted 06 January 2014 - 10:13 PM

    I think I got it right this time:

     

     

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\SearchProtectP\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dean\Desktop\cmd.bat deleted successfully.
    C:\Users\Dean\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Dean
     
    User: Default
     
    User: Default User
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Dean
    ->Temp folder emptied: 373925 bytes
    ->Temporary Internet Files folder emptied: 41945926 bytes
    ->Flash cache emptied: 811 bytes
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22790 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 40.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 01062014_220205

    Files\Folders moved on Reboot...
    C:\Users\Dean\AppData\Local\Temp\log.txt moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\ad-ifr[1].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\adoapn_AppNexusDemoActionTag_1[1].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\ads[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\amazon_com[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\cnn_com[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\comScore[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\d-6IYplOFocCacKzxwXSOPY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\follow_button.1387492107[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\getadi[1].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\getAds[3].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\hub[1].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\index[2].xml not found!
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\like[1].htm not found!
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\like[2].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\postmessageRelay[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\push[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\site=cnn&cnn_pagetype=main&cnn_position=143x31_spon1&cnn_rollup=homepage&cnn_section=weather&page.allowcompete=no&params.styles=fs&Params.User[1].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\site=cnn&cnn_pagetype=main&cnn_position=1x1_bot&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[3].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\site=cnn&cnn_pagetype=main&cnn_position=300x100_bot2&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[3].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\site=cnn&cnn_pagetype=main&cnn_position=300x100_bot3&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[3].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\site=cnn&cnn_pagetype=main&cnn_position=300x250_rgt&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[1].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\weather_com[1].htm not found!
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHXC32IK\xd_arbiter[1].htm not found!
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\13001-101281-17214-58[1].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\5YB-ifwqHP20Yn46l_BDhA[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\ad-ifr[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\ad-ifr[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\a[1].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\cnn_com[3].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\contest[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\epicurious_com[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\EvPKapBawcLZ3hbihjhqAfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\getAds[1].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\getAds[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\getForecast[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\getForecast[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\getForecast[7].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\getForecast[8].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\getForecast[9].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\hub[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\push[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\px[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\rt=ifr[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\server[1].htm moved successfully.
    File move failed. C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\site=cnn&cnn_pagetype=main&cnn_position=143x31_spon1&cnn_rollup=homepage&cnn_section=weather&page.allowcompete=no&params.styles=fs&Params.User[3].htm scheduled to be moved on reboot.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\site=cnn&cnn_pagetype=main&cnn_position=1x1_bot&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\site=cnn&cnn_pagetype=main&cnn_position=300x100_bot1&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\site=cnn&cnn_pagetype=main&cnn_position=300x100_bot1&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[6].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\site=cnn&cnn_pagetype=main&cnn_position=970x66_top&cnn_rollup=homepage&page.allowcompete=no&params.styles=fs&Params.User[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\skypeinoutlook-iframe[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\stories[2].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\stories[6].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\talkbass_com[1].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\Type=click&FlightID=577374&AdID=783426&TargetID=107650&Values=1588&Redirect=;ord=cbjplAk,bjmwIayekAeRd[1].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\week196[1].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\xmlProxy[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5PMX77O\xmlProxy[2].htm moved successfully.
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MIQ965E\2211C6_0_0[1].eot not found!
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MIQ965E\3PDPHandler[1].gif not found!
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MIQ965E\3PDPHandler[2].gif not found!
    File\Folder C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MIQ965E\@x96[1].htm not found!
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MIQ965E\ELvCmRUbtOdCk3jbD-FqUPesZW2xOQ-xsNqO47m55DA[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MIQ965E\HqHm7BVC_nzzTui2lzQTDfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MIQ965E\RHp5spKuj-AQOgQKPITXrQ[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4KP5Q1FS\forums_whatthetech_com[1].htm moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4KP5Q1FS\PIPMHY90P7jtyjpXuZ2cLPY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4KP5Q1FS\S1YQx4pVZa17uu0HWQd2fA[1].eot moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

     

     

     

     

     

     

    As for changing homepages, I checked these after this OTL rerun.  Yes means AdChoices ads show up on the pages:

     

    MSN- yes

    Yahoo- yes

    Amazon- no

    CNN- no

    Instructables- yes

    CNET - yes

    WTAE, a local news channel - yes

     

     

     

     


    Edited by Dean N, 06 January 2014 - 10:17 PM.


    #40 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 07 January 2014 - 06:55 AM

    Morning Dean,

     

    Lets run a cleaner for your system followed up with a different scanner that may show things the others are not

     

     

     

     
    Download TFC to your desktop
    •  
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't,  manually reboot to ensure a complete clean
     
     
     
     
     
    You will need the 64 bit version of FRST
     

    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #41 Dean N

    Dean N

      Authentic Member

    • Authentic Member
    • PipPip
    • 152 posts

    Posted 07 January 2014 - 07:39 AM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
    Ran by Dean (administrator) on DEANSPC on 07-01-2014 08:17:26
    Running from C:\Users\Dean\Desktop
    Windows 8 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
    HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
    HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-19] (SUPERAntiSpyware)
    HKU\Default\...\Run: [Pokki] - "%LOCALAPPDATA%\Pokki\Engine\pokki.exe"
    HKU\Default User\...\Run: [Pokki] - "%LOCALAPPDATA%\Pokki\Engine\pokki.exe"
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxsports.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    SearchScopes: HKLM - DefaultScope {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE} URL = http://www.bing.com/...E10TR&pc=MATBJS
    SearchScopes: HKLM - {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE} URL = http://www.bing.com/...E10TR&pc=MATBJS
    SearchScopes: HKLM-x32 - {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE} URL = http://www.bing.com/...E10TR&pc=MATBJS
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE} URL =
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
    R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
    S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
    S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
    R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
    R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
    R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-24] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-24] (Symantec Corporation)
    R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140106.001\IDSvia64.sys [521944 2013-12-24] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140106.023\ENG64.SYS [126040 2013-12-24] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140106.023\EX64.SYS [2099288 2013-12-24] (Symantec Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1544704 2013-03-12] (Realtek Semiconductor Corporation                           )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-02-06] (Synaptics Incorporated)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
    R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
    R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
    R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
    S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-25] (Symantec Corporation)
    R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
    R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
    R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2014-01-07 08:17 - 2014-01-07 08:17 - 00011947 _____ C:\Users\Dean\Desktop\FRST.txt
    2014-01-07 08:16 - 2014-01-07 08:16 - 00000000 ____D C:\FRST
    2014-01-07 08:15 - 2014-01-07 08:15 - 01064805 _____ (Farbar) C:\Users\Dean\Desktop\FRST.exe
    2014-01-07 08:14 - 2014-01-07 08:14 - 01931762 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
    2014-01-07 08:01 - 2014-01-07 08:01 - 00448512 _____ (OldTimer Tools) C:\Users\Dean\Desktop\TFC.exe
    2014-01-06 19:01 - 2014-01-06 19:01 - 02800104 _____ (AVAST Software) C:\Users\Dean\Desktop\avast-browser-cleanup.exe
    2014-01-05 23:23 - 2014-01-05 23:23 - 00009758 _____ C:\Users\Dean\Desktop\cc_20140105_232328.reg
    2014-01-05 19:31 - 2014-01-05 19:31 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-01-05 19:31 - 2014-01-05 19:31 - 00000000 ____D C:\Users\Dean\AppData\Roaming\SUPERAntiSpyware.com
    2014-01-05 19:31 - 2014-01-05 19:31 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2014-01-05 19:31 - 2014-01-05 19:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2014-01-05 19:30 - 2014-01-05 19:30 - 29302784 _____ (SUPERAntiSpyware) C:\Users\Dean\Desktop\SUPERAntiSpyware.exe
    2014-01-05 19:17 - 2014-01-05 19:17 - 00165376 _____ C:\Users\Dean\Desktop\SystemLook_x64.exe
    2014-01-05 18:37 - 2014-01-06 19:01 - 00002858 _____ C:\Users\Dean\Desktop\SystemLook.txt
    2014-01-05 15:04 - 2014-01-05 15:04 - 00157424 _____ C:\Users\Dean\Desktop\OTL.Txt
    2014-01-05 14:54 - 2014-01-05 14:54 - 00000000 ____D C:\_OTL
    2014-01-05 14:03 - 1996-01-26 16:51 - 00061440 _____ C:\Users\Dean\Downloads\snappy95.exe
    2014-01-05 10:38 - 2014-01-05 10:38 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-01-05 10:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
    2014-01-05 10:37 - 2014-01-05 10:38 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Dean\Desktop\spybot-2.2.exe
    2014-01-05 10:27 - 2014-01-05 10:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2014-01-05 09:45 - 2014-01-05 14:07 - 00035840 ___SH C:\Users\Dean\Desktop\Thumbs.db
    2014-01-04 21:03 - 2014-01-04 21:03 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-04 21:03 - 2014-01-04 21:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-04 21:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-01-04 21:02 - 2014-01-04 21:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dean\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-04 19:48 - 2014-01-04 19:48 - 00000000 ____D C:\windows\ERUNT
    2014-01-04 19:46 - 2014-01-04 19:46 - 01036305 _____ (Thisisu) C:\Users\Dean\Desktop\JRT.exe
    2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\AdwCleaner
    2014-01-04 18:04 - 2014-01-04 18:04 - 01233962 _____ C:\Users\Dean\Desktop\AdwCleaner.exe
    2014-01-02 21:47 - 2014-01-02 21:47 - 00054472 _____ C:\Users\Dean\Downloads\Extras.Txt
    2014-01-02 21:46 - 2014-01-05 12:01 - 00158990 _____ C:\Users\Dean\Downloads\OTL.Txt
    2014-01-02 21:36 - 2014-01-02 21:36 - 00602112 _____ (OldTimer Tools) C:\Users\Dean\Desktop\OTL.exe
    2014-01-01 20:29 - 2014-01-01 20:29 - 00000000 ____D C:\Users\Dean\AppData\Roaming\TuneUp Software
    2014-01-01 20:26 - 2014-01-02 21:15 - 00000000 ____D C:\ProgramData\MFAData
    2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Dean\AppData\Local\MFAData
    2014-01-01 20:02 - 2014-01-01 20:02 - 00000000 _____ C:\autoexec.bat
    2013-12-31 21:25 - 2014-01-05 10:28 - 00000085 _____ C:\windows\wininit.ini
    2013-12-31 21:24 - 2013-12-31 21:24 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
    2013-12-31 21:24 - 2013-12-31 21:24 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2013-12-31 21:24 - 2013-12-31 21:24 - 00000000 ____D C:\Program Files\CCleaner
    2013-12-31 20:29 - 2013-12-31 20:29 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
    2013-12-31 20:28 - 2014-01-05 10:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-12-29 19:49 - 2013-12-29 19:49 - 00000000 ____D C:\ProgramData\Synaptics
    2013-12-29 19:07 - 2013-12-29 19:11 - 00000000 ____D C:\Users\Dean\AppData\Local\CrashDumps
    2013-12-29 12:02 - 2013-12-29 12:04 - 00000000 ____D C:\Users\Dean\AppData\Local\cache
    2013-12-29 12:02 - 2013-12-29 12:02 - 00000000 ____D C:\Users\Dean\AppData\Local\genienext
    2013-12-29 12:02 - 2013-12-29 12:02 - 00000000 ____D C:\Users\Dean\.android
    2013-12-29 12:02 - 2013-12-29 12:02 - 00000000 _____ C:\Users\Dean\daemonprocess.txt
    2013-12-26 23:00 - 2013-12-26 23:00 - 00282472 _____ C:\windows\system32\FNTCACHE.DAT
    2013-12-26 22:44 - 2013-12-26 22:44 - 00053686 _____ C:\Users\Dean\Documents\cc_20131226_224412.reg
    2013-12-26 21:39 - 2013-12-26 21:39 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Malwarebytes
    2013-12-26 21:37 - 2014-01-01 19:06 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Skype
    2013-12-26 21:37 - 2013-12-26 21:37 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
    2013-12-26 21:37 - 2013-12-26 21:37 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-12-26 21:37 - 2013-12-26 21:37 - 00000000 ____D C:\ProgramData\Skype
    2013-12-26 12:34 - 2013-12-26 12:34 - 00488524 _____ C:\Users\Dean\Downloads\firstfortyninest030256mbp.mobi
    2013-12-26 11:43 - 2013-12-26 11:44 - 00000000 ____D C:\windows\system32\MRT
    2013-12-26 11:43 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2013-12-26 10:59 - 2013-04-09 00:33 - 00489576 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2013-12-26 10:59 - 2013-04-09 00:33 - 00446792 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2013-12-26 10:59 - 2013-04-09 00:33 - 00253544 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2013-12-26 10:59 - 2013-04-09 00:20 - 00306952 _____ (Microsoft Corporation) C:\windows\system32\kd_02_10ec.dll
    2013-12-26 10:59 - 2013-04-09 00:20 - 00086280 _____ (Microsoft Corporation) C:\windows\system32\kdnet.dll
    2013-12-26 10:59 - 2013-04-09 00:18 - 00077960 _____ (Microsoft Corporation) C:\windows\system32\kdvm.dll
    2013-12-26 10:59 - 2013-04-09 00:17 - 01829408 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2013-12-26 10:59 - 2013-04-08 23:52 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
    2013-12-26 10:59 - 2013-04-08 23:52 - 00804352 _____ (Microsoft Corporation) C:\windows\system32\RecoveryDrive.exe
    2013-12-26 10:59 - 2013-04-08 23:52 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
    2013-12-26 10:59 - 2013-04-08 23:52 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
    2013-12-26 10:59 - 2013-04-08 23:52 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
    2013-12-26 10:59 - 2013-04-08 23:51 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
    2013-12-26 10:59 - 2013-04-08 23:51 - 03552768 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
    2013-12-26 10:59 - 2013-04-08 23:51 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
    2013-12-26 10:59 - 2013-04-08 23:51 - 00456704 _____ (Microsoft Corporation) C:\windows\system32\wpncore.dll
    2013-12-26 10:59 - 2013-04-08 23:51 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
    2013-12-26 10:59 - 2013-04-08 23:51 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
    2013-12-26 10:59 - 2013-04-08 23:50 - 02107904 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
    2013-12-26 10:59 - 2013-04-08 23:50 - 01285632 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
    2013-12-26 10:59 - 2013-04-08 23:50 - 00745984 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
    2013-12-26 10:59 - 2013-04-08 23:50 - 00435200 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
    2013-12-26 10:59 - 2013-04-08 23:50 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\GenuineCenter.dll
    2013-12-26 10:59 - 2013-04-08 23:49 - 01444864 _____ (Microsoft Corporation) C:\windows\system32\MSAudDecMFT.dll
    2013-12-26 10:59 - 2013-04-08 23:49 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
    2013-12-26 10:59 - 2013-04-08 23:49 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
    2013-12-26 10:59 - 2013-04-08 23:49 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\fhengine.dll
    2013-12-26 10:59 - 2013-04-08 23:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\iuilp.dll
    2013-12-26 10:59 - 2013-04-08 23:49 - 00196096 _____ (Microsoft Corporation) C:\windows\system32\dmvdsitf.dll
    2013-12-26 10:59 - 2013-04-08 23:49 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\dwmredir.dll
    2013-12-26 10:59 - 2013-04-08 23:48 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2013-12-26 10:59 - 2013-04-08 21:34 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
    2013-12-26 10:59 - 2013-04-08 21:33 - 00623104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
    2013-12-26 10:59 - 2013-04-08 21:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
    2013-12-26 10:59 - 2013-04-08 21:32 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
    2013-12-26 10:59 - 2013-04-08 21:31 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
    2013-12-26 10:59 - 2013-04-08 21:31 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
    2013-12-26 10:59 - 2013-04-08 18:44 - 00123880 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
    2013-12-26 10:59 - 2013-04-08 18:39 - 01408896 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2013-12-26 10:59 - 2013-04-08 18:37 - 00426024 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2013-12-26 10:59 - 2013-04-08 18:37 - 00324368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2013-12-26 10:59 - 2013-04-08 16:52 - 11878912 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
    2013-12-26 10:59 - 2013-04-08 16:52 - 00670208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
    2013-12-26 10:59 - 2013-04-08 16:52 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
    2013-12-26 10:59 - 2013-04-08 16:52 - 00171008 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
    2013-12-26 10:59 - 2013-04-08 16:52 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
    2013-12-26 10:59 - 2013-04-08 16:51 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 01593344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 01113600 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSAudDecMFT.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 00659456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 00403968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 00214528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
    2013-12-26 10:59 - 2013-04-08 16:51 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\dmvdsitf.dll
    2013-12-26 10:59 - 2013-04-04 18:30 - 00503080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
    2013-12-26 10:59 - 2013-03-15 17:05 - 00298456 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
    2013-12-26 10:59 - 2013-03-15 17:05 - 00252928 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
    2013-12-26 10:58 - 2013-04-08 23:50 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
    2013-12-26 10:58 - 2013-04-08 23:50 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
    2013-12-26 10:58 - 2013-04-08 23:50 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
    2013-12-26 10:58 - 2013-04-08 23:49 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\fmifs.dll
    2013-12-26 10:58 - 2013-04-08 16:51 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
    2013-12-26 10:58 - 2013-04-08 16:51 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\fmifs.dll
    2013-12-26 10:58 - 2013-04-08 16:51 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
    2013-12-26 10:58 - 2013-04-08 16:51 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
    2013-12-26 10:58 - 2012-10-23 23:54 - 00396008 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
    2013-12-26 10:58 - 2012-10-16 23:32 - 01172992 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
    2013-12-26 10:58 - 2012-10-16 23:32 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
    2013-12-26 10:58 - 2012-10-16 23:32 - 00673280 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
    2013-12-26 10:58 - 2012-10-16 22:57 - 00929792 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
    2013-12-26 10:58 - 2012-10-16 22:57 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
    2013-12-26 10:58 - 2012-10-16 22:57 - 00513024 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
    2013-12-26 10:58 - 2012-10-12 01:13 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\dskquota.dll
    2013-12-26 10:58 - 2012-10-12 00:39 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\dskquota.dll
    2013-12-26 10:57 - 2013-05-04 02:58 - 00120736 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
    2013-12-26 10:57 - 2013-05-04 01:59 - 01483776 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
    2013-12-26 10:57 - 2013-05-04 01:59 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
    2013-12-26 10:57 - 2013-05-04 01:58 - 01332736 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
    2013-12-26 10:57 - 2013-05-04 01:58 - 00470528 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
    2013-12-26 10:57 - 2013-05-04 01:58 - 00330240 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
    2013-12-26 10:57 - 2013-05-04 01:58 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\netplwiz.dll
    2013-12-26 10:57 - 2013-05-04 01:58 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
    2013-12-26 10:57 - 2013-05-04 01:58 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 01131520 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 00501760 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 00389120 _____ (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\biwinrt.dll
    2013-12-26 10:57 - 2013-05-04 01:57 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
    2013-12-26 10:57 - 2013-05-04 01:56 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\intl.cpl
    2013-12-26 10:57 - 2013-05-03 23:58 - 00758784 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
    2013-12-26 10:57 - 2013-05-03 23:57 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
    2013-12-26 10:57 - 2013-05-03 23:57 - 00151040 _____ (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
    2013-12-26 10:57 - 2013-05-03 23:57 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
    2013-12-26 10:57 - 2013-05-03 23:57 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
    2013-12-26 10:57 - 2013-05-03 23:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
    2013-12-26 10:57 - 2013-05-03 23:56 - 00449536 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
    2013-12-26 10:57 - 2013-05-03 23:56 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
    2013-12-26 10:57 - 2013-05-03 23:56 - 00309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
    2013-12-26 10:57 - 2013-05-03 23:56 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
    2013-12-26 10:57 - 2013-05-03 23:55 - 00389632 _____ (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
    2013-12-26 10:57 - 2013-05-03 23:51 - 00014848 _____ (Microsoft) C:\windows\system32\rars.rs
    2013-12-26 10:57 - 2013-05-03 23:47 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
    2013-12-26 10:57 - 2013-05-03 23:10 - 00014848 _____ (Microsoft) C:\windows\SysWOW64\rars.rs
    2013-12-26 10:57 - 2013-03-01 21:45 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
    2013-12-26 10:57 - 2013-03-01 21:45 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
    2013-12-26 10:56 - 2013-05-30 18:24 - 01257472 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2013-12-26 10:56 - 2013-05-30 18:08 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2013-12-26 10:56 - 2013-05-14 21:25 - 00888320 _____ (Microsoft Corporation) C:\windows\system32\autochk.exe
    2013-12-26 10:56 - 2013-05-14 21:25 - 00542208 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
    2013-12-26 10:56 - 2013-05-14 21:24 - 00793088 _____ (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
    2013-12-26 10:56 - 2013-05-14 21:24 - 00482816 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
    2013-12-26 10:56 - 2013-03-02 05:57 - 00332520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
    2013-12-26 10:56 - 2013-03-02 05:39 - 00495336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
    2013-12-26 10:56 - 2013-03-02 03:23 - 01338880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2013-12-26 10:56 - 2013-03-02 03:23 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
    2013-12-26 10:56 - 2013-03-02 03:23 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
    2013-12-26 10:56 - 2013-03-02 03:23 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2013-12-26 10:56 - 2013-03-02 03:22 - 05091840 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2013-12-26 10:56 - 2013-03-02 03:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
    2013-12-26 10:56 - 2013-03-02 03:21 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvstore.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 01149952 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\TimeBrokerServer.dll
    2013-12-26 10:56 - 2013-03-01 21:45 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
    2013-12-26 10:56 - 2013-03-01 21:44 - 05978624 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2013-12-26 10:56 - 2013-03-01 21:44 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
    2013-12-26 10:55 - 2013-06-16 17:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
    2013-12-26 10:55 - 2013-06-01 06:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
    2013-12-26 10:55 - 2013-06-01 06:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2013-12-26 10:55 - 2013-06-01 06:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
    2013-12-26 10:55 - 2013-06-01 05:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
    2013-12-26 10:55 - 2013-06-01 04:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
    2013-12-26 10:55 - 2013-06-01 04:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
    2013-12-26 10:55 - 2013-06-01 04:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
    2013-12-26 10:55 - 2013-06-01 04:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
    2013-12-26 10:55 - 2013-06-01 04:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
    2013-12-26 10:55 - 2013-06-01 04:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
    2013-12-26 10:55 - 2013-06-01 04:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
    2013-12-26 10:55 - 2013-06-01 04:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
    2013-12-26 10:55 - 2013-06-01 04:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
    2013-12-26 10:55 - 2013-06-01 04:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
    2013-12-26 10:55 - 2013-06-01 04:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
    2013-12-26 10:55 - 2013-06-01 04:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
    2013-12-26 10:55 - 2013-06-01 04:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
    2013-12-26 10:55 - 2013-06-01 04:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
    2013-12-26 10:55 - 2013-06-01 04:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
    2013-12-26 10:55 - 2013-06-01 04:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
    2013-12-26 10:55 - 2013-06-01 04:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2013-12-26 10:55 - 2013-06-01 04:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
    2013-12-26 10:55 - 2013-05-31 22:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
    2013-12-26 10:55 - 2013-05-24 17:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
    2013-12-26 10:55 - 2013-05-24 17:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
    2013-12-26 10:55 - 2013-05-24 17:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
    2013-12-26 10:55 - 2013-05-24 17:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
    2013-12-26 10:55 - 2013-03-02 05:57 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys
    2013-12-26 10:55 - 2013-03-02 03:21 - 00145408 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
    2013-12-26 10:55 - 2013-03-02 03:21 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevDispItemProvider.dll
    2013-12-26 10:55 - 2013-03-01 21:45 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\WSDPrintProxy.DLL
    2013-12-26 10:55 - 2013-03-01 21:44 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\drvstore.dll
    2013-12-26 10:55 - 2013-03-01 21:44 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\discan.dll
    2013-12-26 10:55 - 2013-03-01 21:44 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\NdisImPlatform.dll
    2013-12-26 10:55 - 2013-03-01 21:44 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\DevDispItemProvider.dll
    2013-12-26 10:55 - 2013-03-01 21:43 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
    2013-12-26 10:55 - 2013-03-01 21:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
    2013-12-26 10:55 - 2013-02-28 23:56 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys
    2013-12-26 10:54 - 2013-07-05 19:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
    2013-12-26 10:54 - 2013-07-05 17:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
    2013-12-26 10:54 - 2013-07-05 17:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
    2013-12-26 10:54 - 2013-07-03 21:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
    2013-12-26 10:54 - 2013-07-01 19:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2013-12-26 10:54 - 2013-07-01 17:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2013-12-26 10:54 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
    2013-12-26 10:54 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
    2013-12-26 10:54 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
    2013-12-26 10:54 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
    2013-12-26 10:54 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
    2013-12-26 10:54 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
    2013-12-26 10:54 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
    2013-12-26 10:54 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
    2013-12-26 10:54 - 2013-05-23 18:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2013-12-26 10:54 - 2013-05-23 17:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2013-12-26 10:54 - 2013-04-11 17:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
    2013-12-26 10:54 - 2013-04-11 17:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
    2013-12-26 10:53 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
    2013-12-26 10:53 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
    2013-12-26 10:53 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
    2013-12-26 10:53 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
    2013-12-26 10:53 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
    2013-12-26 10:53 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2013-12-26 10:53 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
    2013-12-26 10:53 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2013-12-26 10:53 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
    2013-12-26 10:53 - 2013-08-01 05:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2013-12-26 10:53 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
    2013-12-26 10:53 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
    2013-12-26 10:53 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
    2013-12-26 10:53 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
    2013-12-26 10:53 - 2013-06-28 22:07 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
    2013-12-26 10:53 - 2013-05-04 01:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
    2013-12-26 10:53 - 2013-05-03 23:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
    2013-12-26 10:53 - 2013-05-03 23:48 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
    2013-12-26 10:53 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
    2013-12-26 10:53 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
    2013-12-26 10:53 - 2013-03-02 04:59 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2013-12-26 10:53 - 2013-03-02 03:23 - 00100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncInfo.dll
    2013-12-26 10:53 - 2012-11-20 00:24 - 01164800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
    2013-12-26 10:53 - 2012-11-20 00:17 - 01184256 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
    2013-12-26 10:53 - 2012-11-20 00:02 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDKURD.DLL
    2013-12-26 10:53 - 2012-11-19 23:59 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDKURD.DLL
    2013-12-26 10:52 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
    2013-12-26 10:52 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
    2013-12-26 10:52 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
    2013-12-26 10:52 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
    2013-12-26 10:52 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
    2013-12-26 10:52 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
    2013-12-26 10:52 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2013-12-26 10:52 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2013-12-26 10:52 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2013-12-26 10:52 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
    2013-12-26 10:52 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2013-12-26 10:52 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2013-12-26 10:52 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
    2013-12-26 10:52 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
    2013-12-26 10:52 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
    2013-12-26 10:52 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
    2013-12-26 10:52 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
    2013-12-26 10:52 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
    2013-12-26 10:52 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
    2013-12-26 10:52 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
    2013-12-26 10:52 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
    2013-12-26 10:52 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
    2013-12-26 10:52 - 2013-06-01 04:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2013-12-26 10:52 - 2013-06-01 04:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2013-12-26 10:52 - 2013-04-23 18:13 - 01013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
    2013-12-26 10:52 - 2013-04-23 18:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
    2013-12-26 10:52 - 2013-04-23 17:56 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
    2013-12-26 10:52 - 2013-04-23 17:55 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
    2013-12-26 10:51 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2013-12-26 10:51 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2013-12-26 10:51 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2013-12-26 10:51 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2013-12-26 10:51 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2013-12-26 10:51 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2013-12-26 10:51 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2013-12-26 10:51 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2013-12-26 10:51 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2013-12-26 10:51 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2013-12-26 10:51 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2013-12-26 10:51 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2013-12-26 10:51 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2013-12-26 10:51 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2013-12-26 10:51 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2013-12-26 10:51 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2013-12-26 10:51 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2013-12-26 10:51 - 2013-08-16 00:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
    2013-12-26 10:51 - 2013-08-16 00:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
    2013-12-26 10:51 - 2013-08-16 00:32 - 00209200 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
    2013-12-26 10:51 - 2013-08-16 00:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
    2013-12-26 10:51 - 2013-08-16 00:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
    2013-12-26 10:51 - 2013-08-16 00:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
    2013-12-26 10:51 - 2013-08-16 00:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2013-12-26 10:51 - 2013-08-15 17:43 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
    2013-12-26 10:51 - 2013-08-15 17:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
    2013-12-26 10:51 - 2013-08-15 17:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
    2013-12-26 10:51 - 2013-08-15 17:43 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2013-12-26 10:51 - 2013-08-15 17:43 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-12-26 10:51 - 2013-08-15 17:43 - 00083968 _____ C:\windows\SysWOW64\OEMLicense.dll
    2013-12-26 10:51 - 2013-08-15 17:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
    2013-12-26 10:51 - 2013-08-15 17:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
    2013-12-26 10:51 - 2013-05-26 18:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
    2013-12-26 10:51 - 2013-05-26 17:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
    2013-12-26 10:51 - 2013-05-24 22:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
    2013-12-26 10:51 - 2013-05-24 21:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
    2013-12-26 10:51 - 2013-02-19 04:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
    2013-12-26 10:50 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2013-12-26 10:50 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2013-12-26 10:50 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2013-12-26 10:50 - 2013-10-01 18:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2013-12-26 10:50 - 2013-10-01 18:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2013-12-26 10:50 - 2013-07-09 03:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
    2013-12-26 10:50 - 2013-07-09 01:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
    2013-12-26 10:50 - 2013-07-08 23:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
    2013-12-26 10:50 - 2013-07-08 22:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
    2013-12-26 10:50 - 2013-07-08 17:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
    2013-12-26 10:50 - 2013-07-08 17:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
    2013-12-26 10:50 - 2013-07-08 17:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
    2013-12-26 10:50 - 2013-07-08 17:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
    2013-12-26 10:50 - 2013-07-05 19:16 - 01025024 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2013-12-26 10:50 - 2013-07-02 19:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
    2013-12-26 10:50 - 2013-07-02 19:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
    2013-12-26 10:50 - 2013-07-02 19:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2013-12-26 10:50 - 2013-07-02 19:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
    2013-12-26 10:50 - 2013-06-30 17:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
    2013-12-26 10:50 - 2013-06-30 17:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
    2013-12-26 10:50 - 2013-06-29 01:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
    2013-12-26 10:50 - 2013-06-29 01:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
    2013-12-26 10:50 - 2013-06-29 00:43 - 00327512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
    2013-12-26 10:50 - 2013-06-25 22:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
    2013-12-26 10:50 - 2013-06-25 21:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
    2013-12-26 10:50 - 2013-06-24 17:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
    2013-12-26 10:50 - 2013-06-24 17:54 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
    2013-12-26 10:50 - 2013-06-24 17:54 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
    2013-12-26 10:50 - 2013-06-19 00:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
    2013-12-26 10:50 - 2013-06-19 00:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
    2013-12-26 10:50 - 2013-06-18 17:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
    2013-12-26 10:50 - 2013-06-18 17:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
    2013-12-26 10:50 - 2013-06-11 18:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
    2013-12-26 10:50 - 2013-06-11 18:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
    2013-12-26 10:50 - 2013-06-10 14:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
    2013-12-26 10:50 - 2013-06-10 14:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
    2013-12-26 10:50 - 2013-06-10 14:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
    2013-12-26 10:50 - 2013-06-10 14:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
    2013-12-26 10:50 - 2013-06-06 03:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2013-12-26 10:50 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
    2013-12-26 10:50 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
    2013-12-26 10:50 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2013-12-26 10:50 - 2013-05-14 04:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2013-12-26 10:50 - 2013-02-21 05:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2013-12-26 10:50 - 2013-02-21 05:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2013-12-26 10:50 - 2013-02-21 05:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2013-12-26 10:50 - 2013-02-21 05:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2013-12-26 10:50 - 2013-02-21 05:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2013-12-26 10:50 - 2013-02-21 05:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2013-12-26 10:49 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
    2013-12-26 10:49 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
    2013-12-26 10:49 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
    2013-12-26 10:49 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2013-12-26 10:49 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2013-12-26 10:49 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2013-12-26 10:49 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2013-12-26 10:49 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2013-12-26 10:49 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2013-12-26 10:49 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2013-12-26 10:49 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2013-12-26 10:49 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2013-12-26 10:49 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2013-12-26 10:49 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
    2013-12-26 10:49 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2013-12-26 10:49 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2013-12-26 10:49 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
    2013-12-26 10:49 - 2013-10-03 17:09 - 00385528 _____ C:\windows\system32\ApnDatabase.xml
    2013-12-26 10:49 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
    2013-12-26 10:49 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2013-12-26 10:49 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2013-12-26 10:49 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
    2013-12-26 10:49 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
    2013-12-26 10:49 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
    2013-12-26 10:49 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
    2013-12-26 10:49 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
    2013-12-26 10:49 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
    2013-12-26 10:48 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2013-12-26 10:48 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2013-12-26 10:48 - 2013-03-06 02:10 - 00112872 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2013-12-26 10:48 - 2013-03-06 01:29 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2013-12-26 10:48 - 2012-10-23 22:25 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\ReAgentc.exe
    2013-12-26 10:48 - 2012-10-23 21:48 - 00024064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgentc.exe
    2013-12-26 10:47 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
    2013-12-26 10:47 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
    2013-12-26 10:47 - 2013-03-02 03:23 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
    2013-12-26 10:47 - 2013-03-01 21:44 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
    2013-12-26 10:44 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2013-12-26 10:44 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2013-12-26 10:43 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2013-12-26 10:43 - 2013-08-07 00:15 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
    2013-12-26 10:41 - 2013-07-13 01:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2013-12-26 10:41 - 2013-07-13 01:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2013-12-26 10:41 - 2013-07-13 01:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
    2013-12-26 10:41 - 2013-07-13 01:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
    2013-12-26 10:41 - 2013-07-12 23:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
    2013-12-26 10:41 - 2013-07-12 23:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
    2013-12-26 10:41 - 2013-07-12 23:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
    2013-12-26 10:40 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
    2013-12-26 10:40 - 2013-04-27 00:20 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2013-12-26 10:39 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
    2013-12-26 10:39 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
    2013-12-26 10:39 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
    2013-12-26 10:39 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
    2013-12-26 10:39 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
    2013-12-26 10:39 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
    2013-12-26 10:39 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
    2013-12-26 10:39 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
    2013-12-26 10:39 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
    2013-12-26 10:39 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
    2013-12-26 10:39 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
    2013-12-26 10:39 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2013-12-26 10:39 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2013-12-26 10:39 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
    2013-12-26 10:39 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
    2013-12-26 10:39 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2013-12-26 10:39 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2013-12-26 10:39 - 2013-04-02 18:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
    2013-12-26 10:39 - 2013-04-02 18:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
    2013-12-26 10:39 - 2013-03-21 22:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
    2013-12-26 10:39 - 2013-03-21 17:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
    2013-12-26 10:39 - 2013-03-14 19:17 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
    2013-12-26 10:39 - 2013-03-02 05:39 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
    2013-12-26 10:39 - 2013-03-01 21:43 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2013-12-26 10:14 - 2013-12-26 10:14 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
    2013-12-26 00:04 - 2013-12-26 00:04 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2013-12-25 21:26 - 2013-12-25 21:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-25 15:44 - 2013-12-25 15:44 - 00000000 ____D C:\Users\Dean\AppData\Local\Adobe
    2013-12-25 15:35 - 2013-12-26 23:02 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Apple Computer
    2013-12-25 15:35 - 2013-12-25 15:35 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-12-25 15:35 - 2013-12-25 15:35 - 00000000 ____D C:\Users\Dean\AppData\Local\Apple Computer
    2013-12-25 15:35 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
    2013-12-25 15:34 - 2013-12-25 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-12-25 15:34 - 2013-12-25 15:35 - 00000000 ____D C:\Program Files\iTunes
    2013-12-25 15:34 - 2013-12-25 15:35 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\windows\System32\Tasks\Apple
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\Users\Dean\AppData\Local\Apple
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\ProgramData\Apple Computer
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\Program Files\iPod
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2013-12-25 15:33 - 2013-12-25 15:34 - 00000000 ____D C:\ProgramData\Apple
    2013-12-25 15:33 - 2013-12-25 15:33 - 00000000 ____D C:\Program Files\Common Files\Apple
    2013-12-25 15:33 - 2013-12-25 15:33 - 00000000 ____D C:\Program Files\Bonjour
    2013-12-25 15:33 - 2013-12-25 15:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2013-12-25 11:16 - 2013-12-25 11:16 - 00000000 ____D C:\Users\Dean\Documents\Book Place
    2013-12-25 11:16 - 2013-12-25 11:16 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Book Place
    2013-12-25 11:16 - 2013-12-25 11:16 - 00000000 ____D C:\ProgramData\Book Place
    2013-12-25 10:58 - 2013-12-25 10:58 - 00000013 __RSH C:\windows\system32\Drivers\fbd.sys
    2013-12-25 10:43 - 2014-01-02 22:19 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2106972356-197434514-2111516588-1001
    2013-12-25 10:31 - 2013-12-25 10:31 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Macromedia
    2013-12-25 10:27 - 2013-12-26 23:02 - 00000000 ____D C:\Users\Dean\AppData\Local\Toshiba
    2013-12-25 10:26 - 2013-12-26 23:02 - 00000000 ___RD C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-12-25 10:26 - 2013-12-26 23:02 - 00000000 ___RD C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2013-12-25 10:26 - 2013-12-25 15:44 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Adobe
    2013-12-25 10:26 - 2013-12-25 10:26 - 00001441 _____ C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-12-25 10:26 - 2013-12-25 10:26 - 00000000 ____D C:\windows\System32\Tasks\WPD
    2013-12-25 10:26 - 2013-12-25 10:26 - 00000000 ____D C:\Users\Dean\AppData\Roaming\WinBatch
    2013-12-25 10:24 - 2013-12-26 11:07 - 00000000 ____D C:\Users\Dean\AppData\Local\Packages
    2013-12-25 10:24 - 2013-12-25 10:24 - 00000000 ____D C:\Users\Dean\AppData\Local\VirtualStore
    2013-12-25 10:23 - 2013-12-29 12:02 - 00000000 ____D C:\Users\Dean
    2013-12-25 10:23 - 2013-12-25 10:23 - 00000020 ___SH C:\Users\Dean\ntuser.ini
    2013-12-25 10:23 - 2013-04-09 23:10 - 00000000 ___RD C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2013-12-25 10:23 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-12-25 10:23 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2013-12-25 10:23 - 2012-07-26 03:13 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

    ==================== One Month Modified Files and Folders =======

    2014-01-07 08:17 - 2014-01-07 08:17 - 00011947 _____ C:\Users\Dean\Desktop\FRST.txt
    2014-01-07 08:17 - 2012-07-26 02:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI
    2014-01-07 08:16 - 2014-01-07 08:16 - 00000000 ____D C:\FRST
    2014-01-07 08:15 - 2014-01-07 08:15 - 01064805 _____ (Farbar) C:\Users\Dean\Desktop\FRST.exe
    2014-01-07 08:14 - 2014-01-07 08:14 - 01931762 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
    2014-01-07 08:09 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2014-01-07 08:09 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\BBI
    2014-01-07 08:02 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
    2014-01-07 08:01 - 2014-01-07 08:01 - 00448512 _____ (OldTimer Tools) C:\Users\Dean\Desktop\TFC.exe
    2014-01-06 19:01 - 2014-01-06 19:01 - 02800104 _____ (AVAST Software) C:\Users\Dean\Desktop\avast-browser-cleanup.exe
    2014-01-06 19:01 - 2014-01-05 18:37 - 00002858 _____ C:\Users\Dean\Desktop\SystemLook.txt
    2014-01-05 23:23 - 2014-01-05 23:23 - 00009758 _____ C:\Users\Dean\Desktop\cc_20140105_232328.reg
    2014-01-05 19:31 - 2014-01-05 19:31 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-01-05 19:31 - 2014-01-05 19:31 - 00000000 ____D C:\Users\Dean\AppData\Roaming\SUPERAntiSpyware.com
    2014-01-05 19:31 - 2014-01-05 19:31 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2014-01-05 19:31 - 2014-01-05 19:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2014-01-05 19:30 - 2014-01-05 19:30 - 29302784 _____ (SUPERAntiSpyware) C:\Users\Dean\Desktop\SUPERAntiSpyware.exe
    2014-01-05 19:17 - 2014-01-05 19:17 - 00165376 _____ C:\Users\Dean\Desktop\SystemLook_x64.exe
    2014-01-05 15:04 - 2014-01-05 15:04 - 00157424 _____ C:\Users\Dean\Desktop\OTL.Txt
    2014-01-05 14:54 - 2014-01-05 14:54 - 00000000 ____D C:\_OTL
    2014-01-05 14:07 - 2014-01-05 09:45 - 00035840 ___SH C:\Users\Dean\Desktop\Thumbs.db
    2014-01-05 12:01 - 2014-01-02 21:46 - 00158990 _____ C:\Users\Dean\Downloads\OTL.Txt
    2014-01-05 10:43 - 2014-01-05 10:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2014-01-05 10:38 - 2014-01-05 10:38 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-01-05 10:38 - 2014-01-05 10:37 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Dean\Desktop\spybot-2.2.exe
    2014-01-05 10:38 - 2013-12-31 20:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-01-05 10:28 - 2013-12-31 21:25 - 00000085 _____ C:\windows\wininit.ini
    2014-01-04 21:03 - 2014-01-04 21:03 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-04 21:03 - 2014-01-04 21:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-04 21:02 - 2014-01-04 21:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dean\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-04 19:48 - 2014-01-04 19:48 - 00000000 ____D C:\windows\ERUNT
    2014-01-04 19:46 - 2014-01-04 19:46 - 01036305 _____ (Thisisu) C:\Users\Dean\Desktop\JRT.exe
    2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\AdwCleaner
    2014-01-04 18:04 - 2014-01-04 18:04 - 01233962 _____ C:\Users\Dean\Desktop\AdwCleaner.exe
    2014-01-02 22:19 - 2013-12-25 10:43 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2106972356-197434514-2111516588-1001
    2014-01-02 21:47 - 2014-01-02 21:47 - 00054472 _____ C:\Users\Dean\Downloads\Extras.Txt
    2014-01-02 21:36 - 2014-01-02 21:36 - 00602112 _____ (OldTimer Tools) C:\Users\Dean\Desktop\OTL.exe
    2014-01-02 21:15 - 2014-01-01 20:26 - 00000000 ____D C:\ProgramData\MFAData
    2014-01-02 21:10 - 2012-07-26 03:12 - 00000000 ___HD C:\windows\ELAMBKUP
    2014-01-02 21:05 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
    2014-01-01 20:39 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\ELAM
    2014-01-01 20:29 - 2014-01-01 20:29 - 00000000 ____D C:\Users\Dean\AppData\Roaming\TuneUp Software
    2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Dean\AppData\Local\MFAData
    2014-01-01 20:02 - 2014-01-01 20:02 - 00000000 _____ C:\autoexec.bat
    2014-01-01 19:06 - 2013-12-26 21:37 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Skype
    2013-12-31 21:24 - 2013-12-31 21:24 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
    2013-12-31 21:24 - 2013-12-31 21:24 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2013-12-31 21:24 - 2013-12-31 21:24 - 00000000 ____D C:\Program Files\CCleaner
    2013-12-31 20:29 - 2013-12-31 20:29 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
    2013-12-29 19:49 - 2013-12-29 19:49 - 00000000 ____D C:\ProgramData\Synaptics
    2013-12-29 19:11 - 2013-12-29 19:07 - 00000000 ____D C:\Users\Dean\AppData\Local\CrashDumps
    2013-12-29 12:04 - 2013-12-29 12:02 - 00000000 ____D C:\Users\Dean\AppData\Local\cache
    2013-12-29 12:02 - 2013-12-29 12:02 - 00000000 ____D C:\Users\Dean\AppData\Local\genienext
    2013-12-29 12:02 - 2013-12-29 12:02 - 00000000 ____D C:\Users\Dean\.android
    2013-12-29 12:02 - 2013-12-29 12:02 - 00000000 _____ C:\Users\Dean\daemonprocess.txt
    2013-12-29 12:02 - 2013-12-25 10:23 - 00000000 ____D C:\Users\Dean
    2013-12-28 12:44 - 2013-09-20 00:26 - 00000000 ____D C:\windows\System32\Tasks\Norton Anti-Theft
    2013-12-28 12:39 - 2013-04-09 23:40 - 00000000 ____D C:\windows\system32\Drivers\NATx64
    2013-12-28 10:33 - 2013-04-09 23:40 - 00000000 ____D C:\Program Files (x86)\Norton Anti-Theft
    2013-12-27 20:28 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
    2013-12-26 23:40 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
    2013-12-26 23:02 - 2013-12-25 15:35 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Apple Computer
    2013-12-26 23:02 - 2013-12-25 10:27 - 00000000 ____D C:\Users\Dean\AppData\Local\Toshiba
    2013-12-26 23:02 - 2013-12-25 10:26 - 00000000 ___RD C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-12-26 23:02 - 2013-12-25 10:26 - 00000000 ___RD C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2013-12-26 23:00 - 2013-12-26 23:00 - 00282472 _____ C:\windows\system32\FNTCACHE.DAT
    2013-12-26 22:59 - 2012-07-26 00:37 - 00000000 ____D C:\windows\servicing
    2013-12-26 22:55 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2013-12-26 22:55 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2013-12-26 22:55 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2013-12-26 22:54 - 2012-07-26 03:12 - 00000000 ____D C:\windows\WinStore
    2013-12-26 22:54 - 2012-07-26 03:12 - 00000000 ____D C:\windows\PolicyDefinitions
    2013-12-26 22:54 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
    2013-12-26 22:54 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-12-26 22:54 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
    2013-12-26 22:53 - 2012-07-26 00:38 - 00000000 ____D C:\windows\system32\oobe
    2013-12-26 22:52 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2013-12-26 22:52 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2013-12-26 22:51 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2013-12-26 22:51 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2013-12-26 22:51 - 2012-07-26 00:38 - 00000000 ____D C:\windows\SysWOW64\Dism
    2013-12-26 22:51 - 2012-07-26 00:38 - 00000000 ____D C:\windows\system32\Dism
    2013-12-26 22:50 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
    2013-12-26 22:44 - 2013-12-26 22:44 - 00053686 _____ C:\Users\Dean\Documents\cc_20131226_224412.reg
    2013-12-26 22:43 - 2013-04-11 07:29 - 00000000 ____D C:\windows\Panther
    2013-12-26 21:39 - 2013-12-26 21:39 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Malwarebytes
    2013-12-26 21:37 - 2013-12-26 21:37 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
    2013-12-26 21:37 - 2013-12-26 21:37 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-12-26 21:37 - 2013-12-26 21:37 - 00000000 ____D C:\ProgramData\Skype
    2013-12-26 12:34 - 2013-12-26 12:34 - 00488524 _____ C:\Users\Dean\Downloads\firstfortyninest030256mbp.mobi
    2013-12-26 11:44 - 2013-12-26 11:43 - 00000000 ____D C:\windows\system32\MRT
    2013-12-26 11:07 - 2013-12-25 10:24 - 00000000 ____D C:\Users\Dean\AppData\Local\Packages
    2013-12-26 11:03 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
    2013-12-26 10:14 - 2013-12-26 10:14 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
    2013-12-26 10:14 - 2013-09-20 00:41 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
    2013-12-26 10:14 - 2013-09-20 00:40 - 00000000 ____D C:\windows\system32\Drivers\NISx64
    2013-12-26 00:04 - 2013-12-26 00:04 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2013-12-25 21:29 - 2013-09-20 00:41 - 00177312 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    2013-12-25 21:29 - 2013-09-20 00:41 - 00007631 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
    2013-12-25 21:26 - 2013-12-25 21:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-25 15:45 - 2013-04-09 23:39 - 00000000 ____D C:\ProgramData\Adobe
    2013-12-25 15:44 - 2013-12-25 15:44 - 00000000 ____D C:\Users\Dean\AppData\Local\Adobe
    2013-12-25 15:44 - 2013-12-25 10:26 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Adobe
    2013-12-25 15:35 - 2013-12-25 15:35 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-12-25 15:35 - 2013-12-25 15:35 - 00000000 ____D C:\Users\Dean\AppData\Local\Apple Computer
    2013-12-25 15:35 - 2013-12-25 15:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-12-25 15:35 - 2013-12-25 15:34 - 00000000 ____D C:\Program Files\iTunes
    2013-12-25 15:35 - 2013-12-25 15:34 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\windows\System32\Tasks\Apple
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\Users\Dean\AppData\Local\Apple
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\ProgramData\Apple Computer
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\Program Files\iPod
    2013-12-25 15:34 - 2013-12-25 15:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2013-12-25 15:34 - 2013-12-25 15:33 - 00000000 ____D C:\ProgramData\Apple
    2013-12-25 15:34 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\restore
    2013-12-25 15:33 - 2013-12-25 15:33 - 00000000 ____D C:\Program Files\Common Files\Apple
    2013-12-25 15:33 - 2013-12-25 15:33 - 00000000 ____D C:\Program Files\Bonjour
    2013-12-25 15:33 - 2013-12-25 15:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2013-12-25 11:16 - 2013-12-25 11:16 - 00000000 ____D C:\Users\Dean\Documents\Book Place
    2013-12-25 11:16 - 2013-12-25 11:16 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Book Place
    2013-12-25 11:16 - 2013-12-25 11:16 - 00000000 ____D C:\ProgramData\Book Place
    2013-12-25 10:58 - 2013-12-25 10:58 - 00000013 __RSH C:\windows\system32\Drivers\fbd.sys
    2013-12-25 10:31 - 2013-12-25 10:31 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Macromedia
    2013-12-25 10:28 - 2013-04-09 23:41 - 00000000 ____D C:\ProgramData\Toshiba
    2013-12-25 10:26 - 2013-12-25 10:26 - 00001441 _____ C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-12-25 10:26 - 2013-12-25 10:26 - 00000000 ____D C:\windows\System32\Tasks\WPD
    2013-12-25 10:26 - 2013-12-25 10:26 - 00000000 ____D C:\Users\Dean\AppData\Roaming\WinBatch
    2013-12-25 10:26 - 2012-07-26 02:51 - 00000000 ____D C:\windows\SysWOW64\sysprep
    2013-12-25 10:25 - 2013-09-20 00:41 - 00003550 _____ C:\windows\System32\Tasks\Norton Online Backup ARA
    2013-12-25 10:24 - 2013-12-25 10:24 - 00000000 ____D C:\Users\Dean\AppData\Local\VirtualStore
    2013-12-25 10:24 - 2013-04-09 23:40 - 00000000 ____D C:\ProgramData\Norton
    2013-12-25 10:24 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
    2013-12-25 10:23 - 2013-12-25 10:23 - 00000020 ___SH C:\Users\Dean\ntuser.ini

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-01-07 03:00

    ==================== End Of Log ============================

     

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
    Ran by Dean at 2014-01-07 08:17:55
    Running from C:\Users\Dean\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    ==================== Installed Programs ======================

    Adobe Reader XI  MUI (x32 Version: 11.0.00 - Adobe Systems Incorporated)
    Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (Version: 4.09 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DTS Sound (x32 Version: 1.00.0057 - DTS, Inc.)
    Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Intel® Management Engine Components (x32 Version: 8.1.30.1349 - Intel Corporation)
    Intel® Processor Graphics (x32 Version: 9.17.10.3040 - Intel Corporation)
    Intel® Rapid Storage Technology (Version: 12.0.4.1001 - Intel Corporation) Hidden
    Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
    iTunes (Version: 11.1.3.8 - Apple Inc.)
    Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft Office (x32 Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
    Norton Anti-Theft (x32 Version: 1.10.0.9 - Symantec Corporation)
    Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
    Norton Online Backup (x32 Version: 2.7.0.24 - Symantec Corporation)
    Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
    Norton PC Checkup (x32 Version: 3.0.5.38.0 - Symantec Corporation)
    Origin (x32 Version: 9.1.12.73 - Electronic Arts, Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
    Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
    Realtek USB Card Reader (x32 Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (x32 Version: 2.00.0021 - REALTEK Semiconductor Corp.)
    Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
    SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (Version: 16.3.10.4 - Synaptics Incorporated)
    Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (x32 Version: 9.0.1.5 - TOSHIBA)
    TOSHIBA Audio Enhancement (Version: 2.0.15.4 - Toshiba Corporation)
    Toshiba Book Place (x32 Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (Version: 1.01.02.6405 - Toshiba Corporation)
    TOSHIBA eco Utility (Version: 2.0.3.6403 - Toshiba Corporation)
    TOSHIBA Function Key (Version: 1.00.6629.6406 - Toshiba Corporation)
    TOSHIBA HDD Accelerator (Version: 2.0.0001 - Toshiba Corporation)
    TOSHIBA Password Utility (x32 Version: v2.0.0.7 - Toshiba Corporation)
    TOSHIBA Quality Application (x32 Version: 1.0.8 - TOSHIBA)
    TOSHIBA Recovery Media Creator (x32 Version: 3.0.01.55004008 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.5.03 - Toshiba Corporation)
    TOSHIBA Service Station (Version: 2.5.6 - Toshiba Corporation)
    Toshiba Start (HKCU Version: 1.0.0.0 - Pokki)
    TOSHIBA System Driver (x32 Version: 1.00.0020 - Toshiba Corporation)
    TOSHIBA System Settings (x32 Version: 1.00.0007.32003 - Toshiba Corporation)
    TOSHIBA User's Guide (x32 Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (Version: 5.3.5.59 - Toshiba Corporation)
    TOSHIBARegistration (x32 Version: 1.1.6 - TOSHIBA)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WildTangent Games (x32 Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
    Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden

    ==================== Restore Points  =========================

    25-12-2013 20:34:11 Installed iTunes
    27-12-2013 02:36:43 Installed Skype™ 6.3
    02-01-2014 01:01:37 Installed SpyHunter
    03-01-2014 02:09:13 Removed AVG 2014

    ==================== Hosts content: ==========================

    2012-07-26 00:26 - 2014-01-06 22:02 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {32A33154-0EF2-4FD4-AAD5-B5CE8C968469} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
    Task: {374CE2B2-8BA9-4845-9638-E56525924366} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {4D4C7137-0354-487F-96EE-1A5C6EAECEE2} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation)
    Task: {58C8CC3B-1C6D-4460-8264-B6BCADAA844A} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\symerr.exe [2013-08-01] (Symantec Corporation)
    Task: {64AE029B-8FE9-4269-9773-D685104838C1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
    Task: {66F1E7E5-4153-47C7-A3BE-0FC55224687C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {77C117CC-4D16-4A74-B1BB-B33172C11A9A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {78C50C62-2EEA-4AF5-849F-5E7076E57E0A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
    Task: {7BB84F48-EE30-4681-AED5-62240A57A845} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
    Task: {7EFCCBA7-0565-4C3C-B26A-4ED61909BD5A} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
    Task: {847CDCD1-A517-420C-B3C7-9082C89A7790} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
    Task: {A39D1B30-08B4-4B6B-960F-652A0EA94AAE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-02-06] (Synaptics Incorporated)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {CD0490C9-C8F7-4A95-BC69-47EC2FB7D666} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\symerr.exe [2013-08-01] (Symantec Corporation)
    Task: {DC996D83-75B3-42E0-9A37-5C055FBFFEFB} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
    Task: {EA003086-51AB-4566-A76F-1DC32B426874} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {F6531EF5-55DD-4C69-A40A-5CA5592E5B2C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-02-22 16:43 - 2013-02-22 16:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2013-12-26 23:30 - 2013-12-26 23:30 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\9fbc5975a21c5638ba05f81b9febfaee\Windows.UI.ni.dll
    2013-12-26 23:30 - 2013-12-26 23:30 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\967740f7ed74ebe361d82cba59a694b2\Windows.Data.ni.dll
    2013-12-26 23:30 - 2013-12-26 23:30 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\14050be959443e89237e6c9136ea8e5e\Windows.Foundation.ni.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-05 10:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-01-05 10:38 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-01-05 10:38 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-01-05 10:38 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-01-05 10:38 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-12-25 21:29 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
    2013-09-20 00:17 - 2013-01-14 12:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    ==================== Safe Mode (whitelisted) ===================

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/07/2014 08:11:19 AM) (Source: Toshiba App Place) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/06/2014 10:53:52 PM) (Source: Toshiba App Place) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/06/2014 08:30:04 PM) (Source: Toshiba App Place) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/06/2014 06:59:52 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (01/05/2014 07:00:48 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15266

    Error: (01/05/2014 07:00:48 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15266

    Error: (01/05/2014 07:00:48 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/05/2014 05:41:08 PM) (Source: Toshiba App Place) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/05/2014 03:42:05 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15313

    Error: (01/05/2014 03:42:05 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15313

    System errors:
    =============
    Error: (01/07/2014 08:07:03 AM) (Source: Service Control Manager) (User: )
    Description: The Norton Anti-Theft service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (01/07/2014 08:07:03 AM) (Source: Service Control Manager) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/06/2014 10:02:05 PM) (Source: Service Control Manager) (User: )
    Description: The Norton Anti-Theft service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (01/06/2014 10:02:05 PM) (Source: Service Control Manager) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/06/2014 08:27:29 PM) (Source: Service Control Manager) (User: )
    Description: The Norton Anti-Theft service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (01/06/2014 08:27:29 PM) (Source: Service Control Manager) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/06/2014 07:22:36 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer ADMINIB-ODVLBB4
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F95690AD-E721-40F7-BA8B-AC2EC40E6954}.
    The master browser is stopping or an election is being forced.

    Error: (01/05/2014 11:05:41 PM) (Source: NetBT) (User: )
    Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.0.7.
    The computer with the IP address 10.0.0.2 did not allow the name to be claimed by
    this computer.

    Error: (01/05/2014 02:54:10 PM) (Source: Service Control Manager) (User: )
    Description: The Norton Anti-Theft service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (01/05/2014 02:54:10 PM) (Source: Service Control Manager) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Microsoft Office Sessions:
    =========================
    Error: (01/07/2014 08:11:19 AM) (Source: Toshiba App Place)(User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/06/2014 10:53:52 PM) (Source: Toshiba App Place)(User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/06/2014 08:30:04 PM) (Source: Toshiba App Place)(User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/06/2014 06:59:52 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (01/05/2014 07:00:48 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15266

    Error: (01/05/2014 07:00:48 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15266

    Error: (01/05/2014 07:00:48 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/05/2014 05:41:08 PM) (Source: Toshiba App Place)(User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (01/05/2014 03:42:05 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15313

    Error: (01/05/2014 03:42:05 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15313

    ==================== Memory info ===========================

    Percentage of memory in use: 21%
    Total physical RAM: 8071.27 MB
    Available physical RAM: 6350.7 MB
    Total Pagefile: 9287.27 MB
    Available Pagefile: 7350.22 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.75 MB

    ==================== Drives ================================

    Drive c: (TI10664600G) (Fixed) (Total:686.53 GB) (Free:643.01 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 699 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type
    ==================== End Of Log ============================



    #42 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 07 January 2014 - 08:29 AM

    Pokki <-- Do you use this program ?

     

    Open up IE and go to Tools > Internet Options > Browsing History and delete all your history including cookies ( you may want to write down any passwords and user names you may need so you will be able to access sites you frequent as that info is stored in cookies)


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #43 Dean N

    Dean N

      Authentic Member

    • Authentic Member
    • PipPip
    • 152 posts

    Posted 07 January 2014 - 08:44 AM

    I was going to ask you about that Pokki.  No, it's nothing I wanted to download.. seemed like something that worked with Windows, but I wasn't sure.  I figured it was legit, but what do I know... I'd be happy to remove it.

     

    I just deleted everything in the browsing history.



    #44 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 07 January 2014 - 11:03 AM

    Have you done a Flash Player update lately ?


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #45 Dean N

    Dean N

      Authentic Member

    • Authentic Member
    • PipPip
    • 152 posts

    Posted 07 January 2014 - 11:35 AM

    I just updated, rebooted, no change.


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users