OTL logfile created on: 8/20/2014 9:55:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paque_000\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17239) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.61% Memory free 7.90 Gb Paging File | 4.48 Gb Available in Paging File | 56.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 904.91 Gb Total Space | 619.10 Gb Free Space | 68.42% Space Free | Partition Type: NTFS Computer Name: THE_PAQUETS | User Name: 340doc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/08/20 21:53:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paque_000\Desktop\OTL.exe PRC - [2014/08/19 19:59:09 | 002,597,168 | ---- | M] (http://yourfiledownloader.net) -- C:\Users\PAQUE_~1\AppData\Local\Temp\YourFileDownloaderod5yBJfyqV.exe PRC - [2014/08/06 23:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2014/07/31 16:32:39 | 000,262,968 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe PRC - [2014/07/31 01:48:25 | 000,130,104 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe PRC - [2014/06/26 12:55:17 | 000,198,200 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\setup\instup.exe PRC - [2014/06/22 10:00:13 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2014/03/24 15:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2014/03/24 15:07:34 | 003,918,176 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2014/03/24 15:07:28 | 007,177,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe PRC - [2014/03/24 11:32:54 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/11/18 14:36:38 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe PRC - [2013/10/08 23:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2013/08/21 23:48:35 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2013/06/17 19:08:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/07/27 15:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2012/07/17 05:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 05:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012/07/17 05:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012/03/28 22:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe PRC - [2011/06/08 12:41:42 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe PRC - [2011/05/17 17:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe PRC - [2011/03/16 00:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe PRC - [2009/12/04 20:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/08/20 21:17:22 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2014/08/06 23:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll MOD - [2014/08/06 23:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll MOD - [2014/08/06 23:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll MOD - [2014/08/06 23:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll MOD - [2014/08/06 23:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll MOD - [2014/03/24 11:32:54 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe MOD - [2009/12/04 21:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll MOD - [2009/12/04 20:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014/08/15 06:40:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014/05/21 00:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0) SRV:[b]64bit:[/b] - [2014/04/06 07:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2014/04/02 22:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:[b]64bit:[/b] - [2014/03/23 22:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc) SRV:[b]64bit:[/b] - [2014/03/23 22:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:[b]64bit:[/b] - [2014/03/14 02:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:[b]64bit:[/b] - [2014/03/08 01:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:[b]64bit:[/b] - [2014/03/06 03:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:[b]64bit:[/b] - [2014/02/22 11:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:[b]64bit:[/b] - [2014/02/22 05:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:[b]64bit:[/b] - [2014/02/22 05:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:[b]64bit:[/b] - [2014/02/22 05:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:[b]64bit:[/b] - [2014/02/22 05:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:[b]64bit:[/b] - [2014/02/22 05:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:[b]64bit:[/b] - [2014/02/20 21:55:40 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:[b]64bit:[/b] - [2013/12/10 03:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:[b]64bit:[/b] - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:[b]64bit:[/b] - [2013/08/22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:[b]64bit:[/b] - [2013/08/22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:[b]64bit:[/b] - [2013/08/22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2013/08/22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:[b]64bit:[/b] - [2013/08/22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:[b]64bit:[/b] - [2013/08/22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:[b]64bit:[/b] - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:[b]64bit:[/b] - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:[b]64bit:[/b] - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:[b]64bit:[/b] - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:[b]64bit:[/b] - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:[b]64bit:[/b] - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:[b]64bit:[/b] - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:[b]64bit:[/b] - [2013/08/22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:[b]64bit:[/b] - [2013/08/22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:[b]64bit:[/b] - [2013/08/22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2013/08/22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:[b]64bit:[/b] - [2013/08/22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2013/08/22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:[b]64bit:[/b] - [2013/08/22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:[b]64bit:[/b] - [2013/08/22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:[b]64bit:[/b] - [2013/08/22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:[b]64bit:[/b] - [2013/06/17 19:08:50 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8) SRV:[b]64bit:[/b] - [2013/05/02 09:50:14 | 000,562,504 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service) SRV:[b]64bit:[/b] - [2012/04/20 18:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2014/07/31 16:32:39 | 000,262,968 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe -- (NAV) SRV - [2014/07/31 01:48:25 | 000,130,104 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe -- (NCO) SRV - [2014/05/21 00:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014/03/24 15:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2014/03/14 02:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/11/18 14:36:38 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService) SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/10/08 23:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2013/08/21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2013/08/21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2013/06/17 19:08:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/07/17 05:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 05:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/07/17 05:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012/07/13 05:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/05/17 15:30:32 | 000,007,680 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe -- (IdeaTouch.LocalDataServer.Education) SRV - [2011/03/16 00:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014/05/31 06:07:07 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:[b]64bit:[/b] - [2014/05/21 00:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2014/05/16 14:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:[b]64bit:[/b] - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2014/05/06 18:39:17 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2014/05/06 18:39:17 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2014/05/01 09:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:[b]64bit:[/b] - [2014/04/01 02:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:[b]64bit:[/b] - [2014/03/23 22:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:[b]64bit:[/b] - [2014/03/23 22:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:[b]64bit:[/b] - [2014/03/23 22:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:[b]64bit:[/b] - [2014/03/19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:[b]64bit:[/b] - [2014/03/13 08:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof) DRV:[b]64bit:[/b] - [2014/03/08 16:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:[b]64bit:[/b] - [2014/03/04 00:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\symefa64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2014/02/22 12:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2014/02/22 11:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:[b]64bit:[/b] - [2014/02/22 11:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:[b]64bit:[/b] - [2014/02/22 11:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:[b]64bit:[/b] - [2014/02/22 11:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:[b]64bit:[/b] - [2014/02/22 11:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS) DRV:[b]64bit:[/b] - [2014/02/22 08:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:[b]64bit:[/b] - [2014/02/20 21:54:01 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:[b]64bit:[/b] - [2014/02/20 21:54:01 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:[b]64bit:[/b] - [2014/02/20 21:54:01 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:[b]64bit:[/b] - [2014/02/17 21:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\symnets.sys -- (SymNetS) DRV:[b]64bit:[/b] - [2014/02/12 21:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2013/11/21 11:33:32 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2013/11/14 03:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:[b]64bit:[/b] - [2013/11/14 03:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:[b]64bit:[/b] - [2013/11/14 03:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2013/11/14 03:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2013/09/27 15:23:26 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE07060.00F\ccsetx64.sys -- (ccSet_NST) DRV:[b]64bit:[/b] - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\ccsetx64.sys -- (ccSet_NAV) DRV:[b]64bit:[/b] - [2013/09/09 22:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\symelam.sys -- (SymELAM) DRV:[b]64bit:[/b] - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\symds64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1505000.013\srtspx64.sys -- (SRTSPX) DRV:[b]64bit:[/b] - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:[b]64bit:[/b] - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2013/08/22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:[b]64bit:[/b] - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:[b]64bit:[/b] - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:[b]64bit:[/b] - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:[b]64bit:[/b] - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:[b]64bit:[/b] - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:[b]64bit:[/b] - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:[b]64bit:[/b] - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:[b]64bit:[/b] - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:[b]64bit:[/b] - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:[b]64bit:[/b] - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:[b]64bit:[/b] - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:[b]64bit:[/b] - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:[b]64bit:[/b] - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:[b]64bit:[/b] - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:[b]64bit:[/b] - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:[b]64bit:[/b] - [2013/08/22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:[b]64bit:[/b] - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:[b]64bit:[/b] - [2013/08/22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:[b]64bit:[/b] - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:[b]64bit:[/b] - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:[b]64bit:[/b] - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:[b]64bit:[/b] - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:[b]64bit:[/b] - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:[b]64bit:[/b] - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:[b]64bit:[/b] - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:[b]64bit:[/b] - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:[b]64bit:[/b] - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:[b]64bit:[/b] - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:[b]64bit:[/b] - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:[b]64bit:[/b] - [2013/08/22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2013/08/22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:[b]64bit:[/b] - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:[b]64bit:[/b] - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:[b]64bit:[/b] - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:[b]64bit:[/b] - [2013/08/22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:[b]64bit:[/b] - [2013/08/22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:[b]64bit:[/b] - [2013/08/22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:[b]64bit:[/b] - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:[b]64bit:[/b] - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:[b]64bit:[/b] - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:[b]64bit:[/b] - [2013/07/31 14:25:43 | 001,936,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE) DRV:[b]64bit:[/b] - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:[b]64bit:[/b] - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:[b]64bit:[/b] - [2013/06/18 10:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168) DRV:[b]64bit:[/b] - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2012/09/24 06:32:02 | 000,232,576 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmc412.sys -- (VMC412) DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2012/07/10 13:19:28 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC) DRV:[b]64bit:[/b] - [2012/07/03 02:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:[b]64bit:[/b] - [2012/07/02 03:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012/06/18 19:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2012/06/17 23:39:14 | 000,072,688 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:[b]64bit:[/b] - [2012/06/17 23:39:14 | 000,025,296 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:[b]64bit:[/b] - [2012/06/13 21:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:[b]64bit:[/b] - [2012/05/02 04:03:52 | 000,013,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuacflt.sys -- (vmuacflt) DRV:[b]64bit:[/b] - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv) DRV:[b]64bit:[/b] - [2010/03/09 04:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32) DRV:[b]64bit:[/b] - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:[b]64bit:[/b] - [2008/04/08 10:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2014/08/01 05:01:33 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140820.002\ex64.sys -- (NAVEX15) DRV - [2014/08/01 05:01:33 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140820.002\eng64.sys -- (NAVENG) DRV - [2014/06/11 13:28:17 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2014/06/11 13:28:17 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2014/05/09 21:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2014/03/26 08:37:33 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140819.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/02 19:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys -- (X5XSEx_Pr148) DRV - [2012/07/10 13:19:28 | 000,015,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC) DRV - [2010/03/22 22:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {5951085C-604A-4F91-B08A-80D67E651974} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{5951085C-604A-4F91-B08A-80D67E651974}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{5951085C-604A-4F91-B08A-80D67E651974}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {5951085C-604A-4F91-B08A-80D67E651974} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {5951085C-604A-4F91-B08A-80D67E651974} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\paque_000\Desktop IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data] IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/ IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1: C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ [2014/08/20 20:57:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013/11/21 19:15:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.youtube.com/feed/subscriptions CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Exent® AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\FreeRide Games\npExentControl.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Enabled) = C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Magic Actions for YouTube™ = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.9.2_0\ CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: WOT = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.16_0\ CHR - Extension: FB Auto-Poker = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh\0.9.9_0\ CHR - Extension: Chromebleed = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic\2.0_0\ CHR - Extension: Facebook Share Button = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\feakibicljdmfdfdjacenlnmeacnnnpm\1.0.2_0\ CHR - Extension: AdBlock = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.12_0\ CHR - Extension: avast! Online Security = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\ CHR - Extension: LastPass: Free Password Manager = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.55_0\ CHR - Extension: Norton Identity Safe = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\ CHR - Extension: RetailMeNot Coupons = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljagpkilagnnjglodjinldilnaphmeo\1.3_0\ CHR - Extension: https://www.box.com/ = C:\Users\paque_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpngiogbjbgeoanldcejdemnpfbbdpo\2014.7.24.48484_0\ O1 HOSTS File: ([2013/08/22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll (Symantec Corporation) O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll (Symantec Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll (Symantec Corporation) O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll (Symantec Corporation) O3:[b]64bit:[/b] - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll (Symantec Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe (Lenovo) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3441973735-1153275301-1289008965-1001..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Download remotely with IDA - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Download with IDA - Reg Error: Value error. File not found O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found O8 - Extra context menu item: Download remotely with IDA - Reg Error: Value error. File not found O8 - Extra context menu item: Download with IDA - Reg Error: Value error. File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7486844F-F8D9-42BC-9315-1EC61D1BAEC2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79B924C1-9066-4FFC-9175-A698454C4C39}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{157d96ef-e58d-11e3-beb4-208984379e2f}\Shell - "" = AutoRun O33 - MountPoints2\{157d96ef-e58d-11e3-beb4-208984379e2f}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O33 - MountPoints2\{157d9727-e58d-11e3-beb4-208984379e2f}\Shell - "" = AutoRun O33 - MountPoints2\{157d9727-e58d-11e3-beb4-208984379e2f}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O33 - MountPoints2\{157d9788-e58d-11e3-beb4-208984379e2f}\Shell - "" = AutoRun O33 - MountPoints2\{157d9788-e58d-11e3-beb4-208984379e2f}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O33 - MountPoints2\{68cdedc3-9b3b-11e3-bea1-208984379e2f}\Shell - "" = AutoRun O33 - MountPoints2\{68cdedc3-9b3b-11e3-bea1-208984379e2f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe" O33 - MountPoints2\{a134b79e-1119-11e4-bebc-208984379e2f}\Shell - "" = AutoRun O33 - MountPoints2\{a134b79e-1119-11e4-bebc-208984379e2f}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/08/20 21:53:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\paque_000\Desktop\OTL.exe [2014/08/20 21:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2014/08/20 21:17:38 | 000,426,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1408583878062 [2014/08/20 21:17:23 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2014/08/20 20:40:45 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2014/08/20 20:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/08/20 20:40:19 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2014/08/20 20:40:19 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2014/08/20 20:40:19 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2014/08/20 20:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014/08/20 20:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014/08/20 20:38:14 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\paque_000\Desktop\mbam-setup-2.0.2.1012.exe [2014/08/20 20:36:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\SysWow64\AI_RecycleBin [2014/08/19 20:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX890 series [2014/08/19 20:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverToolkit [2014/08/19 20:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Checker [2014/08/19 20:08:15 | 000,081,408 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\SysWow64\devcon_x64.exe [2014/08/19 19:50:05 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\Configuration [2014/08/19 19:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverGuide Toolkit [2014/08/19 19:43:54 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\uTorrent [2014/08/19 19:21:01 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Local\DriverToolkit [2014/08/15 12:45:53 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Desktop\club life2 [2014/08/15 12:41:04 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Desktop\summer mix [2014/08/15 12:41:01 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Desktop\Random White People [2014/08/15 12:40:59 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Desktop\Destroid [2014/08/15 06:45:49 | 001,273,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll [2014/08/15 06:45:47 | 000,517,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll [2014/08/15 06:45:46 | 002,133,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll [2014/08/15 06:45:38 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2014/08/15 06:45:38 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2014/08/15 06:45:37 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2014/08/15 06:45:35 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2014/08/15 06:45:35 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll [2014/08/15 06:45:34 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2014/08/15 06:45:34 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll [2014/08/15 06:45:34 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2014/08/15 06:45:34 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2014/08/15 06:45:33 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2014/08/15 06:45:32 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll [2014/08/15 06:45:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2014/08/15 06:45:22 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2014/08/15 06:45:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JavaScriptCollectionAgent.dll [2014/08/15 06:45:21 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll [2014/08/15 06:45:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2014/08/15 06:45:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll [2014/08/15 06:45:20 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2014/08/15 06:42:58 | 003,118,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll [2014/08/15 06:42:58 | 003,048,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe [2014/08/15 06:42:57 | 002,861,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebSync.dll [2014/08/15 06:42:56 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll [2014/08/15 06:42:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe [2014/08/15 06:42:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe [2014/08/15 06:42:49 | 000,697,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll [2014/08/15 06:42:48 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe [2014/08/15 06:42:48 | 000,527,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll [2014/08/15 06:42:46 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll [2014/08/15 06:42:44 | 002,790,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll [2014/08/15 06:42:44 | 002,642,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll [2014/08/15 06:42:44 | 002,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2014/08/15 06:42:44 | 001,336,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll [2014/08/15 06:42:43 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msihnd.dll [2014/08/15 06:42:43 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll [2014/08/15 06:42:43 | 000,114,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe [2014/08/13 08:52:41 | 000,892,464 | ---- | C] (NCH Software) -- C:\Users\paque_000\Desktop\wpsetup.exe [2014/08/12 23:28:38 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Documents\OneNote Notebooks [2014/08/08 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Desktop\RWDBE [2014/08/08 19:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014/08/08 19:27:40 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2014/08/08 19:27:28 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2014/08/08 19:27:28 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2014/08/08 19:27:28 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2014/08/08 19:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/08/06 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Local\gtk-2.0 [2014/08/06 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\paque_000\.thumbnails [2014/08/06 23:02:57 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Local\fontconfig [2014/08/06 23:02:49 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Local\gegl-0.2 [2014/08/06 23:02:49 | 000,000,000 | ---D | C] -- C:\Users\paque_000\.gimp-2.8 [2014/08/06 23:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2014/08/06 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\PhotoFiltre [2014/08/06 22:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre [2014/08/02 18:37:39 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Desktop\New folder (2) [2014/07/29 23:13:42 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\ooVoo Details [2014/07/24 13:05:47 | 000,426,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1406221557546 [2014/07/24 13:01:38 | 004,834,344 | ---- | C] (AVAST Software) -- C:\Users\paque_000\Desktop\avast_premier_antivirus_setup_online.exe [2014/07/24 12:41:40 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\AVAST Software [2014/07/24 12:39:37 | 000,426,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1406220000921 [2014/07/24 12:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2014/07/23 23:03:54 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\Panda Security [2014/07/23 23:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2014/07/22 18:37:55 | 000,000,000 | ---D | C] -- C:\Users\paque_000\Desktop\HTC_drivers_Win7_x64 [2014/07/22 18:14:08 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools [2014/07/22 18:13:05 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Local\Android [2014/07/22 17:26:31 | 000,000,000 | ---D | C] -- C:\Users\paque_000\VirtualBox VMs [2014/07/22 17:26:30 | 000,000,000 | ---D | C] -- C:\Users\paque_000\.VirtualBox [2014/07/22 17:16:43 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Roaming\TeamViewer [2014/07/22 17:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2014/07/22 16:41:24 | 000,000,000 | ---D | C] -- C:\Users\paque_000\AppData\Local\RealVNC [2014/07/22 14:01:32 | 004,756,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll [2014/07/22 14:01:32 | 001,120,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe [2014/07/22 14:01:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll [2013/11/09 22:00:44 | 012,767,232 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [2013/10/07 19:50:02 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\paque_000\AppData\Roaming\pcouffin.sys [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/08/20 22:05:18 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/08/20 21:57:44 | 001,364,531 | ---- | M] () -- C:\Users\paque_000\Desktop\AdwCleaner.exe [2014/08/20 21:53:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paque_000\Desktop\OTL.exe [2014/08/20 21:17:24 | 000,426,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1408583878062 [2014/08/20 21:17:23 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2014/08/20 20:59:47 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/08/20 20:59:19 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/08/20 20:58:11 | 000,000,271 | ---- | M] () -- C:\Users\paque_000\AppData\Local\RegisteredPackageInformation.xml [2014/08/20 20:58:09 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/08/20 20:57:58 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\DriverToolkit Autorun.job [2014/08/20 20:57:53 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2014/08/20 20:57:18 | 005,055,432 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2014/08/20 20:56:47 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014/08/20 20:56:42 | 3348,959,232 | -HS- | M] () -- C:\hiberfil.sys [2014/08/20 20:40:21 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/08/20 20:39:16 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\paque_000\Desktop\mbam-setup-2.0.2.1012.exe [2014/08/20 20:32:45 | 000,000,485 | ---- | M] () -- C:\Users\paque_000\Desktop\Comcast.net.website [2014/08/20 07:14:52 | 000,000,590 | ---- | M] () -- C:\Users\paque_000\Desktop\Salamanca station.website [2014/08/19 20:17:00 | 002,929,904 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NAVx64\1505000.013\Cat.DB [2014/08/19 20:16:22 | 017,591,880 | ---- | M] () -- C:\Users\paque_000\Desktop\mp68-win-mx890-1_02-ejs.exe [2014/08/18 06:17:47 | 000,043,044 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NAVx64\1505000.013\VT20140818.005 [2014/08/17 13:56:00 | 000,876,080 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2014/08/17 13:56:00 | 000,738,736 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2014/08/17 13:56:00 | 000,139,210 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2014/08/15 13:51:11 | 056,901,091 | ---- | M] () -- C:\Users\paque_000\Desktop\Diplo Random White Dude Be On KIIS FM Mix.mp3 [2014/08/15 13:07:09 | 000,001,606 | ---- | M] () -- C:\Users\paque_000\Desktop\Its Always Sunny in Philadelphia Season 1, 2, 3, 4, 5, 6 & 7 + Extras DVDRip TSV - Shortcut.lnk [2014/08/15 06:40:17 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll [2014/08/15 06:40:09 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe [2014/08/15 06:40:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe [2014/08/15 06:40:09 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll [2014/08/15 06:40:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll [2014/08/15 06:40:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll [2014/08/15 06:40:08 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe [2014/08/15 06:40:08 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll [2014/08/15 06:40:08 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll [2014/08/15 06:40:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll [2014/08/15 06:40:08 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll [2014/08/15 06:40:05 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll [2014/08/13 09:13:31 | 066,016,339 | ---- | M] () -- C:\Users\paque_000\Desktop\01 Diplo - MAD DECENT Mondays - XS Las Vegas 2014.mp3 [2014/08/13 08:53:59 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk [2014/08/13 08:52:42 | 000,892,464 | ---- | M] (NCH Software) -- C:\Users\paque_000\Desktop\wpsetup.exe [2014/08/12 23:28:37 | 000,001,337 | ---- | M] () -- C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014/08/12 22:04:06 | 000,002,314 | ---- | M] () -- C:\Users\paque_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/08/11 14:43:01 | 184,748,728 | ---- | M] () -- C:\Users\paque_000\Desktop\www.NewAlbumReleases.net_Savant_-_Protos_(2014).rar [2014/08/11 14:04:40 | 194,035,304 | ---- | M] () -- C:\Users\paque_000\Desktop\www.NewAlbumReleases.net_Araabmuzik - For Professional Use Only 2 (2014).rar [2014/08/10 16:53:03 | 000,000,522 | ---- | M] () -- C:\Users\paque_000\Desktop\eBay.website [2014/08/10 16:45:28 | 000,000,569 | ---- | M] () -- C:\Users\paque_000\Desktop\craigslist.website [2014/08/09 21:18:53 | 000,002,428 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2014/08/08 19:27:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2014/08/08 19:27:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2014/08/08 19:27:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2014/08/08 19:27:21 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2014/08/07 10:49:38 | 000,005,193 | ---- | M] () -- C:\Users\paque_000\AppData\Local\recently-used.xbel [2014/08/06 23:33:31 | 000,001,481 | ---- | M] () -- C:\Users\paque_000\Desktop\gimp-2.8 - Shortcut.lnk [2014/08/06 22:19:17 | 069,584,755 | ---- | M] () -- C:\Users\paque_000\Desktop\Martin Garrix - Live @ Lollapalooza 2014 (Chicago) [www.edmchicago.com].mp3 [2014/08/06 22:12:27 | 001,336,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll [2014/08/06 18:38:18 | 000,697,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll [2014/08/02 18:22:53 | 031,081,115 | ---- | M] () -- C:\Users\paque_000\Desktop\Drop the Bassline Podcast 002 Mixed By iNexus.mp3 [2014/08/02 11:35:42 | 199,001,032 | ---- | M] () -- C:\Users\paque_000\Desktop\BENZI_SUMMER_2014.zip [2014/08/02 11:14:53 | 128,628,462 | ---- | M] () -- C:\Users\paque_000\Desktop\RWDBE.zip [2014/08/02 01:44:01 | 000,527,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll [2014/08/01 23:11:49 | 000,918,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll [2014/08/01 20:17:43 | 000,704,480 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2014/08/01 20:17:43 | 000,105,440 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2014/07/31 16:32:24 | 000,000,172 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NAVx64\1505000.013\isolate.ini [2014/07/31 01:48:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NSTx64\7DE07060.00F\isolate.ini [2014/07/28 14:59:24 | 072,704,417 | ---- | M] () -- C:\Users\paque_000\Desktop\Superheroes_Anonymous_5_-_Road_Trip_Edition.mp3 [2014/07/25 09:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2014/07/25 09:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll [2014/07/25 08:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll [2014/07/25 08:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll [2014/07/25 08:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2014/07/25 08:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2014/07/25 08:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JavaScriptCollectionAgent.dll [2014/07/25 08:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2014/07/25 08:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2014/07/25 08:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll [2014/07/25 07:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2014/07/25 07:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll [2014/07/25 07:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2014/07/25 07:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2014/07/25 07:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2014/07/25 07:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2014/07/25 06:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2014/07/25 06:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2014/07/24 13:05:34 | 000,426,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1406221557546 [2014/07/24 13:01:48 | 004,834,344 | ---- | M] (AVAST Software) -- C:\Users\paque_000\Desktop\avast_premier_antivirus_setup_online.exe [2014/07/24 12:39:30 | 000,426,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1406220000921 [2014/07/23 01:13:10 | 000,030,068 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NAVx64\1505000.013\symvtcer.dat [2014/07/22 17:24:07 | 001,176,696 | ---- | M] () -- C:\Users\paque_000\AppData\Roaming\AndyCleanVM.exe [2014/07/22 17:24:04 | 001,177,208 | ---- | M] () -- C:\Users\paque_000\AppData\Roaming\AndyCleanupTool.exe [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/08/20 21:57:36 | 001,364,531 | ---- | C] () -- C:\Users\paque_000\Desktop\AdwCleaner.exe [2014/08/20 20:40:21 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/08/19 20:16:20 | 017,591,880 | ---- | C] () -- C:\Users\paque_000\Desktop\mp68-win-mx890-1_02-ejs.exe [2014/08/19 19:29:37 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\DriverToolkit Autorun.job [2014/08/15 13:51:00 | 056,901,091 | ---- | C] () -- C:\Users\paque_000\Desktop\Diplo Random White Dude Be On KIIS FM Mix.mp3 [2014/08/15 13:07:09 | 000,001,606 | ---- | C] () -- C:\Users\paque_000\Desktop\Its Always Sunny in Philadelphia Season 1, 2, 3, 4, 5, 6 & 7 + Extras DVDRip TSV - Shortcut.lnk [2014/08/12 23:28:37 | 000,001,337 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014/08/12 22:04:40 | 066,016,339 | ---- | C] () -- C:\Users\paque_000\Desktop\01 Diplo - MAD DECENT Mondays - XS Las Vegas 2014.mp3 [2014/08/11 13:01:53 | 184,748,728 | ---- | C] () -- C:\Users\paque_000\Desktop\www.NewAlbumReleases.net_Savant_-_Protos_(2014).rar [2014/08/11 13:01:25 | 194,035,304 | ---- | C] () -- C:\Users\paque_000\Desktop\www.NewAlbumReleases.net_Araabmuzik - For Professional Use Only 2 (2014).rar [2014/08/07 10:49:38 | 000,005,193 | ---- | C] () -- C:\Users\paque_000\AppData\Local\recently-used.xbel [2014/08/06 23:33:31 | 000,001,481 | ---- | C] () -- C:\Users\paque_000\Desktop\gimp-2.8 - Shortcut.lnk [2014/08/06 23:01:08 | 000,000,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2014/08/06 22:17:51 | 069,584,755 | ---- | C] () -- C:\Users\paque_000\Desktop\Martin Garrix - Live @ Lollapalooza 2014 (Chicago) [www.edmchicago.com].mp3 [2014/08/02 18:22:47 | 031,081,115 | ---- | C] () -- C:\Users\paque_000\Desktop\Drop the Bassline Podcast 002 Mixed By iNexus.mp3 [2014/08/02 17:59:55 | 000,000,299 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk [2014/08/02 11:35:20 | 199,001,032 | ---- | C] () -- C:\Users\paque_000\Desktop\BENZI_SUMMER_2014.zip [2014/08/02 11:14:36 | 128,628,462 | ---- | C] () -- C:\Users\paque_000\Desktop\RWDBE.zip [2014/07/28 17:15:26 | 000,000,409 | ---- | C] () -- C:\Users\paque_000\Desktop\Run.lnk [2014/07/28 14:59:13 | 072,704,417 | ---- | C] () -- C:\Users\paque_000\Desktop\Superheroes_Anonymous_5_-_Road_Trip_Edition.mp3 [2014/07/24 13:56:09 | 000,002,314 | ---- | C] () -- C:\Users\paque_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/07/24 13:56:09 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/07/22 17:24:07 | 001,176,696 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\AndyCleanVM.exe [2014/07/22 17:24:03 | 001,177,208 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\AndyCleanupTool.exe [2014/05/21 00:33:38 | 000,348,088 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll [2014/05/21 00:33:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2014/05/21 00:33:32 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll [2014/04/20 10:52:40 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014/03/13 16:40:12 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014/02/20 19:58:53 | 000,003,584 | ---- | C] () -- C:\Users\paque_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/02/11 18:13:45 | 000,000,166 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\PLGComp.ini [2013/10/07 19:50:02 | 000,099,384 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\inst.exe [2013/10/07 19:50:02 | 000,007,859 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\pcouffin.cat [2013/10/07 19:50:02 | 000,001,167 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\pcouffin.inf [2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2013/07/25 23:19:46 | 000,000,132 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\Adobe BMP Format CS5 Prefs [2013/07/20 16:09:42 | 879,200,072 | ---- | C] () -- C:\Users\paque_000\AppData\Roaming\.minecraft.zip [2013/05/22 14:42:41 | 000,000,097 | ---- | C] () -- C:\Users\paque_000\AppData\Local\fusioncache.dat [2013/05/22 14:41:19 | 000,864,980 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2013/05/19 18:56:45 | 000,000,271 | ---- | C] () -- C:\Users\paque_000\AppData\Local\RegisteredPackageInformation.xml [2013/01/19 14:02:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013/01/19 14:00:30 | 000,451,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ISSRemoveSP.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/04/06 12:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 11:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014/06/15 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\.minecraft [2013/11/09 22:21:46 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\AnvSoft [2014/07/24 12:41:40 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\AVAST Software [2014/08/08 20:55:20 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\BitTorrent [2013/07/20 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Canon [2014/08/19 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Configuration [2013/12/20 13:13:40 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Convert Audio Free [2013/11/23 10:36:09 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Digiarty [2013/06/23 10:30:50 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\DMCache [2013/06/22 17:27:02 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Downloaded Installations [2013/11/10 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\DVDVideoSoft [2013/05/19 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\FileOpen [2013/12/20 13:15:09 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\freemkvtomp4converter [2013/11/19 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\FreeMoviesToDVD [2013/06/26 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\GameMaker [2013/10/07 20:05:44 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\GetRightToGo [2014/05/27 17:37:50 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\HTC [2013/11/04 17:04:56 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\ID Vault [2013/05/22 14:42:15 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Imaxel [2013/06/23 10:28:48 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Internet Download Accelerator [2013/06/23 10:35:42 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Mipony [2013/05/19 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Nitro [2014/08/19 19:05:20 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Nitro PDF [2014/07/29 23:13:42 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\ooVoo Details [2014/07/24 12:22:20 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Panda Security [2014/08/06 22:59:50 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\PhotoFiltre [2013/06/22 15:35:24 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\puush [2014/03/05 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\redsn0w [2014/07/22 17:22:01 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\TeamViewer [2014/08/19 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\uTorrent [2013/10/07 20:51:08 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Vso [2013/09/02 22:23:11 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\WebApp [2013/08/09 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\paque_000\AppData\Roaming\Wondershare [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV:[b]64bit:[/b] - [2014/02/22 08:02:14 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:[b]64bit:[/b] - [2014/02/22 08:06:28 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:[b]64bit:[/b] - [2013/08/22 05:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:[b]64bit:[/b] - [2013/08/22 06:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:[b]64bit:[/b] - [2014/04/30 00:14:19 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:[b]64bit:[/b] - [2013/08/22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV - [2013/08/21 22:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2013/08/22 05:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2013/08/21 22:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:[b]64bit:[/b] - [2013/08/22 06:00:58 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:[b]64bit:[/b] - [2013/08/22 06:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV:[b]64bit:[/b] - [2014/02/22 05:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:[b]64bit:[/b] - [2014/04/30 00:23:54 | 000,353,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2014/04/29 23:46:07 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2014/03/04 03:13:06 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:[b]64bit:[/b] - [2013/08/22 05:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost) SRV:[b]64bit:[/b] - [2013/08/22 07:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2013/08/22 00:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:[b]64bit:[/b] - [2013/11/14 03:29:00 | 000,433,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:[b]64bit:[/b] - [2013/08/22 05:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:[b]64bit:[/b] - [2014/03/26 23:15:43 | 000,718,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:[b]64bit:[/b] - [2013/08/22 05:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:[b]64bit:[/b] - [2013/08/22 05:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:[b]64bit:[/b] - [2013/08/22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2013/08/22 05:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:[b]64bit:[/b] - [2013/08/22 09:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:[b]64bit:[/b] - [2014/03/06 05:19:44 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:[b]64bit:[/b] - [2013/08/22 05:10:12 | 000,798,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) No service found with a name of ProtectedStorage No service found with a name of EMDMgmt SRV:[b]64bit:[/b] - [2013/08/22 07:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:[b]64bit:[/b] - [2014/01/28 20:18:11 | 000,534,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:[b]64bit:[/b] - [2014/02/22 05:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:[b]64bit:[/b] - [2013/08/22 07:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:[b]64bit:[/b] - [2013/08/22 09:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:[b]64bit:[/b] - [2014/04/08 23:33:54 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:[b]64bit:[/b] - [2014/03/26 23:46:01 | 000,323,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:[b]64bit:[/b] - [2013/08/22 05:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2013/08/21 22:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:[b]64bit:[/b] - [2013/12/31 19:57:55 | 001,214,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:[b]64bit:[/b] - [2013/08/22 06:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV - [2013/08/21 23:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV:[b]64bit:[/b] - [2013/08/22 06:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2014/03/04 02:50:11 | 000,220,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:[b]64bit:[/b] - [2014/03/26 23:10:11 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:[b]64bit:[/b] - [2014/04/06 07:01:37 | 000,834,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv) SRV:[b]64bit:[/b] - [2014/04/06 07:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) No service found with a name of SDRSVC SRV:[b]64bit:[/b] - [2014/03/23 22:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:[b]64bit:[/b] - [2013/08/22 05:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog) SRV:[b]64bit:[/b] - [2013/08/22 05:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:[b]64bit:[/b] - [2013/08/22 06:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:[b]64bit:[/b] - [2013/08/22 07:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver) SRV - [2013/08/21 23:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver) SRV:[b]64bit:[/b] - [2013/08/22 05:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:[b]64bit:[/b] - [2014/05/30 22:48:46 | 003,463,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:[b]64bit:[/b] - [2013/08/22 06:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:[b]64bit:[/b] - [2014/03/19 01:02:08 | 001,527,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc) SRV:[b]64bit:[/b] - [2013/08/22 05:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2013/11/04 11:41:30 | 000,011,264 | ---- | M] () -- C:\wajam_validate.exe [color=#A23BEC]< c:\program files (x86)\Google\Desktop >[/color] [2013/05/23 16:16:20 | 000,000,924 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2013/05/23 16:16:21 | 000,000,928 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2013/08/22 10:45:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2014/08/19 19:29:37 | 000,000,384 | ---- | C] () -- C:\WINDOWS\Tasks\DriverToolkit Autorun.job [color=#A23BEC]< c:\program files\Google\Desktop >[/color] [color=#A23BEC]< dir "%systemdrive%\*" /S /A:L /C >[/color] Volume in drive C is Windows8_OS Volume Serial Number is DA8E-2827 Directory of C:\ 08/22/2013 10:45 AM Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\ProgramData 08/22/2013 10:45 AM Application Data [C:\ProgramData] 08/22/2013 10:45 AM Desktop [C:\Users\Public\Desktop] 08/22/2013 10:45 AM Documents [C:\Users\Public\Documents] 08/22/2013 10:45 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 08/22/2013 10:45 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users 08/22/2013 10:45 AM All Users [C:\ProgramData] 08/22/2013 10:45 AM Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 08/22/2013 10:45 AM Application Data [C:\ProgramData] 08/22/2013 10:45 AM Desktop [C:\Users\Public\Desktop] 08/22/2013 10:45 AM Documents [C:\Users\Public\Documents] 08/22/2013 10:45 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 08/22/2013 10:45 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default 08/22/2013 10:45 AM Application Data [C:\Users\Default\AppData\Roaming] 08/22/2013 10:45 AM Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies] 08/22/2013 10:45 AM Local Settings [C:\Users\Default\AppData\Local] 08/22/2013 10:45 AM My Documents [C:\Users\Default\Documents] 08/22/2013 10:45 AM NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 08/22/2013 10:45 AM PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 08/22/2013 10:45 AM Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 08/22/2013 10:45 AM SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 08/22/2013 10:45 AM Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 08/22/2013 10:45 AM Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 08/22/2013 10:45 AM Application Data [C:\Users\Default\AppData\Local] 08/22/2013 10:45 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 08/22/2013 10:45 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local\Microsoft\Windows 08/22/2013 10:45 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 08/22/2013 10:45 AM My Music [C:\Users\Default\Music] 08/22/2013 10:45 AM My Pictures [C:\Users\Default\Pictures] 08/22/2013 10:45 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Default.migrated\Documents 07/26/2012 03:22 AM My Music [C:\Users\Default\Music] 07/26/2012 03:22 AM My Pictures [C:\Users\Default\Pictures] 07/26/2012 03:22 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\paque_000 02/20/2014 07:08 PM Application Data [C:\Users\paque_000\AppData\Roaming] 02/20/2014 07:08 PM Cookies [C:\Users\paque_000\AppData\Local\Microsoft\Windows\INetCookies] 02/20/2014 07:08 PM Local Settings [C:\Users\paque_000\AppData\Local] 02/20/2014 07:08 PM My Documents [C:\Users\paque_000\Documents] 02/20/2014 07:08 PM NetHood [C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 02/20/2014 07:08 PM PrintHood [C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 02/20/2014 07:08 PM Recent [C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Recent] 02/20/2014 07:08 PM SendTo [C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\SendTo] 02/20/2014 07:08 PM Start Menu [C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Start Menu] 02/20/2014 07:08 PM Templates [C:\Users\paque_000\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\paque_000\AppData\Local 02/20/2014 07:08 PM Application Data [C:\Users\paque_000\AppData\Local] 02/20/2014 07:08 PM History [C:\Users\paque_000\AppData\Local\Microsoft\Windows\History] 02/20/2014 07:08 PM Temporary Internet Files [C:\Users\paque_000\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\paque_000\AppData\Local\Microsoft\Windows 02/20/2014 07:08 PM Temporary Internet Files [C:\Users\paque_000\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\paque_000\AppData\Local\Microsoft\Windows\INetCache 02/20/2014 07:34 PM Content.IE5 [C:\Users\paque_000\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Directory of C:\Users\paque_000\AppData\Local\Microsoft\Windows\INetCache\Low 02/20/2014 10:01 PM Content.IE5 [C:\Users\paque_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\] 0 File(s) 0 bytes Directory of C:\Users\paque_000\Documents 02/20/2014 07:08 PM My Music [C:\Users\paque_000\Music] 02/20/2014 07:08 PM My Pictures [C:\Users\paque_000\Pictures] 02/20/2014 07:08 PM My Videos [C:\Users\paque_000\Videos] 0 File(s) 0 bytes Directory of C:\Users\paque_000\SkyDrive\photos 01/05/2014 10:22 PM (0) 1377387729506 1.jpg 12/18/2013 09:52 AM (0) 1377387729506.jpg 01/05/2014 10:22 PM (0) 1377737973746.jpg 01/05/2014 10:22 PM (0) 1377818308334 1.jpg 12/18/2013 09:52 AM (0) 1377818308334.jpg 01/05/2014 10:22 PM (0) 1377818752524 1.jpg 12/18/2013 09:52 AM (0) 1377818752524.jpg 01/05/2014 10:22 PM (0) 1377818765254 1.jpg 12/18/2013 09:52 AM (0) 1377818765254.jpg 12/18/2013 09:52 AM (0) 1377880396038.jpg 01/05/2014 10:24 PM (0) 1378060388411 1.jpg 12/18/2013 09:52 AM (0) 1378060388411.jpg 01/05/2014 10:24 PM (0) 1378081287025 1.jpg 12/18/2013 09:52 AM (0) 1378081287025.jpg 01/05/2014 10:25 PM (0) 1378866527861 1.jpg 12/18/2013 09:53 AM (0) 1378866527861.jpg 01/05/2014 10:26 PM (0) 1379553462615 1.jpg 12/18/2013 09:53 AM (0) 1379553462615.jpg 01/05/2014 10:26 PM (0) 1379556262886.jpg 01/05/2014 10:26 PM (11,454) 1379619522961.jpg 01/05/2014 10:26 PM (517,286) 1379876706779.jpg 01/05/2014 10:26 PM (0) 1379876731994.jpg 01/05/2014 10:26 PM (144,726) 1379902474129.jpg 01/05/2014 10:26 PM (0) 1379940049878 1.jpg 12/18/2013 09:53 AM (0) 1379940049878.jpg 01/05/2014 10:27 PM (59,520) 1380279207562 1.jpg 12/18/2013 09:56 AM (59,520) 1380279207562.jpg 01/05/2014 10:27 PM (0) 1380340306370 1.jpg 12/18/2013 09:53 AM (0) 1380340306370.jpg 01/05/2014 10:27 PM (0) 1380763106964 1.jpg 12/18/2013 09:56 AM (0) 1380763106964.jpg 01/05/2014 10:28 PM (0) 1380763306540 1.jpg 12/18/2013 09:57 AM (0) 1380763306540.jpg 01/05/2014 10:28 PM (0) 1380828067375 1.jpg 12/18/2013 09:57 AM (0) 1380828067375.jpg 01/05/2014 10:27 PM (0) 1380833043235 1.jpg 12/18/2013 09:57 AM (0) 1380833043235.jpg 01/05/2014 10:28 PM (0) 1381556478370 1.jpg 12/18/2013 09:57 AM (0) 1381556478370.jpg 01/05/2014 10:31 PM (0) 1381872195460 1.jpg 12/18/2013 09:59 AM (0) 1381872195460.jpg 01/05/2014 10:31 PM (0) 1382091921672 1.jpg 12/18/2013 10:00 AM (0) 1382091921672.jpg 01/05/2014 10:31 PM (0) 1382188836285 1.jpg 12/18/2013 10:00 AM (0) 1382188836285.jpg 01/05/2014 10:31 PM (0) 1382188836312 1.jpg 12/18/2013 10:00 AM (0) 1382188836312.jpg 01/05/2014 10:32 PM (0) 1382490805341 1.jpg 12/18/2013 10:00 AM (0) 1382490805341.jpg 01/05/2014 10:32 PM (0) 1382491074986 1.jpg 12/18/2013 10:00 AM (0) 1382491074986.jpg 01/05/2014 10:32 PM (0) 1382660274133.jpg 12/18/2013 10:00 AM (0) 1382660274172.jpg 01/05/2014 10:33 PM (0) 1382894477066 1.jpg 12/18/2013 10:01 AM (0) 1382894477066.jpg 01/05/2014 10:32 PM (0) 1383086273231 1.jpg 12/18/2013 10:01 AM (0) 1383086273231.jpg 01/05/2014 10:34 PM (0) 1383910867416 1.jpg 12/18/2013 10:05 AM (0) 1383910867416.jpg 01/05/2014 10:34 PM (0) 1383945290034 1.jpg 12/18/2013 10:04 AM (0) 1383945290034.jpg 01/05/2014 10:34 PM (0) 1383945430709 1.jpg 12/18/2013 10:04 AM (0) 1383945430709.jpg 01/05/2014 10:34 PM (0) 1384022489164 1.jpg 12/18/2013 10:05 AM (0) 1384022489164.jpg 12/18/2013 10:05 AM (1,124,343) 1384209078036.jpg 01/05/2014 10:36 PM (0) 1384212397516 1.jpg 12/18/2013 10:06 AM (0) 1384212397516.jpg 01/05/2014 10:36 PM (0) 1384447108144 1.jpg 12/18/2013 10:06 AM (0) 1384447108144.jpg 01/05/2014 10:36 PM (0) 1384532322286 1.jpg 12/18/2013 10:06 AM (0) 1384532322286.jpg 01/05/2014 10:35 PM (0) 1384900374394 1.jpg 12/18/2013 10:05 AM (0) 1384900374394.jpg 01/05/2014 10:35 PM (0) 1384992996986 1.jpg 12/18/2013 10:06 AM (0) 1384992996986.jpg 12/18/2013 10:06 AM (43,126) 1385650688973.jpg 12/18/2013 10:08 AM (0) 1386033803679.jpg 01/05/2014 10:36 PM (0) 1386102013433 1.jpg 12/18/2013 10:07 AM (0) 1386102013433.jpg 12/18/2013 10:08 AM (0) 1386273724947.jpg 12/18/2013 10:07 AM (0) 1386273730678.jpg 12/18/2013 10:07 AM (0) 1386274800508.jpg 12/18/2013 10:07 AM (0) 1386275108486.jpg 12/18/2013 10:08 AM (0) 1386792141469.jpg 12/18/2013 10:08 AM (0) 1387226055297.jpg 12/18/2013 10:08 AM (0) 1387321113255.jpg 01/05/2014 10:36 PM (0) 1387597055319.jpg 01/05/2014 10:36 PM (0) 1387597058560.jpg 01/05/2014 10:37 PM (0) 1388946759475.jpg 01/05/2014 10:37 PM (0) 1388946759514.jpg 12/18/2013 10:11 AM (437,017) IMAG0012.jpg 12/18/2013 10:11 AM (966,302) IMAG0013.jpg 12/18/2013 10:11 AM (407,726) IMAG0014.jpg 12/18/2013 10:11 AM (633,588) IMAG0025.jpg 12/18/2013 10:11 AM (641,889) IMAG0028.jpg 12/18/2013 10:11 AM (1,103,445) IMAG0029.jpg 12/18/2013 10:11 AM (778,332) IMAG0030.jpg 12/18/2013 10:11 AM (546,078) IMAG0035.jpg 12/18/2013 10:11 AM (626,135) IMAG0036.jpg 12/18/2013 10:12 AM (532,963) IMAG0037.jpg 12/18/2013 10:12 AM (1,460,964) IMAG0038_ZOE001.jpg 12/18/2013 10:12 AM (1,477,533) IMAG0038_ZOE002.jpg 12/18/2013 10:12 AM (1,456,822) IMAG0038_ZOE003.jpg 12/18/2013 10:12 AM (1,484,178) IMAG0038_ZOE004.jpg 12/18/2013 10:13 AM (1,473,605) IMAG0038_ZOE005.jpg 12/18/2013 10:13 AM (1,481,127) IMAG0038_ZOE006_SHOT.jpg 12/18/2013 10:13 AM (1,478,419) IMAG0038_ZOE007.jpg 12/18/2013 10:13 AM (1,473,588) IMAG0038_ZOE008.jpg 12/18/2013 10:13 AM (1,475,448) IMAG0038_ZOE009.jpg 12/18/2013 10:14 AM (1,477,285) IMAG0038_ZOE010.jpg 12/18/2013 10:14 AM (1,294,616) IMAG0038_ZOE011.jpg 12/18/2013 10:14 AM (1,333,214) IMAG0038_ZOE013.jpg 12/18/2013 10:16 AM (509,006) IMAG0147.jpg 12/18/2013 10:16 AM (539,172) IMAG0153.jpg 12/18/2013 10:21 AM (950,007) IMAG0167.jpg 12/18/2013 10:21 AM (1,111,067) IMAG0168.jpg 12/18/2013 10:20 AM (976,352) IMAG0186.jpg 12/18/2013 10:20 AM (1,056,718) IMAG0192.jpg 12/18/2013 10:18 AM (787,472) IMAG0196.jpg 12/18/2013 10:18 AM (471,299) IMAG0198.jpg 12/18/2013 10:17 AM (2,065,053) IMAG0202.jpg 12/18/2013 10:18 AM (1,379,925) IMAG0203.jpg 12/18/2013 10:21 AM (966,822) IMAG0210.jpg 12/18/2013 10:22 AM (797,036) IMAG0211.jpg 12/18/2013 10:21 AM (1,350,435) IMAG0212.jpg 12/18/2013 10:21 AM (1,074,911) IMAG0216.jpg 01/05/2014 10:11 PM (1,020,556) IMAG0922.jpg 01/05/2014 10:16 PM (1,141,111) IMAG0927.jpg 01/05/2014 10:17 PM (1,339,861) IMAG0928.jpg 01/05/2014 10:16 PM (899,270) IMAG0929.jpg 01/05/2014 10:17 PM (990,236) IMAG0930.jpg 01/05/2014 10:17 PM (1,147,999) IMAG0931.jpg 12/27/2013 06:07 PM (1,182,339) IMAG0932.jpg 12/27/2013 06:04 PM (905,914) IMAG0933.jpg 12/27/2013 06:04 PM (957,661) IMAG0934.jpg 12/27/2013 06:04 PM (1,001,424) IMAG0936.jpg 12/27/2013 06:04 PM (1,007,549) IMAG0938.jpg 12/27/2013 06:05 PM (1,047,094) IMAG0940.jpg 01/05/2014 10:21 PM (993,013) IMAG0949.jpg 01/05/2014 10:21 PM (723,331) IMAG0950.jpg 01/05/2014 10:21 PM (737,659) IMAG0951.jpg 01/05/2014 10:18 PM (862,900) IMAG0952.jpg 01/05/2014 10:44 PM (669,725) IMAG0955 1.jpg 01/05/2014 10:18 PM (669,725) IMAG0955.jpg 01/05/2014 10:44 PM (1,051,006) IMAG0961.jpg 01/05/2014 10:44 PM (1,067,831) IMAG0962 1.jpg 01/05/2014 10:17 PM (1,067,831) IMAG0962.jpg 01/05/2014 10:43 PM (1,824,137) IMAG0966 1.jpg 01/05/2014 10:17 PM (1,824,137) IMAG0966.jpg 01/05/2014 10:42 PM (894,081) IMAG0967.jpg 01/05/2014 10:42 PM (1,339,205) IMAG0968.jpg 01/05/2014 10:42 PM (570,328) IMAG0969.jpg 01/05/2014 10:43 PM (900,065) IMAG0976.jpg 01/05/2014 10:43 PM (986,425) IMAG0979.jpg 01/05/2014 10:43 PM (1,039,919) IMAG0981.jpg 01/05/2014 10:43 PM (809,229) IMAG0990.jpg 01/05/2014 10:40 PM (992,746) IMAG0993.jpg 01/05/2014 10:41 PM (1,872,292) IMAG0997.jpg 01/05/2014 10:40 PM (2,046,456) IMAG0998.jpg 01/05/2014 10:40 PM (1,398,627) IMAG1001.jpg 01/05/2014 10:41 PM (1,601,748) IMAG1004.jpg 01/05/2014 10:42 PM (1,309,408) IMAG1005 1.jpg 01/05/2014 10:42 PM (1,309,408) IMAG1005.jpg 01/05/2014 10:41 PM (857,264) IMAG1007.jpg 01/05/2014 10:41 PM (1,437,072) IMAG1033.jpg 01/05/2014 10:39 PM (1,191,946) IMAG1037.jpg 01/05/2014 10:39 PM (1,236,374) IMAG1040.jpg 01/05/2014 10:39 PM (1,103,066) IMAG1041.jpg 01/05/2014 10:39 PM (1,058,115) IMAG1047.jpg 01/05/2014 10:40 PM (1,030,903) IMAG1051.jpg 01/05/2014 10:40 PM (628,272) IMAG1067.jpg 01/05/2014 10:39 PM (823,820) IMAG1068.jpg 01/05/2014 10:39 PM (969,558) IMAG1071.jpg 01/05/2014 10:50 PM (1,015,142) IMAG1097.jpg 01/05/2014 10:49 PM (1,135,668) IMAG1098.jpg 01/05/2014 10:50 PM (1,020,450) IMAG1101.jpg 01/05/2014 10:50 PM (1,143,124) IMAG1105.jpg 01/05/2014 10:50 PM (1,205,107) IMAG1106.jpg 01/05/2014 10:50 PM (1,162,211) IMAG1113.jpg 01/05/2014 10:51 PM (1,301,910) IMAG1115.jpg 01/05/2014 10:51 PM (653,106) IMAG1125.jpg 01/05/2014 10:48 PM (688,240) IMAG1126.jpg 01/05/2014 10:48 PM (614,855) IMAG1128.jpg 01/05/2014 10:48 PM (577,288) IMAG1129.jpg 01/05/2014 10:48 PM (906,789) IMAG1133.jpg 01/05/2014 10:49 PM (975,038) IMAG1136.jpg 01/05/2014 10:49 PM (588,981) IMAG1140.jpg 01/05/2014 10:49 PM (815,124) IMAG1143.jpg 01/05/2014 10:49 PM (844,321) IMAG1144.jpg 01/05/2014 10:46 PM (986,960) IMAG1145.jpg 01/05/2014 10:46 PM (943,718) IMAG1146.jpg 01/05/2014 10:46 PM (1,600,051) IMAG1147_BURST002.jpg 01/05/2014 10:47 PM (520,672) IMAG1149.jpg 01/05/2014 10:47 PM (1,069,594) IMAG1150.jpg 01/05/2014 10:47 PM (2,609,066) IMAG1152.jpg 01/05/2014 10:47 PM (779,949) IMAG1155.jpg 01/05/2014 10:47 PM (286,226) IMAG1159.jpg 01/05/2014 10:44 PM (1,271,108) IMAG1166.jpg 01/05/2014 10:45 PM (1,439,592) IMAG1170.jpg 01/05/2014 10:45 PM (812,855) IMAG1179.jpg 01/05/2014 10:45 PM (1,311,739) IMAG1183.jpg 01/05/2014 10:45 PM (1,724,067) IMAG1184.jpg 01/05/2014 10:46 PM (781,861) IMAG1195 1.jpg 01/05/2014 10:45 PM (781,861) IMAG1195.jpg 01/05/2014 10:46 PM (980,950) IMAG1196.jpg 01/05/2014 10:46 PM (883,121) IMAG1197.jpg 01/05/2014 10:53 PM (610,301) IMAG1209.jpg 01/05/2014 10:53 PM (697,393) IMAG1211.jpg 01/05/2014 10:53 PM (678,501) IMAG1212.jpg 01/05/2014 10:53 PM (612,078) IMAG1214.jpg 01/05/2014 10:52 PM (710,618) IMAG1215.jpg 01/05/2014 10:52 PM (987,903) IMAG1217.jpg 01/05/2014 10:52 PM (435,184) IMAG1218.jpg 01/05/2014 10:52 PM (1,713,240) IMAG1220.jpg 01/05/2014 10:52 PM (1,909,455) IMAG1221.jpg 01/05/2014 10:51 PM (1,334,591) IMAG1222.jpg 01/05/2014 10:51 PM (1,990,535) IMAG1223.jpg 01/05/2014 10:21 PM (488,049) IMG_20130814_181136 1.jpg 12/18/2013 09:48 AM (488,049) IMG_20130814_181136.jpg 01/05/2014 10:21 PM (762,324) IMG_20130814_183538 1.jpg 12/18/2013 09:52 AM (762,324) IMG_20130814_183538.jpg 01/05/2014 10:21 PM (647,230) IMG_20130815_101058 1.jpg 12/18/2013 09:52 AM (647,230) IMG_20130815_101058.jpg 01/05/2014 10:22 PM (470,623) IMG_20130826_125746 1.jpg 12/18/2013 09:52 AM (470,623) IMG_20130826_125746.jpg 01/05/2014 10:22 PM (1,027,038) IMG_20130828_095902 1.jpg 12/18/2013 09:52 AM (1,027,038) IMG_20130828_095902.jpg 01/05/2014 10:24 PM (578,664) IMG_20130831_221925 1.jpg 12/18/2013 09:52 AM (578,664) IMG_20130831_221925.jpg 01/05/2014 10:24 PM (757,141) IMG_20130909_132704 1.jpg 12/18/2013 09:53 AM (757,141) IMG_20130909_132704.jpg 01/05/2014 10:24 PM (537,738) IMG_20130909_164348 1.jpg 12/18/2013 09:53 AM (537,738) IMG_20130909_164348.jpg 01/05/2014 10:24 PM (950,905) IMG_20130909_164444 1.jpg 12/18/2013 09:53 AM (950,905) IMG_20130909_164444.jpg 01/05/2014 10:25 PM (2,261,068) IMG_20130910_160740 1.jpg 12/18/2013 09:53 AM (2,261,068) IMG_20130910_160740.jpg 01/05/2014 10:25 PM (810,058) IMG_20130910_163715 1.jpg 12/18/2013 09:53 AM (810,058) IMG_20130910_163715.jpg 01/05/2014 10:26 PM (623,709) IMG_20130918_101547 1.jpg 12/18/2013 09:53 AM (623,709) IMG_20130918_101547.jpg 01/05/2014 10:27 PM (592,795) IMG_20130923_130153 1.jpg 12/18/2013 09:53 AM (592,795) IMG_20130923_130153.jpg 01/05/2014 10:27 PM (1,212,895) IMG_20130924_132836 1.jpg 12/18/2013 09:53 AM (1,212,895) IMG_20130924_132836.jpg 01/05/2014 10:27 PM (967,926) IMG_20130927_170405 1.jpg 12/18/2013 09:56 AM (967,926) IMG_20130927_170405.jpg 01/05/2014 10:28 PM (751,241) IMG_20131004_190534 1.jpg 12/18/2013 09:57 AM (751,241) IMG_20131004_190534.jpg 01/05/2014 10:28 PM (362,129) IMG_20131006_111155 1.jpg 12/18/2013 09:57 AM (362,129) IMG_20131006_111155.jpg 01/05/2014 10:29 PM (698,054) IMG_20131009_065748 1.jpg 12/18/2013 09:57 AM (698,054) IMG_20131009_065748.jpg 01/05/2014 10:28 PM (857,614) IMG_20131010_204512 1.jpg 12/18/2013 09:57 AM (857,614) IMG_20131010_204512.jpg 01/05/2014 10:31 PM (1,399,533) IMG_20131012_115916 1.jpg 12/18/2013 09:59 AM (1,399,533) IMG_20131012_115916.jpg 01/05/2014 10:31 PM (1,138,615) IMG_20131012_120008 1.jpg 12/18/2013 10:00 AM (1,138,615) IMG_20131012_120008.jpg 01/05/2014 10:31 PM (837,941) IMG_20131015_114903 1.jpg 12/18/2013 09:59 AM (837,941) IMG_20131015_114903.jpg 01/05/2014 10:31 PM (920,944) IMG_20131016_215605 1.jpg 12/18/2013 10:00 AM (920,944) IMG_20131016_215605.jpg 01/05/2014 10:32 PM (776,783) IMG_20131023_155453 1.jpg 12/18/2013 10:00 AM (776,783) IMG_20131023_155453.jpg 12/18/2013 10:01 AM (719,125) IMG_20131024_090806 1.jpg 01/05/2014 10:32 PM (719,125) IMG_20131024_090806 2.jpg 12/18/2013 10:00 AM (719,125) IMG_20131024_090806.jpg 01/05/2014 10:32 PM (571,142) IMG_20131024_201032 1.jpg 12/18/2013 10:00 AM (571,142) IMG_20131024_201032.jpg 01/05/2014 10:32 PM (779,663) IMG_20131026_190959 1.jpg 12/18/2013 10:01 AM (779,663) IMG_20131026_190959.jpg 01/05/2014 10:32 PM (615,115) IMG_20131027_131803 1.jpg 12/18/2013 10:01 AM (615,115) IMG_20131027_131803.jpg 12/18/2013 10:02 AM (786,399) IMG_20131028_152817.jpg 01/05/2014 10:33 PM (761,752) IMG_20131028_152827.jpg 12/18/2013 10:01 AM (414,024) IMG_20131028_202116.jpg 01/05/2014 10:33 PM (538,160) IMG_20131028_202127 1.jpg 12/18/2013 10:01 AM (538,160) IMG_20131028_202127.jpg 01/05/2014 10:34 PM (589,615) IMG_20131030_115719 1.jpg 12/18/2013 10:01 AM (589,615) IMG_20131030_115719.jpg 01/05/2014 10:34 PM (408,111) IMG_20131031_065631 1.jpg 12/18/2013 10:04 AM (408,111) IMG_20131031_065631.jpg 01/05/2014 10:34 PM (790,185) IMG_20131031_150233 1.jpg 12/18/2013 10:04 AM (790,185) IMG_20131031_150233.jpg 01/05/2014 10:34 PM (705,881) IMG_20131031_150304 1.jpg 12/18/2013 10:04 AM (705,881) IMG_20131031_150304.jpg 01/05/2014 10:33 PM (963,994) IMG_20131031_180948 1.jpg 12/18/2013 10:04 AM (963,994) IMG_20131031_180948.jpg 01/05/2014 10:33 PM (658,811) IMG_20131031_185601 1.jpg 12/18/2013 10:02 AM (658,811) IMG_20131031_185601.jpg 01/05/2014 10:33 PM (732,652) IMG_20131031_185617 1.jpg 12/18/2013 10:02 AM (732,652) IMG_20131031_185617.jpg 01/05/2014 10:34 PM (298,116) IMG_20131031_200203 1.jpg 12/18/2013 10:02 AM (298,116) IMG_20131031_200203.jpg 01/05/2014 10:35 PM (753,836) IMG_20131031_200226 1.jpg 12/18/2013 10:04 AM (753,836) IMG_20131031_200226.jpg 01/05/2014 10:35 PM (492,440) IMG_20131031_200619 1.jpg 12/18/2013 10:05 AM (492,440) IMG_20131031_200619.jpg 01/05/2014 10:35 PM (727,044) IMG_20131031_214422 1.jpg 12/18/2013 10:05 AM (727,044) IMG_20131031_214422.jpg 01/05/2014 10:35 PM (422,377) IMG_20131104_115714 1.jpg 12/18/2013 10:05 AM (422,377) IMG_20131104_115714.jpg 12/18/2013 10:06 AM (387,217) IMG_20131111_231648.jpg 01/05/2014 10:35 PM (731,619) IMG_20131118_204203 1.jpg 12/18/2013 10:05 AM (731,619) IMG_20131118_204203.jpg 12/18/2013 10:05 AM (340,522) IMG_20131121_154809.jpg 12/18/2013 10:07 AM (873,582) IMG_20131124_114322.jpg 12/18/2013 10:07 AM (917,097) IMG_20131124_114434.jpg 01/05/2014 10:36 PM (797,651) IMG_20131124_121135 1.jpg 12/18/2013 10:07 AM (797,651) IMG_20131124_121135.jpg 12/18/2013 10:07 AM (814,235) IMG_20131126_151850.jpg 01/05/2014 10:36 PM (757,393) IMG_20131127_121722 1.jpg 12/18/2013 10:06 AM (757,393) IMG_20131127_121722.jpg 01/05/2014 10:37 PM (791,191) IMG_20131127_121729 1.jpg 12/18/2013 10:06 AM (791,191) IMG_20131127_121729.jpg 01/05/2014 10:37 PM (758,393) IMG_20131127_121837 1.jpg 12/18/2013 10:06 AM (758,393) IMG_20131127_121837.jpg 12/18/2013 10:08 AM (887,344) IMG_20131128_114904.jpg 12/18/2013 10:07 AM (693,197) IMG_20131205_164940.jpg 01/05/2014 10:36 PM (1,005,567) IMG_20131211_071554 1.jpg 12/18/2013 10:08 AM (1,005,567) IMG_20131211_071554.jpg 01/05/2014 10:38 PM (846,047) IMG_20131222_190800.jpg 01/05/2014 10:38 PM (847,777) IMG_20131225_101657.jpg 01/05/2014 10:38 PM (644,829) IMG_20131225_113711.jpg 01/05/2014 10:38 PM (915,795) IMG_20140103_122438.jpg 01/05/2014 10:37 PM (963,684) IMG_20140103_151922.jpg 01/05/2014 10:37 PM (752,857) IMG_20140103_171826.jpg 01/05/2014 10:16 PM (55,460,776) VIDEO0037.mp4 12/27/2013 06:07 PM (12,891,134) VIDEO0040.mp4 12/27/2013 06:08 PM (7,145,398) VIDEO0041.mp4 12/27/2013 06:07 PM (11,841,757) VIDEO0042.mp4 12/27/2013 06:04 PM (13,849,628) VIDEO0045.mp4 01/05/2014 10:11 PM (272,290) VIDEO0045_0000002300.jpg 01/05/2014 10:11 PM (265,608) VIDEO0045_0000002367.jpg 12/27/2013 06:03 PM (302,673) VIDEO0045_0000002633.jpg 01/05/2014 10:20 PM (28,421,177) VIDEO0047.mp4 338 File(s) 351,778,823 bytes Directory of C:\Users\Public\Documents 08/22/2013 10:45 AM My Music [C:\Users\Public\Music] 08/22/2013 10:45 AM My Pictures [C:\Users\Public\Pictures] 08/22/2013 10:45 AM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache 02/20/2014 07:41 PM Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache 02/20/2014 07:41 PM Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Total Files Listed: 338 File(s) 351,778,823 bytes 57 Dir(s) 664,740,577,280 bytes free [color=#A23BEC]< MD5 for: RPCSS.DLL >[/color] [2014/04/24 15:24:39 | 000,172,806 | ---- | M] () MD5=2D13BAB0B28A50346143B983D1EAA0BC -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll [2014/02/22 05:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) MD5=81979817943D830BF24571B7C1B28A1A -- C:\WINDOWS\SysNative\rpcss.dll [2014/02/22 05:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) MD5=81979817943D830BF24571B7C1B28A1A -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 199 bytes -> C:\Users\paque_000\SkyDrive:ms-properties @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FB1B13D8 < End of report >