OTL logfile created on: 6/12/2014 8:27:05 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Don\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16921) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.92 Gb Total Physical Memory | 3.70 Gb Available Physical Memory | 62.59% Memory free 6.86 Gb Paging File | 4.38 Gb Available in Paging File | 63.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.20 Gb Total Space | 857.79 Gb Free Space | 93.62% Space Free | Partition Type: NTFS Computer Name: MYPC | User Name: Don | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/06/12 08:26:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe PRC - [2014/06/06 06:07:49 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe PRC - [2014/05/19 17:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Don\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2014/05/15 21:06:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014/05/15 10:01:26 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2014/03/01 00:34:36 | 000,178,688 | ---- | M] (NinjaTrader LLC, http://www.ninjatrader.com) -- C:\Program Files (x86)\NinjaTrader 7\bin\NinjaTrader.exe PRC - [2014/01/10 11:29:24 | 010,876,800 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe PRC - [2014/01/10 11:29:24 | 004,304,256 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe PRC - [2014/01/10 10:21:42 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\TscHelp.exe PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013/01/14 08:48:34 | 002,090,496 | ---- | M] (BonSoft) -- C:\Program Files (x86)\ClocX\ClocX.exe PRC - [2012/10/09 15:55:18 | 002,449,552 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe PRC - [2012/09/20 12:28:58 | 000,524,944 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2012/09/19 16:07:44 | 000,995,856 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2012/08/13 11:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 11:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012/08/01 01:08:36 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe PRC - [2012/07/17 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012/07/17 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012/05/25 05:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/06/12 05:50:25 | 000,043,008 | ---- | M] () -- c:\users\don\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjzaua.dll MOD - [2014/05/17 06:51:48 | 001,711,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cf9d6e9b75d2e5a40a1693390d77a784\Microsoft.VisualBasic.ni.dll MOD - [2014/05/15 21:06:10 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014/05/14 08:15:14 | 008,890,536 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll MOD - [2014/02/21 12:20:58 | 000,332,800 | ---- | M] () -- C:\Users\Don\Documents\NinjaTrader 7\bin\Custom\RJayChannelPivots2NT7.PSSCE.dll MOD - [2014/02/15 06:47:48 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e068dc7a83ebf254c314aaf354151667\PresentationFramework.Aero.ni.dll MOD - [2014/02/13 06:54:01 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8247f75caaf7998b9f83b3db63aa5577\System.Transactions.ni.dll MOD - [2014/02/13 06:53:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\5e51607268847697475a997106ff09bc\System.Management.ni.dll MOD - [2014/02/13 06:53:34 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ea1456f24ec82177f7668e05dc3be08b\System.Configuration.ni.dll MOD - [2014/02/13 06:53:29 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ed6aff05ea612a7e6ef78fc8f95842e6\System.Core.ni.dll MOD - [2014/02/13 06:53:25 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\a3bbd31431d7ba74c429588f8532a231\Accessibility.ni.dll MOD - [2014/02/11 18:00:54 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9fd292dfdb6f603ef866ad1844e1c59c\System.Xml.ni.dll MOD - [2014/02/11 18:00:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a25f0fba1eabe72621a562b30081bcaa\System.Windows.Forms.ni.dll MOD - [2014/02/11 18:00:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\877505b0899d28885b04e71cf0358fc7\System.Drawing.ni.dll MOD - [2014/02/11 18:00:47 | 006,657,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\e88b2ec7cc5b1f23dd9a8322f016fe06\System.Data.ni.dll MOD - [2014/02/11 18:00:26 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\dc8da0badb9b3a5c24ad7756900f3325\System.ni.dll MOD - [2014/02/11 18:00:23 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\87a46d23bf6d209a5590e0fd66fdb68d\mscorlib.ni.dll MOD - [2014/02/11 15:09:25 | 007,660,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d7aaae3b1c95a1a658446d302b9a7f88\System.Xml.ni.dll MOD - [2014/02/11 15:09:21 | 001,900,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0e9817b12da250f8d4c680e1cb26e1c0\System.Xaml.ni.dll MOD - [2014/02/11 15:08:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\61be23d6a688188e3419a1eb46fc9d9d\System.Drawing.ni.dll MOD - [2014/02/11 15:08:54 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffb7bbc6548ff34bc125a8fec79315dc\System.Configuration.ni.dll MOD - [2014/02/11 15:08:54 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\d3abe72a65b16c5ca129dd4509450190\PresentationFramework.Aero2.ni.dll MOD - [2014/02/11 15:08:53 | 018,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\952cc4d9a277dc4b0abc0de4a64b11a6\PresentationFramework.ni.dll MOD - [2014/02/11 15:08:44 | 011,021,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\d860b38580f4403397d67fa84d624447\PresentationCore.ni.dll MOD - [2014/02/11 15:08:39 | 003,941,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\e2fb4aca9e25e4eaac703466d36b17ed\WindowsBase.ni.dll MOD - [2014/02/11 15:08:36 | 007,041,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\bca236f576ea12db3a9191f4586a445a\System.Core.ni.dll MOD - [2014/02/11 15:08:32 | 010,051,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f0602360211041a6be208f0b4138dddd\System.ni.dll MOD - [2014/02/11 15:08:27 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll MOD - [2014/01/10 10:21:22 | 002,259,456 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\SingleBandCompressor_Win32.dll MOD - [2014/01/10 10:21:20 | 002,826,368 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\ConsumerRestoration_Win32.dll MOD - [2014/01/02 18:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2013/11/21 10:23:31 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2013/09/20 18:09:40 | 000,025,600 | ---- | M] () -- C:\Users\Don\Documents\NinjaTrader 7\bin\Custom\PVBidAsk_NT7.dll MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013/02/08 21:46:50 | 000,024,576 | ---- | M] () -- C:\Users\Don\Documents\NinjaTrader 7\bin\Custom\PVBarCountI_NT7.dll MOD - [2012/12/12 16:03:54 | 005,062,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll MOD - [2012/11/15 06:30:36 | 000,103,945 | ---- | M] () -- C:\Program Files (x86)\NinjaTrader 7\bin\CliSecureRT.dll MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012/07/26 01:23:07 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012/07/26 01:23:07 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll MOD - [2012/07/26 01:23:07 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012/07/26 01:23:07 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2012/07/26 01:23:07 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2012/05/25 05:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll MOD - [2012/03/13 11:43:58 | 006,103,552 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\QtGui4.dll MOD - [2012/03/13 11:36:02 | 000,295,424 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\QtXml4.dll MOD - [2012/03/13 11:35:54 | 001,718,784 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\QtCore4.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014/05/15 10:01:26 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2014/04/12 02:08:17 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:[b]64bit:[/b] - [2014/03/29 01:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:[b]64bit:[/b] - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:[b]64bit:[/b] - [2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:[b]64bit:[/b] - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:[b]64bit:[/b] - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:[b]64bit:[/b] - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:[b]64bit:[/b] - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:[b]64bit:[/b] - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:[b]64bit:[/b] - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:[b]64bit:[/b] - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:[b]64bit:[/b] - [2012/08/22 20:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc) SRV:[b]64bit:[/b] - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:[b]64bit:[/b] - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:[b]64bit:[/b] - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:[b]64bit:[/b] - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:[b]64bit:[/b] - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:[b]64bit:[/b] - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:[b]64bit:[/b] - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:[b]64bit:[/b] - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:[b]64bit:[/b] - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:[b]64bit:[/b] - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:[b]64bit:[/b] - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:[b]64bit:[/b] - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:[b]64bit:[/b] - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:[b]64bit:[/b] - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:[b]64bit:[/b] - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2014/05/15 21:06:10 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/05/15 10:35:10 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/10/09 15:55:18 | 002,449,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService) SRV - [2012/10/04 23:07:06 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/08/01 01:08:36 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/17 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/07/17 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012/07/13 02:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/07/11 20:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014/06/12 05:50:05 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:[b]64bit:[/b] - [2014/05/15 10:02:08 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2014/05/15 10:02:08 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsp.sys -- (aswSP) DRV:[b]64bit:[/b] - [2014/05/15 10:02:08 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswstm.sys -- (aswStm) DRV:[b]64bit:[/b] - [2014/05/15 10:01:27 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2014/05/15 10:01:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2014/05/15 10:01:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2014/05/15 10:01:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2014/05/15 10:01:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\aswHwid.sys -- (aswHwid) DRV:[b]64bit:[/b] - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl) DRV:[b]64bit:[/b] - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2014/03/28 12:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:[b]64bit:[/b] - [2014/03/23 15:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:[b]64bit:[/b] - [2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:[b]64bit:[/b] - [2013/10/04 23:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:[b]64bit:[/b] - [2013/10/01 19:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:[b]64bit:[/b] - [2013/08/22 05:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:[b]64bit:[/b] - [2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:[b]64bit:[/b] - [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:[b]64bit:[/b] - [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:[b]64bit:[/b] - [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:[b]64bit:[/b] - [2013/05/06 09:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d) DRV:[b]64bit:[/b] - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:[b]64bit:[/b] - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:[b]64bit:[/b] - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:[b]64bit:[/b] - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:[b]64bit:[/b] - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:[b]64bit:[/b] - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:[b]64bit:[/b] - [2012/10/30 22:57:24 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:[b]64bit:[/b] - [2012/10/30 22:57:24 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:[b]64bit:[/b] - [2012/10/30 22:57:24 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:[b]64bit:[/b] - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:[b]64bit:[/b] - [2012/09/27 20:51:36 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:[b]64bit:[/b] - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:[b]64bit:[/b] - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:[b]64bit:[/b] - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:[b]64bit:[/b] - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:[b]64bit:[/b] - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:[b]64bit:[/b] - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:[b]64bit:[/b] - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:[b]64bit:[/b] - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:[b]64bit:[/b] - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:[b]64bit:[/b] - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:[b]64bit:[/b] - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:[b]64bit:[/b] - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:[b]64bit:[/b] - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:[b]64bit:[/b] - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:[b]64bit:[/b] - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:[b]64bit:[/b] - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:[b]64bit:[/b] - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:[b]64bit:[/b] - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:[b]64bit:[/b] - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:[b]64bit:[/b] - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:[b]64bit:[/b] - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:[b]64bit:[/b] - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:[b]64bit:[/b] - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:[b]64bit:[/b] - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:[b]64bit:[/b] - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:[b]64bit:[/b] - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:[b]64bit:[/b] - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:[b]64bit:[/b] - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:[b]64bit:[/b] - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:[b]64bit:[/b] - [2012/07/24 09:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:[b]64bit:[/b] - [2012/07/12 14:46:14 | 000,498,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e1c63x64.sys -- (e1cexpress) DRV:[b]64bit:[/b] - [2012/07/09 14:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2012/07/02 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012/06/18 16:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2012/06/14 22:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2012/06/02 07:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress) DRV:[b]64bit:[/b] - [2011/04/09 00:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0AD20308-D467-4A01-9303-2C5ADF45B678} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0AD20308-D467-4A01-9303-2C5ADF45B678}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0AD20308-D467-4A01-9303-2C5ADF45B678}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaulturl: "http://us.yhs4.search.yahoo.com/yhs/search" FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)" FF - prefs.js..browser.startup.homepage: "http://drudgereport.com/" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95 FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87 FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a2%7D:2.1 FF - prefs.js..extensions.enabledAddons: %7BD9A7CBEC-DE1A-444f-A092-844461596C4D%7D:7.0.5 FF - prefs.js..extensions.enabledAddons: trackermanager%40truste.com:2.0 FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:10.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..keyword.URL: "http://us.yhs4.search.yahoo.com/yhs/search" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Don\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/15 10:01:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/03 16:51:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/18 11:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/18 11:26:37 | 000,000,000 | ---D | M] [2013/02/12 08:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\Extensions [2014/05/15 09:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\d8ajmleg.default-1400170649052\extensions [2014/05/15 09:50:07 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\d8ajmleg.default-1400170649052\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014/06/09 05:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\qh5r4nh8.default-1397745204348\extensions [2014/05/17 06:34:36 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\qh5r4nh8.default-1397745204348\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014/05/15 09:24:56 | 000,215,358 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\d8ajmleg.default-1400170649052\extensions\jid1-eiEGldgdykDpVQ@jetpack.xpi [2014/05/15 09:24:31 | 000,080,984 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\d8ajmleg.default-1400170649052\extensions\zoompage@DW-dev.xpi [2014/05/15 09:26:29 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\d8ajmleg.default-1400170649052\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014/05/15 09:23:52 | 000,023,181 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\d8ajmleg.default-1400170649052\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2014/05/15 09:25:37 | 000,039,512 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\d8ajmleg.default-1400170649052\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2014/05/15 09:26:04 | 000,019,530 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\d8ajmleg.default-1400170649052\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014/05/26 09:12:50 | 000,255,676 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\qh5r4nh8.default-1397745204348\extensions\trackermanager@truste.com.xpi [2014/06/09 05:55:22 | 000,081,350 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\qh5r4nh8.default-1397745204348\extensions\zoompage@DW-dev.xpi [2014/05/15 21:10:07 | 000,023,181 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\qh5r4nh8.default-1397745204348\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2014/05/15 16:12:51 | 000,039,512 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\qh5r4nh8.default-1397745204348\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2014/05/15 21:08:52 | 000,019,530 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\qh5r4nh8.default-1397745204348\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014/06/07 05:31:19 | 000,009,433 | ---- | M] () -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\qh5r4nh8.default-1397745204348\searchplugins\yahoo-avast.xml [2014/05/15 21:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/05/15 21:06:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/05/15 10:01:23 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013/03/18 01:26:36 | 000,225,808 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2014/03/03 01:48:58 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013/09/07 13:22:55 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com CHR - Extension: Docs = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: YoutubeAdblocker = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmecadhnfbljnmpeofmlmcndmncfpcf\1.0\ CHR - Extension: save Net = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\foboaikmjidkkmhjllmhekecbdobfjdp\5.14\ CHR - Extension: Gmail = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClocX.lnk = C:\Program Files (x86)\ClocX\ClocX.exe (BonSoft) O4 - Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Don\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinkeys = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0302B592-AF7C-47A3-B265-A7E2AFF55D3E}: DhcpNameServer = 192.0.2.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2049132-1099-41BF-B688-03C381EC1E12}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O34 - HKLM BootExecute: (aswBoot.exe /M:54a625484 /wow /dir:"C:\Program Files\AVAST Software\Avast") O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/06/12 08:26:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe [2014/06/11 05:57:12 | 003,246,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2014/06/11 05:57:12 | 001,301,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2014/06/11 05:57:10 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2014/06/11 05:57:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/06/11 05:57:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/06/11 05:57:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/06/11 05:57:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/06/11 05:57:08 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/06/11 05:57:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/06/11 05:57:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2014/06/11 05:57:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2014/06/11 05:57:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2014/06/11 05:57:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/06/11 05:57:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2014/06/11 05:57:07 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/06/11 05:57:07 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2014/06/11 05:57:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/06/11 05:57:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/06/11 05:57:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/06/11 05:57:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2014/06/11 05:57:04 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/06/11 05:57:03 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/06/11 05:56:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/06/11 05:56:53 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/06/11 05:56:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2014/06/11 05:56:41 | 000,328,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2014/06/11 05:56:41 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe [2014/06/11 05:56:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe [2014/05/30 12:47:07 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys [2014/05/29 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\Oracle [2014/05/29 10:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014/05/29 10:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2014/05/29 10:12:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/05/29 10:12:46 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/05/29 10:12:46 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/05/29 10:12:46 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/05/29 10:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/05/29 10:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2014/05/25 08:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1995-08.com.techsmith [2014/05/20 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\SpeedyPC Software [2014/05/20 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\DriverCure [2014/05/20 12:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2014/05/18 09:09:49 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\QupZilla [2014/05/18 09:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QupZilla [2014/05/18 09:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QupZilla [2014/05/17 18:50:50 | 006,169,608 | ---- | C] (Geek Uninstaller) -- C:\Users\Don\Desktop\geek.exe [2014/05/15 21:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/05/15 10:13:41 | 000,269,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2014/05/15 10:13:40 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2014/05/15 10:11:51 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2014/05/15 10:11:49 | 006,987,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2014/05/15 10:11:49 | 000,982,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2014/05/15 10:11:48 | 001,043,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll [2014/05/15 10:11:48 | 000,961,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll [2014/05/15 10:11:48 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll [2014/05/15 10:11:48 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll [2014/05/15 10:11:48 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2014/05/15 10:11:48 | 000,559,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll [2014/05/15 10:11:48 | 000,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll [2014/05/15 10:11:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapisrv.dll [2014/05/15 10:11:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2014/05/15 10:11:46 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll [2014/05/15 10:11:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll [2014/05/15 10:11:46 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll [2014/05/15 10:11:46 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2014/05/15 10:11:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\workerdd.dll [2014/05/15 10:08:42 | 001,258,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2014/05/15 10:08:42 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpedit.dll [2014/05/15 10:08:41 | 001,075,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpedit.dll [2014/05/15 10:01:27 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [1 C:\Users\Don\*.tmp files -> C:\Users\Don\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/06/12 08:28:00 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1706072960-2869881686-1709079663-1001.job [2014/06/12 08:26:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe [2014/06/12 07:56:33 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014/06/12 07:37:04 | 009,658,368 | ---- | M] () -- C:\Users\Don\Desktop\TTT2.camrec [2014/06/12 07:36:42 | 000,012,288 | ---- | M] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/06/12 07:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/06/12 06:56:00 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2014/06/12 06:40:29 | 008,192,000 | ---- | M] () -- C:\Users\Don\Desktop\TTT.camrec [2014/06/12 05:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/06/12 05:50:16 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\Show Desktop @ Start.job [2014/06/12 05:50:05 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/06/12 05:49:09 | 000,000,206 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2014/06/12 05:48:50 | 788,783,103 | -HS- | M] () -- C:\hiberfil.sys [2014/06/12 05:48:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014/06/11 17:00:15 | 000,005,150 | ---- | M] () -- C:\Users\Don\Documents\June.htm [2014/06/11 16:59:14 | 000,015,272 | ---- | M] () -- C:\Users\Don\Documents\index.html [2014/06/09 09:53:32 | 000,001,392 | ---- | M] () -- C:\Users\Don\Desktop\EXAMPLE.rtf [2014/06/07 05:31:19 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/06/01 13:48:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/05/31 10:02:52 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014/05/30 22:16:07 | 000,703,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/05/30 22:16:07 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/05/30 12:47:07 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys [2014/05/29 10:12:42 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/05/29 10:12:41 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/05/29 10:12:41 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/05/29 10:12:41 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/05/28 08:59:04 | 000,005,880 | ---- | M] () -- C:\Users\Don\Documents\May.htm [2014/05/28 06:09:16 | 000,001,047 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014/05/28 06:08:58 | 000,001,011 | ---- | M] () -- C:\Users\Don\Desktop\Dropbox.lnk [2014/05/23 19:48:10 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/05/23 19:47:45 | 000,915,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2014/05/23 19:47:44 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2014/05/23 19:46:45 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/05/23 19:46:42 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/05/23 19:46:36 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/05/23 19:46:15 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/05/23 19:46:15 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2014/05/23 19:46:07 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2014/05/23 19:46:07 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/05/23 19:46:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/05/23 19:45:46 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/05/23 19:45:46 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/05/23 19:45:26 | 001,508,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/05/23 18:26:46 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2014/05/23 18:26:06 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/05/23 18:26:04 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/05/23 18:25:52 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2014/05/23 18:25:49 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2014/05/23 18:25:49 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/05/23 18:25:49 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/05/23 18:25:25 | 001,440,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/05/22 05:50:44 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/05/22 05:50:44 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/05/22 05:50:44 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/05/21 12:27:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3_triggeronce.job [2014/05/18 11:27:41 | 000,002,078 | ---- | M] () -- C:\Users\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2014/05/18 11:27:41 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2014/05/18 09:09:36 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\QupZilla.lnk [2014/05/18 07:38:35 | 006,169,608 | ---- | M] (Geek Uninstaller) -- C:\Users\Don\Desktop\geek.exe [2014/05/17 10:14:48 | 000,000,854 | ---- | M] () -- C:\Users\Don\Documents\CycleFinder.htm [2014/05/15 10:02:12 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2014/05/15 10:02:08 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys [2014/05/15 10:02:08 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys [2014/05/15 10:02:08 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2014/05/15 10:01:27 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014/05/15 10:01:27 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014/05/15 10:01:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014/05/15 10:01:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014/05/15 10:01:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014/05/15 10:01:27 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014/05/15 10:01:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [1 C:\Users\Don\*.tmp files -> C:\Users\Don\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/06/12 07:37:04 | 009,658,368 | ---- | C] () -- C:\Users\Don\Desktop\TTT2.camrec [2014/06/12 06:40:28 | 008,192,000 | ---- | C] () -- C:\Users\Don\Desktop\TTT.camrec [2014/06/11 05:56:41 | 000,387,268 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2014/06/09 09:53:32 | 000,001,392 | ---- | C] () -- C:\Users\Don\Desktop\EXAMPLE.rtf [2014/05/20 12:27:35 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3_triggeronce.job [2014/05/18 09:09:36 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\QupZilla.lnk [2014/05/15 10:01:31 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014/03/22 14:01:28 | 000,864,980 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/03/01 00:32:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll [2013/12/29 10:26:33 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini [2013/12/12 09:09:34 | 000,000,218 | ---- | C] () -- C:\Users\Don\AppData\Local\recently-used.xbel [2013/09/28 07:17:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013/06/05 07:06:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\keystore.xml [2013/04/23 07:13:52 | 000,001,206 | ---- | C] () -- C:\Users\Don\AppData\Roaming\CamStudio.Producer.ini [2013/04/23 07:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Don\AppData\Roaming\CamStudio.Producer.Data.ini [2013/04/23 06:57:12 | 000,004,520 | ---- | C] () -- C:\Users\Don\AppData\Roaming\CamStudio.cfg [2013/04/23 06:57:12 | 000,000,408 | ---- | C] () -- C:\Users\Don\AppData\Roaming\CamShapes.ini [2013/04/23 06:57:12 | 000,000,408 | ---- | C] () -- C:\Users\Don\AppData\Roaming\CamLayout.ini [2013/04/23 06:57:12 | 000,000,096 | ---- | C] () -- C:\Users\Don\AppData\Roaming\Camdata.ini [2013/04/01 12:14:55 | 000,000,694 | ---- | C] () -- C:\Users\Don\.jscreenfix.licence [2013/03/02 16:29:15 | 000,558,080 | ---- | C] () -- C:\Users\Don\AppData\Roaming\SharedSettings.ccs [2013/02/16 15:19:27 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2013/02/12 14:34:33 | 000,012,288 | ---- | C] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/12 09:18:31 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013/02/12 08:29:23 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012/10/25 01:16:36 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012/10/25 01:16:35 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/10/25 01:16:34 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2014/04/05 13:16:33 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 01:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/27 23:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >