Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Oyodomo Redirect [Closed]


  • This topic is locked This topic is locked

#1
HELP.ME

HELP.ME

    Member

  • Member
  • PipPip
  • 29 posts
Hello! I really need some help with removing this virus. I keep getting an 'oyodomo.com' popup that redirects to various websites. I've tried to scan with McAfee Internet Security (both full and quick scan) but nothing is detected. I'm using Windows 8 64-bit.

My OTL scan log:

OTL logfile created on: 1/06/2013 2:32:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Annie\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.89 Gb Total Physical Memory | 3.36 Gb Available Physical Memory | 42.58% Memory free
15.89 Gb Paging File | 10.34 Gb Available in Paging File | 65.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 302.41 Gb Free Space | 81.16% Space Free | Partition Type: NTFS
Drive D: | 537.60 Gb Total Space | 537.44 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 47.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.68 Gb Total Space | 0.45 Gb Free Space | 12.26% Space Free | Partition Type: FAT32

Computer Name: ACHIEM-LAPTOP | User Name: Annie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 02:32:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Downloads\OTL.exe
PRC - [2013/05/23 15:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 13:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/04/23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/04/18 10:10:38 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2012/11/21 03:57:20 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/10/27 08:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/10/25 09:02:32 | 001,196,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012/10/18 13:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/10/18 03:51:58 | 000,107,736 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/10/18 03:51:52 | 000,778,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/10/18 03:51:52 | 000,168,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2012/10/06 09:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/09/19 06:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/09/17 12:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/09/15 07:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/09/01 13:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/28 06:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/23 03:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/07/30 22:27:58 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/07/18 08:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 08:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/28 06:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/26 04:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/29 04:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/14 04:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/29 12:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/22 08:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/08/26 04:54:20 | 001,203,200 | ---- | M] (8ySeven) -- C:\Program Files (x86)\TVTrigger\TVTrigger.exe
PRC - [2011/03/26 06:51:54 | 002,561,024 | ---- | M] (Leader Technologies/Epson) -- C:\Users\Annie\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 15:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 15:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 15:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 15:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 15:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 15:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/05/20 03:04:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d29382ad4b800178b51631569c928f0b\System.Configuration.ni.dll
MOD - [2013/05/20 02:27:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll
MOD - [2013/05/20 02:27:23 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c54b85a401b0379a9b775a644fad1b7\System.Windows.Forms.ni.dll
MOD - [2013/05/20 02:26:50 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa29c7539bd729147a7d1f1ae0ce5670\System.Configuration.ni.dll
MOD - [2013/05/20 02:26:48 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1058660861056b038fbc9274994c8b75\WindowsBase.ni.dll
MOD - [2013/05/20 02:26:44 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\024a883cc8b0013f72a77d594c278f4d\System.Core.ni.dll
MOD - [2013/05/09 03:05:30 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\a91dc79bf846144ee47efc08e17bb3e2\UIAutomationTypes.ni.dll
MOD - [2013/05/09 03:04:20 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9c568999a0acf1b64d580553fe3b11f3\System.Web.Services.ni.dll
MOD - [2013/05/09 03:04:19 | 011,843,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\514763136e7ea4730f5fb8120b6bbb30\System.Web.ni.dll
MOD - [2013/05/09 03:03:47 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8ba1dc2333b77df45f48b901493087a6\Accessibility.ni.dll
MOD - [2013/05/08 23:56:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013/05/08 23:56:21 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013/05/08 23:55:57 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013/05/08 23:55:53 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2013/05/08 23:55:46 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll
MOD - [2013/05/08 23:55:42 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll
MOD - [2013/05/08 23:55:32 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1f3dbc5b0a874bf49a4559e71274f8ba\System.ServiceProcess.ni.dll
MOD - [2013/05/08 23:55:16 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll
MOD - [2013/05/08 23:55:14 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll
MOD - [2013/05/08 23:55:06 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll
MOD - [2013/05/08 23:55:05 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll
MOD - [2013/05/08 23:54:55 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll
MOD - [2013/05/08 23:54:40 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll
MOD - [2013/05/08 23:54:34 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/18 03:51:52 | 000,168,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
MOD - [2012/10/18 03:51:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/08/26 04:51:50 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\HEvPC.dll
MOD - [2011/08/25 21:26:52 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\TVTrigger.XmlSerializers.dll
MOD - [2011/08/25 21:06:40 | 000,470,016 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\SetPC.dll
MOD - [2011/08/25 21:06:40 | 000,437,248 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\NetPC.dll
MOD - [2011/08/25 21:06:40 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\HPC.dll
MOD - [2011/08/25 21:06:38 | 001,911,296 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\SPC.dll
MOD - [2011/08/25 21:06:38 | 001,003,008 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\BrPC.dll
MOD - [2011/08/25 21:06:38 | 000,883,200 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\EpPC.dll
MOD - [2011/08/25 21:06:38 | 000,481,280 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\HLPC.dll
MOD - [2011/08/25 21:06:38 | 000,462,336 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\TSPC.dll
MOD - [2011/08/25 21:06:38 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\TDPC.dll
MOD - [2011/08/25 21:06:36 | 000,928,256 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\FSPC.dll
MOD - [2011/08/25 21:06:36 | 000,792,064 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\HGPC.dll
MOD - [2011/08/25 21:06:36 | 000,464,896 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\PrPC.dll
MOD - [2011/08/25 21:06:36 | 000,144,384 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\HFSPC.dll
MOD - [2011/08/25 21:06:34 | 000,392,704 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\CC.dll
MOD - [2011/08/25 21:06:34 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\TVTEng.dll
MOD - [2011/08/25 09:34:34 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\MonoTorrent.dll
MOD - [2011/06/12 01:33:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\MonoTorrent.Dht.dll
MOD - [2011/06/05 00:41:24 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\AxInterop.WMPLib.dll
MOD - [2011/06/05 00:41:18 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\ControlLibrary.dll
MOD - [2010/01/31 11:27:00 | 000,695,808 | ---- | M] () -- C:\Program Files (x86)\TVTrigger\DF.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/09 14:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 12:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 12:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/02/25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2013/02/02 18:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/29 11:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/10 09:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 09:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/17 05:35:50 | 000,042,336 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe -- (WakeupService)
SRV:64bit: - [2012/10/01 12:51:46 | 000,037,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2012/10/01 12:51:46 | 000,031,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2012/10/01 12:51:44 | 000,030,080 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2012/09/20 19:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 18:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 16:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 16:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/26 13:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 13:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 13:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 13:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 13:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 13:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 13:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 13:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 13:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 13:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 13:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 13:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/06/18 10:33:40 | 000,219,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McSchedulerSvc)
SRV:64bit: - [2012/06/18 10:33:40 | 000,219,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2012/06/18 10:33:40 | 000,219,832 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2012/04/21 08:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/03/31 06:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2012/01/27 08:19:18 | 000,332,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 16:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/15 14:10:16 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/06 09:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/09/20 18:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/28 06:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/30 22:27:58 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/07/26 13:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/18 08:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 08:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/28 06:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/26 04:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/14 04:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/22 08:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/04 16:29:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/09 15:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/03 17:58:16 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2013/04/03 17:58:16 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2013/04/03 17:58:16 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2013/04/03 17:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013/04/03 17:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013/04/03 17:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2013/03/02 20:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/03/02 20:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 20:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 20:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 20:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/19 13:40:52 | 000,069,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2013/02/02 21:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/02/02 17:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/29 11:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/29 09:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/10 11:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 13:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/21 03:57:28 | 000,062,848 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/11/20 14:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 13:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/15 14:10:00 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/12 18:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 17:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 17:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/11 15:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/10/08 19:02:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/01 12:51:44 | 000,363,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012/10/01 12:51:44 | 000,229,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012/10/01 12:51:44 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012/10/01 12:51:44 | 000,096,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012/10/01 12:51:44 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012/10/01 12:51:44 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012/09/20 17:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 17:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 17:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 17:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/19 18:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/09/19 06:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/02 13:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/31 02:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/30 22:27:52 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/07/26 15:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 15:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 15:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 15:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 15:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 15:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 15:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 15:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 15:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 15:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 15:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 15:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 15:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 15:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 15:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 15:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 15:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 14:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 14:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 14:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 13:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 12:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 12:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 12:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 12:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 12:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 12:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 12:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 12:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 12:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 12:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 12:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 12:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 12:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 12:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 12:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 12:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 12:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 12:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 12:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 12:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 12:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 12:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 13:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/03 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/13 20:23:58 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/06/03 00:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/03 00:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/03 00:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/31 13:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/03/31 06:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)
DRV:64bit: - [2012/03/31 06:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)
DRV - [2011/09/08 03:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/03 11:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zoneal...=&tstsId=&ver=
IE - HKCU\..\SearchScopes,DefaultScope = {CFD480D4-3568-46D3-8BAD-DE5B685F66B5}
IE - HKCU\..\SearchScopes\{CFD480D4-3568-46D3-8BAD-DE5B685F66B5}: "URL" = http://search.zoneal...Id=&ver=&&r=750
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.startup.homepage: "http://search.zoneal...&tstsId=&ver=&"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/04 13:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/16 01:22:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/05/16 19:59:46 | 000,000,000 | ---D | M]

[2013/05/29 19:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\mozilla\Extensions
[2013/05/31 18:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions
[2013/05/29 19:20:00 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/05/29 19:24:33 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions\[email protected]
[2013/05/04 13:55:13 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions\[email protected]
[2013/05/29 19:22:44 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Annie\AppData\Roaming\mozilla\firefox\profiles\pl2f3bh7.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/05/29 19:22:27 | 000,001,488 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\mozilla\firefox\profiles\pl2f3bh7.default\searchplugins\zonealarm.xml
[2013/05/25 13:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/23 20:50:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/25 13:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/08 01:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/23 20:50:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\ANNIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PL2F3BH7.DEFAULT\EXTENSIONS\[email protected]
[2013/04/10 16:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013/04/10 16:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 16:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com.au/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Docs = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: TopArcadeHits = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: Net Usage Item = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpcpakpimadnpalbfjcnaloaekhljog\1.3.361_0\
CHR - Extension: Skype Click to Call = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: TabCloud = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof\1.15_0\
CHR - Extension: Gmail = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Annie\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [ATLauncher] C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe (McAfee, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH3A.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4530 Series" File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Annie\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C34EC3E-934C-4DD8-85CF-1A99646FA80B}: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/15 19:48:54 | 000,000,025 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{80a15273-4e56-11e2-be6a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{80a15273-4e56-11e2-be6a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2007/05/15 19:48:54 | 004,952,591 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/01 01:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/05/31 09:48:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/30 22:09:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/05/29 22:30:55 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\TVTrigger Downloads
[2013/05/29 19:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\8ySeven
[2013/05/29 19:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVTrigger
[2013/05/29 19:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVTrigger
[2013/05/29 19:24:57 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\CheckPoint
[2013/05/29 19:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/05/29 19:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD
[2013/05/29 19:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013/05/29 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/05/29 19:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/05/29 19:20:04 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/05/29 19:19:59 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\TopArcadeHits
[2013/05/29 19:16:36 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Torrent Episode Downloader
[2013/05/29 19:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torrent Episode Downloader
[2013/05/29 19:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torrent Episode Downloader
[2013/05/26 02:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/05/25 23:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/25 23:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/25 23:12:51 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Apple Computer
[2013/05/25 23:12:50 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Apple Computer
[2013/05/25 23:11:04 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Apple
[2013/05/25 23:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/05/25 23:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/05/25 23:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/05/25 23:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/05/25 23:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/05/25 23:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/05/25 22:46:45 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2013/05/25 22:46:44 | 000,188,232 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2013/05/25 22:46:44 | 000,169,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2013/05/25 22:46:44 | 000,021,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2013/05/25 22:46:44 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2013/05/25 22:46:29 | 000,188,232 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2013/05/25 22:46:29 | 000,169,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2013/05/25 22:46:29 | 000,021,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2013/05/25 22:46:29 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2013/05/25 22:46:29 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2013/05/25 22:46:29 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2013/05/25 22:46:29 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2013/05/25 22:38:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/05/25 13:37:48 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\XMind
[2013/05/25 13:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/05/25 13:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/25 13:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/05/25 13:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2013/05/25 13:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
[2013/05/20 20:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013/05/20 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Audacity
[2013/05/20 20:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/05/15 21:03:45 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/05/11 11:44:44 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Game Dev Tycoon
[2013/05/11 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
[2013/05/11 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
[2013/05/11 11:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1-click run
[2013/05/09 08:38:24 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Leadertech
[2013/05/09 08:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/05/09 08:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/05/09 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/05/09 08:00:11 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\InstallShield
[2013/05/09 08:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/05/09 07:59:53 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Epson
[2013/05/09 07:59:31 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/05/09 07:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/05/09 07:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/05/09 07:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/05/09 07:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/05/09 07:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/05/09 07:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/05/08 13:55:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/05/08 13:55:28 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Samsung
[2013/05/08 13:55:26 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Samsung
[2013/05/08 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\samsung
[2013/05/08 01:51:58 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Skype
[2013/05/08 01:51:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/08 01:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/08 01:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/08 01:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/07 00:09:38 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2013/05/07 00:09:38 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2013/05/07 00:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013/05/07 00:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013/05/07 00:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/05/07 00:05:36 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013/05/07 00:05:32 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013/05/07 00:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/05/07 00:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013/05/06 00:12:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/05/05 08:55:09 | 000,000,000 | ---D | C] -- C:\sources
[2013/05/05 02:03:45 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Macroplant_LLC
[2013/05/05 02:01:48 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2013/05/05 02:01:48 | 000,190,480 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll
[2013/05/05 02:01:48 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll
[2013/05/05 02:01:48 | 000,141,328 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll
[2013/05/05 02:01:37 | 000,352,144 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2013/05/05 02:00:50 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Programs
[2013/05/05 01:00:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\Custom Office Templates
[2013/05/04 22:12:07 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Adobe
[2013/05/04 17:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/05/04 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/05/04 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/05/04 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013/05/04 17:05:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/05/04 17:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/05/04 16:45:38 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Downloaded Installations
[2013/05/04 16:45:35 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\vlc
[2013/05/04 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/04 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/05/04 16:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/05/04 16:38:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/05/04 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/05/04 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/05/04 16:37:36 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Microsoft Help
[2013/05/04 16:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/05/04 16:36:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/04 16:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/05/04 16:29:16 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/05/04 16:29:05 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\DAEMON Tools Lite
[2013/05/04 16:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/05/04 16:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013/05/04 16:28:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\uTorrent
[2013/05/04 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/05/04 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\WinRAR
[2013/05/04 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/05/04 15:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/05/04 15:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/05/04 15:27:30 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\Annie
[2013/05/04 15:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2013/05/04 13:53:38 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Mozilla
[2013/05/04 13:53:38 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Mozilla
[2013/05/04 13:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/04 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/04 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/04 13:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/04 13:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/04 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Google
[2013/05/04 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Deployment
[2013/05/04 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Apps
[2013/05/04 13:44:25 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Macromedia
[2013/05/04 13:25:57 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\ASUS WebStorage
[2013/05/04 13:25:30 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/04 13:25:30 | 000,000,000 | R--D | C] -- C:\Users\Annie\Searches
[2013/05/04 13:25:30 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/04 13:25:29 | 000,000,000 | -H-D | C] -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/04 13:25:27 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Adobe
[2013/05/04 13:25:26 | 000,000,000 | R--D | C] -- C:\Users\Annie\Contacts
[2013/05/04 13:25:20 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\ASUS
[2013/05/04 13:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2013/05/04 13:24:25 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\VirtualStore
[2013/05/04 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Packages
[2013/05/04 13:24:08 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\ASUS
[2013/05/04 13:21:39 | 000,000,000 | --SD | C] -- C:\Users\Annie\AppData\Roaming\Microsoft
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Videos
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Saved Games
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Pictures
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Music
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Links
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Favorites
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Downloads
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Documents
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Desktop
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\AppData\Local\Temporary Internet Files
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Templates
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Start Menu
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\SendTo
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Recent
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\PrintHood
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\NetHood
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Documents\My Videos
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Documents\My Pictures
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Documents\My Music
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\My Documents
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Local Settings
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\AppData\Local\History
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Cookies
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Application Data
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\AppData\Local\Application Data
[2013/05/04 13:21:39 | 000,000,000 | -H-D | C] -- C:\Users\Annie\AppData
[2013/05/04 13:21:39 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Temp
[2013/05/04 13:21:39 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Microsoft
[2013/05/04 13:21:39 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

========== Files - Modified Within 30 Days ==========

[2013/06/01 01:52:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/01 01:27:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/05/31 18:19:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/30 22:58:02 | 000,000,429 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\sp_data.sys
[2013/05/30 22:57:17 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/30 22:21:41 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/30 22:21:41 | 000,738,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/30 22:21:41 | 000,142,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/30 22:14:24 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/05/30 22:13:54 | 2480,939,007 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 22:09:31 | 1764,202,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/29 19:29:28 | 000,001,045 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\TVTrigger.lnk
[2013/05/29 19:29:28 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\TVTrigger.lnk
[2013/05/29 19:06:08 | 000,001,215 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/05/25 23:21:49 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/25 13:36:21 | 000,001,015 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\XMind 2012.lnk
[2013/05/25 13:36:21 | 000,000,991 | ---- | M] () -- C:\Users\Annie\Desktop\XMind 2012.lnk
[2013/05/24 06:52:18 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/20 20:41:59 | 000,001,009 | ---- | M] () -- C:\Users\Annie\Desktop\Audacity.lnk
[2013/05/20 17:39:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/05/19 22:41:20 | 000,202,149 | ---- | M] () -- C:\Users\Annie\Desktop\Turtool.png
[2013/05/16 01:22:53 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/05/09 08:38:23 | 000,000,079 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/05/09 07:57:44 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/05/08 08:29:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/08 01:51:48 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/08 01:23:11 | 000,017,232 | ---- | M] () -- C:\Users\Annie\Desktop\omg it works.png
[2013/05/07 20:14:05 | 000,059,778 | ---- | M] () -- C:\Users\Annie\Desktop\promo_littlechefs_apron.pdf
[2013/05/07 00:10:28 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/05/07 00:10:28 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/05/07 00:05:37 | 000,002,028 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/05/07 00:05:37 | 000,002,018 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/05/06 10:14:46 | 000,063,096 | ---- | M] () -- C:\Users\Annie\Desktop\549061_320033694789343_1485992789_n.jpg
[2013/05/06 10:13:01 | 000,059,451 | ---- | M] () -- C:\Users\Annie\Desktop\417823_327484580710921_236852414_n.jpg
[2013/05/04 16:45:32 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/04 16:29:51 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/04 16:29:23 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/05/04 16:29:16 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/05/04 15:34:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/05/04 15:01:44 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Power4Gear Hybrid.lnk
[2013/05/04 13:59:27 | 000,002,281 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/04 13:53:34 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/04 13:29:33 | 000,001,426 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/05/30 22:09:31 | 1764,202,004 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/29 19:29:28 | 000,001,045 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\TVTrigger.lnk
[2013/05/29 19:29:28 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\TVTrigger.lnk
[2013/05/29 19:19:59 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/05/25 23:21:49 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/25 23:11:00 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/05/25 13:36:21 | 000,001,015 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\XMind 2012.lnk
[2013/05/25 13:36:21 | 000,000,991 | ---- | C] () -- C:\Users\Annie\Desktop\XMind 2012.lnk
[2013/05/20 20:41:59 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/05/20 20:41:59 | 000,001,009 | ---- | C] () -- C:\Users\Annie\Desktop\Audacity.lnk
[2013/05/20 17:39:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/05/19 22:41:20 | 000,202,149 | ---- | C] () -- C:\Users\Annie\Desktop\Turtool.png
[2013/05/18 03:02:15 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/05/09 08:38:45 | 000,001,215 | ---- | C] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/05/09 07:57:44 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/05/09 07:55:51 | 000,000,079 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/05/08 08:29:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/08 01:51:48 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/08 01:23:11 | 000,017,232 | ---- | C] () -- C:\Users\Annie\Desktop\omg it works.png
[2013/05/07 20:14:05 | 000,059,778 | ---- | C] () -- C:\Users\Annie\Desktop\promo_littlechefs_apron.pdf
[2013/05/07 00:10:28 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/05/07 00:10:28 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/05/07 00:05:37 | 000,002,028 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/05/07 00:05:37 | 000,002,018 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/05/06 10:14:48 | 000,063,096 | ---- | C] () -- C:\Users\Annie\Desktop\549061_320033694789343_1485992789_n.jpg
[2013/05/06 10:13:01 | 000,059,451 | ---- | C] () -- C:\Users\Annie\Desktop\417823_327484580710921_236852414_n.jpg
[2013/05/06 00:12:49 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/05/06 00:12:44 | 2480,939,007 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/04 22:24:23 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/05/04 16:45:32 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/04 16:29:51 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/04 16:29:23 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/05/04 15:34:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/05/04 15:01:44 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Power4Gear Hybrid.lnk
[2013/05/04 13:53:34 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/04 13:53:33 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/04 13:47:31 | 000,002,281 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/04 13:47:31 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/04 13:47:04 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/04 13:47:04 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/04 13:29:33 | 000,001,426 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/04 13:25:27 | 000,001,432 | ---- | C] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/04 13:25:04 | 000,000,429 | ---- | C] () -- C:\Users\Annie\AppData\Roaming\sp_data.sys
[2013/05/04 13:21:39 | 000,000,352 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/04 13:21:39 | 000,000,334 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/25 16:14:44 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/27 17:27:02 | 000,004,362 | ---- | C] () -- C:\Windows\SysWow64\DptfInvalidPolicyRemover.ini
[2012/11/27 17:25:33 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/11/27 17:25:17 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/11/27 17:25:14 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/05 11:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/05 11:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/07/26 18:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 18:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 17:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 11:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/26 06:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/26 06:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/26 06:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/26 06:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/03 00:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/21 07:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/05/29 19:21:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 16:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 15:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/04 13:25:57 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\ASUS WebStorage
[2013/05/20 20:50:14 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Audacity
[2013/05/29 19:24:57 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\CheckPoint
[2013/05/04 16:32:39 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\DAEMON Tools Lite
[2013/05/09 22:20:29 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Epson
[2013/05/09 08:38:24 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Leadertech
[2013/05/08 13:55:26 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Samsung
[2013/05/30 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\uTorrent
[2013/05/25 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\XMind

========== Purity Check ==========



< End of report >

Thank you for your time in advance! :happy:

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Annie, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from C:\Users\Annie\Downloads. Please post the contents of that file.

I am reviewing your OTL log. As soon as you post the Extras.txt log I will be back with a plan.
Did you recently have Windows re-installed?
  • 0

#3
HELP.ME

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello! Thanks for your reply! :happy:
I don't think I re-installed windows? but I recently just bought this laptop and it was the last one (the one on display) so I did a factory reset. Does that count?

Extras.Txt



OTL Extras logfile created on: 1/06/2013 2:32:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Annie\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.89 Gb Total Physical Memory | 3.36 Gb Available Physical Memory | 42.58% Memory free
15.89 Gb Paging File | 10.34 Gb Available in Paging File | 65.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 302.41 Gb Free Space | 81.16% Space Free | Partition Type: NTFS
Drive D: | 537.60 Gb Total Space | 537.44 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 47.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.68 Gb Total Space | 0.45 Gb Free Space | 12.26% Space Free | Partition Type: FAT32

Computer Name: ACHIEM-LAPTOP | User Name: Annie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0132BFBC-7801-4987-9066-5D3E38AE00DF}" = rport=139 | protocol=6 | dir=out | app=system |
"{01446DC7-7854-4B0E-8B5C-FE722882C94E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23794358-1814-4E5F-A882-32CD27981556}" = lport=138 | protocol=17 | dir=in | app=system |
"{255D0905-E1BC-41AC-89FF-BA8EF1BCC26A}" = lport=445 | protocol=6 | dir=in | app=system |
"{35DE4F3F-4857-495B-9241-039BEE2AB758}" = lport=2869 | protocol=6 | dir=in | app=system |
"{36039C86-0B58-4AF4-BC10-C19601694CB3}" = lport=139 | protocol=6 | dir=in | app=system |
"{3FB598E6-4293-452C-AF51-824EB0E89F2D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49A231DB-BCCD-4047-9E0A-23B8721B691E}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E12B56D-17AA-4C15-98CC-DCCDB710C158}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F35D247-1A09-4400-B204-36BA4BC8DFD4}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A8EC70D-C79F-4E2A-8DBE-F3F84471FA63}" = rport=138 | protocol=17 | dir=out | app=system |
"{713F6404-8B54-492E-8D14-0230E8010156}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80CA14A2-34B8-4F69-9058-F8FC9040E28D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8825A1A9-7A55-40C1-BEAC-015608699934}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CC25C30-A7EB-4345-B3E7-5999EB7D89C5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{99E45638-B2AC-4199-88F7-C3DCB47184CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A52D1CF7-ECF2-4E5F-A329-CDF3ACE48300}" = rport=445 | protocol=6 | dir=out | app=system |
"{A6D00238-6D8D-468D-B2C6-CA27E0EAB54A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B61B9E2A-CB12-4522-96B8-FCBF5B6577F6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DBCFCFFD-FEB7-4312-B92A-87635D27EB95}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC43A8E7-3181-450D-AC77-444E6A8A561C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FF675CF8-F445-4626-84F6-D2C582C2BF31}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A5465A-059F-4B98-A36B-C82E4C56B078}" = dir=out | name=hangman hd - free |
"{03D16DFB-EA93-463B-B341-BB31AD5E46A9}" = dir=out | name=astrology clock |
"{09827457-A9B9-469E-9727-41EB5584A5D2}" = dir=out | name=top girl |
"{0B1263DF-3960-4056-AC99-2C9C898F5E3F}" = dir=out | name=who's that pokemon |
"{0C596FAC-1031-4E22-9891-D10A2963FDF4}" = protocol=6 | dir=in | app=c:\users\annie\appdata\roaming\utorrent\utorrent.exe |
"{0CB52790-1228-4680-A71F-B3E642D70F00}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{133401FC-DC99-4AEE-AA16-BE9FA1700EBA}" = dir=out | name=virtual bubble wrap |
"{13F8F4EA-CC5B-4094-80F6-29F8CA6815BC}" = dir=out | [email protected]{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{1855B85D-35A9-43C3-957B-0C6B412A602D}" = dir=out | name=pro converter |
"{186C21BA-C2C2-4486-82AA-60F3137D7A72}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{18FF3889-7547-4137-9211-ACB87FDDB952}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{19C628EC-D591-4433-AEE3-5CA469C96CC3}" = dir=out | name=windows_ie_ac_001 |
"{23FC4D60-432B-4748-AAD5-9E348000D891}" = dir=out | [email protected]{microsoft.bingfinance_2.0.0.275_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{2458DFC6-9F21-462E-8B18-B85FB279FA47}" = dir=out | name=soulcraft |
"{27518902-A07A-4151-BE31-FED4A6ECB10C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{30CD2038-9EF2-4CFE-A1E2-074FF6C46448}" = dir=out | name=untangle me |
"{32B0A124-D220-44F2-9EAA-32DFACF7AB6A}" = dir=out | name=play guitar! |
"{39605A8C-52B8-4E29-ACE5-0244780F5343}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3ABB58C9-C191-429D-9E6D-649C46DEDF36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41C0D838-A94C-4F33-82EC-7BB8662D81FE}" = protocol=58 | dir=in | [email protected],-28545 |
"{46F46D49-5379-4B8C-9678-E415D11D5B16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{474F4EA0-6F9D-4E7C-9495-648266DA7969}" = dir=out | name=deal or no deal+ |
"{479CD487-29FE-4BB8-9F85-37781535BA13}" = protocol=6 | dir=in | app=c:\users\annie\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe |
"{480EB00B-7842-4834-B16C-70B8FBEF1CB1}" = dir=out | [email protected]{7289elapietro.paint4kids_2.8.1.139_neutral__69wh28dtbwp4w?ms-resource://7289elapietro.paint4kids/resources/appname} |
"{48AFC36C-48AE-46A4-AAC1-10BC351D0AE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49FD04B1-D3A8-4DBF-8580-F4E573C9FA44}" = protocol=1 | dir=in | [email protected],-28543 |
"{4E839A43-B623-4F7A-AADE-1A8CD317919E}" = protocol=17 | dir=in | app=c:\users\annie\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe |
"{4FF59283-0F9B-45A9-BE20-73725111F1AC}" = dir=out | name=browserquest |
"{5001DFA9-9B9C-489F-86C2-7FCC638BBD57}" = dir=out | name=cooking game |
"{51502645-1228-4517-8261-11EE0D93F4FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{553F52F7-8B3B-4470-A71B-9644C3643A11}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{56B2A586-98AC-4AD9-9431-E5C9F806AEA0}" = dir=out | name=word twist |
"{57B07B05-42A8-4A95-AF95-824EABB92DA3}" = dir=out | name=harry potter all series - free |
"{59DC787E-6F8C-4006-A195-1CF9944C2562}" = dir=out | name=3d logo quiz |
"{5D261E59-6659-4CD2-87BA-70CD15CA44FA}" = dir=out | [email protected]{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{5D3ED9D5-1B52-4CE8-87DE-6C3B97FB902F}" = dir=out | [email protected]{microsoft.bingmaps_1.6.1528.2509_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5D65AE7D-75B8-4740-9B1C-1DE8733A3929}" = protocol=1 | dir=out | [email protected],-28544 |
"{5E363616-A0CC-4441-BA5B-8B115B8AC956}" = dir=out | [email protected]{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{6508EC59-2456-4E15-B429-A7D7880E8C8D}" = dir=out | name=little picasso finger painting |
"{66BB97D1-8B37-4FC3-9F2F-B3D0137545BB}" = dir=out | name=i am rich the game lite |
"{6A348B4D-261F-4C6B-AC76-CEBE05DE9C71}" = dir=in | name=skype |
"{6CDF83D3-5F41-4683-82A1-6D03273EFAD9}" = dir=out | name=skype |
"{6F511B8E-CD86-4F02-80DD-7B67E29E3A52}" = dir=out | name=blocked in |
"{6F71FA41-1A8C-4C61-A252-3C7A2652B584}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{7570D009-560D-44FA-9B71-C9FD40836531}" = dir=out | name=doom and destiny |
"{780DDDF4-79FB-40FA-9F3A-21FF7233CF18}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{78A434CD-C7B7-4617-9DC9-864DBFB30FB1}" = dir=out | name=microsoft solitaire collection |
"{7A9578C0-7505-400B-8E24-27831CB9CA14}" = dir=out | name=sudoku free |
"{7CDBF229-5292-41FD-A0F5-6230D1A7191B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7ECE8761-86A2-4973-AA07-30D7D71C42BC}" = dir=out | name=adera |
"{80183400-16B9-470C-B40F-73ECA83232C3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{825D3014-CA23-4218-9836-F5322562DD58}" = dir=out | name=word search |
"{82847A87-6142-4777-B366-1981F8E218C3}" = dir=out | name=my country |
"{865CFDE0-3715-44F4-A258-2988AE87DE25}" = dir=out | name=flow colors bridges |
"{8AFFEA3F-3DDB-478D-B36A-9DF93923253D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{8C17E204-0741-431F-9984-F15811E7F198}" = dir=out | name=doodle hangman free |
"{8C18A7DE-5C45-44DD-A566-2411DF4D7D09}" = protocol=6 | dir=out | app=system |
"{8EF6DA8A-5B81-4D5F-B4F0-1921161FABE1}" = dir=out | [email protected]{780f5c7b.farmup_1.0.0.39_x86__0gmyx1dmsk3dw?ms-resource://780f5c7b.farmup/resources/displayname} |
"{9372C315-BC1E-419E-AF3C-9963FDEB9E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97576B82-B7AD-4F43-B890-EF9052CA7D22}" = dir=out | name=fresh paint |
"{9C534113-986A-4537-BF0E-F3CDFC3EC592}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9CE4E06D-7737-4C77-9B5D-C9CDD1272A4B}" = dir=out | name=turn off the lights |
"{9DCC57AA-49C2-4F77-85D5-26575376A01D}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A10F86F0-D9FA-4EE8-A97E-48EE894875D5}" = dir=out | name=onenote |
"{A47932E4-74CC-453A-8956-A93ECC2CB781}" = protocol=17 | dir=in | app=c:\users\annie\appdata\roaming\utorrent\utorrent.exe |
"{A5961659-2FA8-4EAD-9854-F65D5F54FDE0}" = dir=out | name=translate! |
"{A8914932-6BD8-49AB-8F72-5776F2AE766A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A92E2C33-BD51-4831-B769-82F45ACD0A11}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{AADA43BA-7014-4E4E-816E-D2FE74B08700}" = dir=out | name=nyan cat the game |
"{B076E14B-96DE-4252-B875-E44708985880}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B14E04D1-1CCE-46CD-9C36-9DB8F2469FAC}" = dir=out | name=dragon's blade |
"{B4DA1E1C-6900-4ED1-BF2B-61B4B844A5B5}" = dir=out | name=gold miner classic |
"{B698C2AD-43CC-478D-8536-70194C41CE07}" = dir=out | name=xe currency |
"{B951094C-C8B6-4E5C-8F27-439E57C79E4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA30600A-F048-41C7-90BA-8DC9B5491E89}" = dir=out | name=game dev tycoon lite |
"{BC40D949-1320-4B02-B730-33A44C82F758}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD5244B8-B3B1-42A4-8ABA-89603434933B}" = dir=out | name=code scanner free |
"{C05B781B-6F6D-4FD7-80A4-0D2040F851DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C28B018D-E918-422B-81D6-82A816668A41}" = dir=out | [email protected]{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{C37DAB24-3CB7-474D-A622-28742C86D7C9}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{C9E42CC3-E7E5-4198-936D-F84DBB8F2EC4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CC342A75-58DF-46DA-87B7-1967D4D2D17C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD1B288B-E053-407F-B25F-A50B5C2F5F0C}" = dir=in | name=onenote |
"{CD363708-1B74-4173-9CF2-3509F7535D9C}" = dir=out | name=wordament |
"{D111B476-9F3E-475A-A85D-2AF4C802E2BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D13C3AD7-BD92-4F66-A138-8E8F311ADBE9}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D304BD9A-377C-407C-8DDD-C09EB8CF0C75}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D3CE2EF7-76DA-4B76-A27D-2A9E9801E1C1}" = dir=out | [email protected]{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D5E66E26-6BF3-405A-8191-3A624AF62F6C}" = protocol=58 | dir=out | [email protected],-28546 |
"{DA6BC4BA-1978-4D9C-9DD6-DE988D0DD683}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{DC0E501B-F377-4639-A878-9D18753E9FD2}" = dir=out | name=trackage |
"{DD6A231B-E04E-4B66-8A6C-464D69DFB8E9}" = dir=out | name=woman calendar |
"{DDDA1C6A-85AE-4A5A-AEB4-F1FDC0A3BD53}" = dir=out | name=national geographic pictures |
"{E758539C-3916-4321-B651-198CD320EAE2}" = dir=out | name=fish with attitude |
"{E761D436-A959-4DDF-B270-E22BA0071CC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA1B46D8-CB6A-415A-87F7-81409F09671F}" = dir=out | name=sushichop |
"{EE5BC921-C39E-4D0C-9E48-25A75D12B9B8}" = dir=out | name=piano time |
"{EF1EFD16-9AF5-49C3-9E20-1F6F87171268}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EF25F36B-8E86-4471-BFE2-BD309CF4027B}" = dir=out | [email protected]{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{EF5E1F7C-86E5-4597-849D-BC3849D3943A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EFCD42EA-EAD2-438B-8C47-81BB718BAC90}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{F17C77A8-E8A7-4358-B5F8-762DF8AAC95C}" = dir=out | name=google search |
"{F30AE317-BAF7-46FF-90EA-7A5C00F03C07}" = dir=out | name=taptiles |
"{F4B930AC-3982-4D75-B09C-7BDE6B65C835}" = dir=out | [email protected]{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{F6AD0C22-018B-4D29-B6C3-399B8E0C05D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FDA3F122-0252-4C80-BE29-4570B8A7ABFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDF6275A-F909-42BA-90D9-5A45EC25BD3C}" = dir=out | name=take2heaven |
"{FF4B4B7E-F874-438D-985B-28B35A3CDC55}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}" = ASUS VivoBook
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Espańol
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"5AB9160B769DD2E134ADCB8010377DECA2479378" = Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153)
"EPSON WP-4530 Series" = EPSON WP-4530 Series Printer Uninstall
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 5.00 beta 2 (64-bit)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{DC06C90B-C5BE-42F6-B74D-A9503170998C}" = ASUS Product Demo Movie
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Audacity_is1" = Audacity 2.0.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform and Thermal Framework
"Game Dev Tycoon v1.3.81.3.8" = Game Dev Tycoon v1.3.8
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"Torrent Episode Downloader 0.972" = Torrent Episode Downloader
"TVTrigger" = TVTrigger
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"XMind_is1" = XMind 2012 (v3.3.1)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C1C3E833-420E-4D78-9BA7-86AEBB272384}" = TopArcadeHits
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26/05/2013 6:41:29 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7641

Error - 26/05/2013 6:41:30 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/05/2013 6:41:30 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8703

Error - 26/05/2013 6:41:30 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8703

Error - 27/05/2013 6:27:27 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/05/2013 6:27:27 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1219

Error - 27/05/2013 6:27:27 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1219

Error - 27/05/2013 6:27:28 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/05/2013 6:27:28 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2547

Error - 27/05/2013 6:27:28 PM | Computer Name = ACHIEM-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2547

[ System Events ]
Error - 23/05/2013 6:47:29 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2779768).

Error - 23/05/2013 6:51:28 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2785094).

Error - 23/05/2013 6:53:01 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2770917).

Error - 24/05/2013 4:18:04 AM | Computer Name = ACHIEM-LAPTOP | Source = bowser | ID = 8003
Description =

Error - 24/05/2013 4:18:46 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2779768).

Error - 24/05/2013 4:20:10 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2785094).

Error - 24/05/2013 4:20:31 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2770917).

Error - 25/05/2013 9:44:48 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2779768).

Error - 25/05/2013 9:46:17 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2785094).

Error - 25/05/2013 10:48:04 AM | Computer Name = ACHIEM-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073718: Update for Windows 8 for x64-based Systems (KB2770917).


< End of report >

  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Hello! Thanks for your reply! :happy:
I don't think I re-installed windows? but I recently just bought this laptop and it was the last one (the one on display) so I did a factory reset. Does that count?

You are welcome. And yep, a factoty reset counts :)

The only thing that I can se that would have put oyodomo on the system is TopArcadeHits. So we will uninstall it and then kill the remnants.
You also have Deamon Tools Lite installed. I have seen this program turn a computer into an unbootable brick. So I would recommend uninstalling it too. But if you use it and want to keep it please don't use it during this cleanup process.

Your Java is way out of date. We will get to that in due course. You also have a Peer 2 Peer program installed.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in red.


Step-1.

Malicious program uninstalls and Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

TopArcadeHits
DAEMON Tools Lite
uTorrent


3. (Vista/7 /8 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\DAEMON Tools Lite
C:\Users\Annie\AppData\Roaming\DAEMON Tools Lite
C:\ProgramData\DAEMON Tools Lite
C:\Users\Annie\AppData\Roaming\uTorrent


2. Close Windows Explorer.


Step-2

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
[2013/05/29 19:20:00 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Annie\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O33 - MountPoints2\{80a15273-4e56-11e2-be6a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{80a15273-4e56-11e2-be6a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2007/05/15 19:48:54 | 004,952,591 | R--- | M] (Macromedia, Inc.)
[2013/06/01 01:27:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job

:FILES
ipconfig /flushdns /c
C:\Users\Annie\AppData\Local\TopArcadeHits

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista, 7 and 8 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Delete a Google Chrome extension:

Open the Chrome browser:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions. A page like the one shown below will open:
    Posted Image
  • Look for any TopArcadeHits items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.

Step-4.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • (Windows / 7 /8 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-5.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • Right click the adwcleaner.exe file and click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-6.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 /8 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.<---Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-7.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstall(s) went.
2, The OTL fixes log
3. Let me know if you were able to remove the TopArcadeHits extension in Chrome.
4. The aswMBR log
5. The AdwCleaner[R1].txt log
6. The new OTL.txt log
  • 0

#5
HELP.ME

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
1. I have uninstalled all three programs. You mentioned " If your P2P program is not configured correctly, your computer may also be sharing more files than you realize." I was wondering if you could tell me how to configure it (if i choose to install it again) properly so that this doesn't happen?

2. OTL Fixes Log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0 removed from extensions.enabledAddons
Folder C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ not found.
File C:\Users\Annie\AppData\Local\TopArcadeHits\Toparcadehits.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80a15273-4e56-11e2-be6a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80a15273-4e56-11e2-be6a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80a15273-4e56-11e2-be6a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80a15273-4e56-11e2-be6a-806e6f6e6963}\ not found.
File move failed. E:\Start.exe scheduled to be moved on reboot.
File C:\Windows\tasks\TopArcadeHits.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Annie\Downloads\cmd.bat deleted successfully.
C:\Users\Annie\Downloads\cmd.txt deleted successfully.
File\Folder C:\Users\Annie\AppData\Local\TopArcadeHits not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Annie
->Temp folder emptied: 241743440 bytes
->Temporary Internet Files folder emptied: 85446628 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19555926 bytes
->Google Chrome cache emptied: 359178128 bytes
->Flash cache emptied: 1001 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 1688 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 160585684 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 19830794 bytes
RecycleBin emptied: 22658 bytes

Total Files Cleaned = 845.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06022013_213146

Files\Folders moved on Reboot...
File move failed. E:\Start.exe scheduled to be moved on reboot.
File\Folder C:\Users\Annie\AppData\Local\Temp\JETA0EF.tmp not found!
File move failed. C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

3. I couldn't find the extension on Chrome, but I think I may have removed it before when I was unsure of what it was.

4. aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-02 21:42:50
-----------------------------
21:42:50.162 OS Version: Windows x64 6.2.9200
21:42:50.162 Number of processors: 4 586 0x3A09
21:42:50.163 ComputerName: ACHIEM-LAPTOP UserName: Annie
21:42:51.113 Initialze error 1
21:43:01.621 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000044
21:43:01.623 Disk 0 Vendor: KINGSTON_SMSM150S324G S8FM03.4 Size: 22902MB BusType: 11
21:43:01.624 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000047
21:43:01.625 Disk 1 Vendor: ST1000LM024_HN-M101MBB 2AR10001 Size: 953869MB BusType: 11
21:43:01.638 Disk 1 MBR read successfully
21:43:01.640 Disk 1 MBR scan
21:43:01.642 Disk 1 unknown MBR code
21:43:01.646 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
21:43:01.649 Disk 1 scanning C:\Windows\system32\drivers
21:43:01.651 Service scanning
21:43:02.203 Modules scanning
21:43:02.205 Disk 1 trace - called modules:
21:43:02.209 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
21:43:02.211 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009a4f060]
21:43:02.216 3 CLASSPNP.SYS[fffff88001389fea] -> nt!IofCallDriver -> [0xfffffa8007728290]
21:43:02.218 5 ACPI.sys[fffff88001001a91] -> nt!IofCallDriver -> \Device\00000047[0xfffffa8007726060]
21:43:02.222 Scan finished successfully
21:43:20.168 Disk 1 MBR has been saved successfully to "C:\Users\Annie\Desktop\MBR.dat"
21:43:20.171 The log file has been saved successfully to "C:\Users\Annie\Desktop\aswMBR.txt"

5.# AdwCleaner v2.301 - Logfile created 06/02/2013 at 21:48:53
# Updated 16/05/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Annie - ACHIEM-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Annie\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Annie\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\pl2f3bh7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3225] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48", "hxxp://www.google.com.au/", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=53dc0bbc242f4bb6a27e38000fc721eb&tu=11JL0008H2B000s&sku=&tstsId=&ver=&" ]

*************************

AdwCleaner[R1].txt - [1926 octets] - [02/06/2013 21:48:53]

########## EOF - C:\AdwCleaner[R1].txt - [1986 octets] ##########

6.OTL logfile created on: 2/06/2013 9:53:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Annie\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.89 Gb Total Physical Memory | 5.50 Gb Available Physical Memory | 69.78% Memory free
15.89 Gb Paging File | 13.16 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 302.59 Gb Free Space | 81.21% Space Free | Partition Type: NTFS
Drive D: | 537.60 Gb Total Space | 537.44 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 47.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACHIEM-LAPTOP | User Name: Annie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 02:32:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Downloads\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 13:56:18 | 000,844,168 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/04/23 13:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/04/23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/04/18 10:10:38 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2012/11/21 03:57:20 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/10/27 08:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/10/25 09:02:32 | 001,196,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012/10/18 13:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/10/18 03:51:58 | 000,107,736 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/10/18 03:51:52 | 000,778,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/10/18 03:51:52 | 000,168,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2012/10/06 09:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/09/19 06:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/09/17 12:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/09/15 07:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/09/01 13:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/28 06:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/23 03:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/07/30 22:27:58 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/07/18 08:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 08:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/28 06:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/26 04:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/29 04:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/14 04:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/29 12:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/22 08:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/20 02:27:23 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c54b85a401b0379a9b775a644fad1b7\System.Windows.Forms.ni.dll
MOD - [2013/05/20 02:26:50 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa29c7539bd729147a7d1f1ae0ce5670\System.Configuration.ni.dll
MOD - [2013/05/20 02:26:48 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1058660861056b038fbc9274994c8b75\WindowsBase.ni.dll
MOD - [2013/05/20 02:26:44 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\024a883cc8b0013f72a77d594c278f4d\System.Core.ni.dll
MOD - [2013/05/09 03:05:30 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\a91dc79bf846144ee47efc08e17bb3e2\UIAutomationTypes.ni.dll
MOD - [2013/05/08 23:55:46 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll
MOD - [2013/05/08 23:55:42 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll
MOD - [2013/05/08 23:55:32 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1f3dbc5b0a874bf49a4559e71274f8ba\System.ServiceProcess.ni.dll
MOD - [2013/05/08 23:55:16 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll
MOD - [2013/05/08 23:55:14 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll
MOD - [2013/05/08 23:55:06 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll
MOD - [2013/05/08 23:55:05 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll
MOD - [2013/05/08 23:54:55 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll
MOD - [2013/05/08 23:54:40 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll
MOD - [2013/05/08 23:54:34 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/18 03:51:52 | 000,168,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
MOD - [2012/10/18 03:51:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012/07/26 13:19:14 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/09 14:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 12:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 12:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/02/25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2013/02/02 18:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/29 11:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/10 09:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 09:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/17 05:35:50 | 000,042,336 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe -- (WakeupService)
SRV:64bit: - [2012/10/01 12:51:46 | 000,037,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2012/10/01 12:51:46 | 000,031,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2012/10/01 12:51:44 | 000,030,080 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2012/09/20 19:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 18:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 16:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 16:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/26 13:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 13:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 13:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 13:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 13:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 13:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 13:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 13:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 13:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 13:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 13:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 13:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/06/18 10:33:40 | 000,219,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McSchedulerSvc)
SRV:64bit: - [2012/06/18 10:33:40 | 000,219,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2012/06/18 10:33:40 | 000,219,832 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2012/04/21 08:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/03/31 06:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2012/01/27 08:19:18 | 000,332,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 16:58:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/15 14:10:16 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/06 09:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/09/20 18:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/28 06:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/30 22:27:58 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/07/26 13:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/18 08:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 08:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/28 06:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/26 04:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/14 04:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/22 08:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/09 15:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/03 17:58:16 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2013/04/03 17:58:16 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2013/04/03 17:58:16 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2013/04/03 17:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013/04/03 17:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013/04/03 17:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2013/03/02 20:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/03/02 20:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 20:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 20:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 20:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/19 13:40:52 | 000,069,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2013/02/02 21:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/02/02 17:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/29 11:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/29 09:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/10 11:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 13:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/21 03:57:28 | 000,062,848 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/11/20 14:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 13:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/15 14:10:00 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/12 18:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 17:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 17:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/11 15:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/10/08 19:02:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/01 12:51:44 | 000,363,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012/10/01 12:51:44 | 000,229,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012/10/01 12:51:44 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012/10/01 12:51:44 | 000,096,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012/10/01 12:51:44 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012/10/01 12:51:44 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012/09/20 17:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 17:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 17:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 17:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/19 18:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/09/19 06:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/02 13:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/31 02:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/30 22:27:52 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/07/26 15:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 15:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 15:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 15:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 15:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 15:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 15:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 15:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 15:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 15:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 15:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 15:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 15:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 15:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 15:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 15:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 15:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 14:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 14:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 14:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 13:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 12:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 12:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 12:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 12:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 12:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 12:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 12:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 12:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 12:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 12:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 12:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 12:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 12:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 12:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 12:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 12:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 12:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 12:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 12:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 12:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 12:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 12:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 13:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/03 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/13 20:23:58 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/06/03 00:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/03 00:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/03 00:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/31 13:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/03/31 06:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)
DRV:64bit: - [2012/03/31 06:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)
DRV - [2011/09/08 03:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/03 11:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-947473551-884081273-2507227689-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-947473551-884081273-2507227689-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zoneal...=&tstsId=&ver=
IE - HKU\S-1-5-21-947473551-884081273-2507227689-1002\..\SearchScopes,DefaultScope = {CFD480D4-3568-46D3-8BAD-DE5B685F66B5}
IE - HKU\S-1-5-21-947473551-884081273-2507227689-1002\..\SearchScopes\{CFD480D4-3568-46D3-8BAD-DE5B685F66B5}: "URL" = http://search.zoneal...Id=&ver=&&r=750
IE - HKU\S-1-5-21-947473551-884081273-2507227689-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-947473551-884081273-2507227689-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/02 21:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/05/16 19:59:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/02 21:08:17 | 000,000,000 | ---D | M]

[2013/05/29 19:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\mozilla\Extensions
[2013/06/02 20:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions
[2013/06/02 20:23:04 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\pl2f3bh7.default\extensions\[email protected]
[2013/06/02 21:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/02 21:08:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/02 21:08:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/06/02 21:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/02 21:08:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/02 21:08:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com.au/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Docs = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Net Usage Item = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpcpakpimadnpalbfjcnaloaekhljog\1.3.361_0\
CHR - Extension: Skype Click to Call = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: TabCloud = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof\1.15_0\
CHR - Extension: Gmail = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [ATLauncher] C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe (McAfee, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-947473551-884081273-2507227689-1002..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-947473551-884081273-2507227689-1002..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH3A.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4530 Series" File not found
O4 - HKU\S-1-5-21-947473551-884081273-2507227689-1002..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-947473551-884081273-2507227689-1002..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Annie\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-947473551-884081273-2507227689-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C34EC3E-934C-4DD8-85CF-1A99646FA80B}: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/15 19:48:54 | 000,000,025 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 21:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/06/02 21:31:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/02 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/31 09:48:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/30 22:09:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/05/29 22:30:55 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\TVTrigger Downloads
[2013/05/29 19:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\8ySeven
[2013/05/29 19:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVTrigger
[2013/05/29 19:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVTrigger
[2013/05/29 19:24:57 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\CheckPoint
[2013/05/29 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/05/29 19:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/05/29 19:16:36 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Torrent Episode Downloader
[2013/05/29 19:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torrent Episode Downloader
[2013/05/29 19:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torrent Episode Downloader
[2013/05/28 03:02:01 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/05/28 03:02:01 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/05/28 03:01:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/05/28 03:01:48 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/05/28 03:01:47 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/05/28 03:01:47 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/05/28 03:01:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013/05/28 03:01:40 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013/05/28 03:01:40 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013/05/28 03:01:33 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rfxvmt.dll
[2013/05/28 03:01:32 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013/05/28 03:01:32 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013/05/28 03:01:32 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013/05/28 03:01:27 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013/05/28 03:01:27 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013/05/28 03:01:27 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013/05/28 03:01:27 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013/05/28 03:01:26 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013/05/28 03:01:26 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013/05/28 03:01:20 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013/05/28 03:01:19 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013/05/28 03:01:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/05/28 03:01:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/05/28 03:01:05 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/05/27 08:30:06 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/05/27 08:30:05 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/05/27 08:30:05 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2013/05/27 08:30:04 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/05/27 08:30:04 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2013/05/27 08:30:03 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2013/05/27 08:30:02 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2013/05/27 08:30:02 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/05/27 08:30:01 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/05/27 08:30:01 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Storage.Compression.dll
[2013/05/27 08:29:57 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013/05/27 08:29:56 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SpaceControl.dll
[2013/05/27 08:29:56 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/05/27 08:29:53 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdstor.sys
[2013/05/27 08:29:53 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys
[2013/05/27 08:29:52 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Storage.Compression.dll
[2013/05/27 08:29:51 | 001,636,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMALFXGFXDSP.dll
[2013/05/27 08:29:51 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2013/05/27 08:29:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2013/05/27 08:29:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/05/27 08:29:49 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/05/27 08:29:48 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/05/27 08:29:48 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/05/27 08:29:40 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/05/27 08:29:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdhebl3.dll
[2013/05/27 08:29:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WSDScan.sys
[2013/05/27 08:29:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdhebl3.dll
[2013/05/27 08:29:36 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2013/05/27 08:29:36 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2013/05/27 08:29:36 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCPKsp.dll
[2013/05/27 08:29:33 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/05/27 08:29:33 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppxSip.dll
[2013/05/27 08:29:32 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll
[2013/05/27 08:29:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfapigp.dll
[2013/05/27 08:29:30 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013/05/27 08:29:20 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/05/27 08:29:10 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll
[2013/05/27 08:29:10 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2013/05/27 08:29:10 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2013/05/27 08:29:10 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icfupgd.dll
[2013/05/27 08:29:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfapigp.dll
[2013/05/27 08:29:06 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2013/05/27 08:29:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeUISrv.exe
[2013/05/27 08:29:05 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013/05/27 08:29:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PCPKsp.dll
[2013/05/27 08:28:57 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/05/27 08:28:56 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSip.dll
[2013/05/27 08:28:56 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-pdc.dll
[2013/05/26 02:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/05/25 23:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/25 23:21:37 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/05/25 23:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/25 23:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/25 23:12:51 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Apple Computer
[2013/05/25 23:12:50 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Apple Computer
[2013/05/25 23:11:04 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Apple
[2013/05/25 23:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/05/25 23:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/05/25 23:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/05/25 23:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/05/25 23:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/05/25 23:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/05/25 22:46:45 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2013/05/25 22:46:44 | 000,188,232 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2013/05/25 22:46:44 | 000,169,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2013/05/25 22:46:44 | 000,021,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2013/05/25 22:46:44 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2013/05/25 22:46:29 | 000,188,232 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2013/05/25 22:46:29 | 000,169,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2013/05/25 22:46:29 | 000,021,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2013/05/25 22:46:29 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2013/05/25 22:46:29 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2013/05/25 22:46:29 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2013/05/25 22:46:29 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2013/05/25 22:38:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/05/25 13:37:48 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\XMind
[2013/05/25 13:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/05/25 13:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/25 13:37:09 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/25 13:37:09 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/25 13:37:09 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013/05/25 13:37:09 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/05/25 13:37:09 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013/05/25 13:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/05/25 13:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2013/05/25 13:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
[2013/05/20 20:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013/05/20 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Audacity
[2013/05/20 20:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/05/19 23:46:21 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/19 23:46:21 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/18 03:02:52 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/05/18 03:02:50 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/05/18 03:02:50 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/05/18 03:02:47 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/05/18 03:02:47 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/05/18 03:02:47 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/05/18 03:02:46 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/05/18 03:02:46 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/05/18 03:02:45 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/05/18 03:02:44 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013/05/18 03:02:42 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/05/18 03:02:41 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013/05/18 03:02:41 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013/05/18 03:02:40 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/05/18 03:02:39 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013/05/18 03:02:39 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013/05/18 03:02:38 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013/05/18 03:02:38 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/05/18 03:02:38 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/18 03:02:38 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013/05/18 03:02:37 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/05/18 03:02:37 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/05/18 03:02:35 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/18 03:02:34 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/05/18 03:02:34 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013/05/18 03:02:31 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/05/18 03:02:31 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013/05/18 03:02:31 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013/05/18 03:02:30 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/05/18 03:02:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/05/18 03:02:29 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/18 03:02:27 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/05/18 03:02:27 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/05/18 03:02:26 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/05/18 03:02:25 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/05/18 03:02:25 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013/05/18 03:02:25 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013/05/18 03:02:25 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/05/18 03:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013/05/18 03:02:25 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013/05/18 03:02:24 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013/05/18 03:02:24 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013/05/18 03:02:23 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/05/18 03:02:22 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013/05/18 03:02:21 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013/05/18 03:02:21 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013/05/18 03:02:20 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013/05/18 03:02:20 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013/05/18 03:02:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/05/18 03:02:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013/05/18 03:02:18 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/05/18 03:02:18 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/05/18 03:02:18 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013/05/18 03:02:18 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013/05/18 03:02:18 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013/05/18 03:02:17 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/05/18 03:02:17 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013/05/18 03:02:17 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013/05/18 03:02:17 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013/05/18 03:02:17 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/05/18 03:02:17 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013/05/18 03:02:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013/05/18 03:02:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013/05/18 03:02:16 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2013/05/18 03:02:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013/05/18 03:02:16 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2013/05/18 03:02:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/05/18 03:02:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013/05/18 03:02:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013/05/18 03:02:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013/05/17 22:03:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/17 22:03:03 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/05/17 22:03:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/17 22:03:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/17 22:03:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/17 22:03:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/17 22:03:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/05/17 22:03:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/05/17 02:15:59 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/17 02:15:57 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/16 23:17:31 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/05/16 23:17:30 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/05/16 21:44:15 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/15 21:03:45 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/05/11 11:44:44 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Game Dev Tycoon
[2013/05/11 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
[2013/05/11 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
[2013/05/11 11:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1-click run
[2013/05/09 08:38:24 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Leadertech
[2013/05/09 08:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/05/09 08:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/05/09 08:00:13 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2013/05/09 08:00:13 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2013/05/09 08:00:13 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2013/05/09 08:00:13 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2013/05/09 08:00:13 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2013/05/09 08:00:13 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2013/05/09 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/05/09 08:00:11 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\InstallShield
[2013/05/09 08:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/05/09 07:59:53 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Epson
[2013/05/09 07:59:31 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/05/09 07:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/05/09 07:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/05/09 07:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/05/09 07:57:56 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/05/09 07:57:55 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/05/09 07:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/05/09 07:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/05/09 07:57:41 | 000,466,432 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2013/05/09 07:57:41 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2013/05/09 07:57:41 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2013/05/09 07:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/05/09 05:13:23 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013/05/09 05:13:22 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013/05/09 05:13:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013/05/09 05:13:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013/05/09 05:13:14 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013/05/09 05:13:14 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013/05/09 05:13:13 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/05/09 05:13:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/05/09 05:13:13 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/05/09 05:13:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/05/09 05:13:04 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquota.dll
[2013/05/09 05:12:59 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquota.dll
[2013/05/09 05:12:35 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2013/05/09 05:12:19 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2013/05/09 05:12:19 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2013/05/09 05:12:17 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2013/05/09 05:12:17 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2013/05/09 05:12:17 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
[2013/05/09 05:12:16 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2013/05/09 05:09:42 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013/05/09 05:09:41 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013/05/09 05:08:32 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013/05/09 05:04:57 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013/05/09 05:04:41 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013/05/09 05:04:38 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/05/09 05:04:36 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/05/09 05:04:36 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/05/09 05:04:35 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013/05/09 05:04:31 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/05/09 05:04:15 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013/05/09 05:03:56 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013/05/09 05:03:55 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013/05/09 05:03:50 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013/05/09 05:03:50 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013/05/09 05:03:42 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013/05/09 05:03:42 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013/05/09 05:03:41 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013/05/09 05:03:39 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013/05/09 05:03:32 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013/05/09 05:03:29 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013/05/09 05:03:28 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013/05/09 05:03:12 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013/05/09 05:02:59 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013/05/09 05:02:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013/05/09 05:02:34 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013/05/09 05:02:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013/05/09 05:02:31 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013/05/09 05:02:29 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013/05/09 05:02:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013/05/09 05:02:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013/05/09 05:02:14 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013/05/09 05:02:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013/05/09 05:02:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013/05/09 05:01:59 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013/05/09 05:01:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013/05/09 05:01:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013/05/09 05:01:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013/05/09 05:01:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013/05/08 13:55:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/05/08 13:55:28 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Samsung
[2013/05/08 13:55:26 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Samsung
[2013/05/08 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\samsung
[2013/05/08 01:51:58 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Skype
[2013/05/08 01:51:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/08 01:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/08 01:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/08 01:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/07 00:09:38 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2013/05/07 00:09:38 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2013/05/07 00:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013/05/07 00:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013/05/07 00:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/05/07 00:05:36 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013/05/07 00:05:32 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013/05/07 00:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/05/07 00:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013/05/06 00:12:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/05/05 08:55:09 | 000,000,000 | ---D | C] -- C:\sources
[2013/05/05 02:03:45 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Macroplant_LLC
[2013/05/05 02:01:48 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2013/05/05 02:01:48 | 000,190,480 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll
[2013/05/05 02:01:48 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll
[2013/05/05 02:01:48 | 000,141,328 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll
[2013/05/05 02:01:37 | 000,352,144 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2013/05/05 02:00:50 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Programs
[2013/05/05 01:00:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\Custom Office Templates
[2013/05/04 22:12:07 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Adobe
[2013/05/04 17:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/05/04 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/05/04 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/05/04 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013/05/04 17:05:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/05/04 17:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/05/04 16:45:38 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Downloaded Installations
[2013/05/04 16:45:35 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\vlc
[2013/05/04 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/04 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/05/04 16:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/05/04 16:38:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/05/04 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/05/04 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/05/04 16:37:36 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Microsoft Help
[2013/05/04 16:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/05/04 16:36:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/04 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/05/04 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\WinRAR
[2013/05/04 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/05/04 15:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/05/04 15:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/05/04 15:27:30 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\Annie
[2013/05/04 15:26:32 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/05/04 15:26:32 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/05/04 15:26:32 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/05/04 15:26:31 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/05/04 15:26:30 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/05/04 15:26:30 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/05/04 15:26:30 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/05/04 15:26:29 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/05/04 15:26:28 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/05/04 15:26:28 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/05/04 15:26:28 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/04 15:26:28 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/05/04 15:26:28 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/05/04 15:26:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/05/04 15:26:28 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/05/04 15:26:27 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/05/04 15:26:27 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/05/04 15:26:27 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/05/04 15:26:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/05/04 15:26:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/05/04 15:26:25 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/05/04 15:26:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/05/04 15:26:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/05/04 15:23:15 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll
[2013/05/04 15:22:03 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll
[2013/05/04 15:14:08 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013/05/04 15:14:05 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/05/04 15:14:03 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/04 15:14:03 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/05/04 15:14:03 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/05/04 15:14:03 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/05/04 15:14:02 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013/05/04 15:14:02 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013/05/04 15:14:02 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013/05/04 15:14:02 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013/05/04 15:14:02 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/05/04 15:14:01 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/04 15:14:01 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013/05/04 15:14:01 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/05/04 15:14:01 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/05/04 15:14:01 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013/05/04 15:14:01 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013/05/04 15:14:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013/05/04 15:14:00 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/05/04 15:14:00 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/04 15:14:00 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/05/04 15:14:00 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013/05/04 15:13:59 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013/05/04 15:13:59 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013/05/04 15:13:59 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/05/04 15:13:59 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013/05/04 15:13:59 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013/05/04 15:13:59 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/05/04 15:13:59 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013/05/04 15:13:59 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013/05/04 15:13:59 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/05/04 15:13:59 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013/05/04 15:13:58 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013/05/04 15:13:58 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/05/04 15:13:57 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013/05/04 15:13:57 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/05/04 15:13:57 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013/05/04 15:13:57 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/05/04 15:13:57 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013/05/04 15:13:57 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/05/04 15:13:57 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013/05/04 15:13:57 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013/05/04 15:13:57 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/05/04 15:13:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/05/04 15:13:56 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013/05/04 15:13:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/05/04 15:13:56 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013/05/04 15:13:56 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/05/04 15:13:56 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013/05/04 15:13:56 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/05/04 15:13:56 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013/05/04 15:13:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013/05/04 15:13:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/05/04 15:13:56 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013/05/04 15:13:55 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/05/04 15:13:55 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013/05/04 15:13:55 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/05/04 15:13:55 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/05/04 15:13:55 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013/05/04 15:13:55 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/05/04 15:13:55 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/05/04 15:13:54 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013/05/04 15:13:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013/05/04 15:13:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013/05/04 15:13:52 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013/05/04 15:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2013/05/04 13:55:57 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/05/04 13:55:56 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/05/04 13:55:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/04 13:55:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/04 13:55:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/04 13:55:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/04 13:55:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/04 13:55:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/04 13:54:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/05/04 13:54:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013/05/04 13:54:12 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013/05/04 13:54:12 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013/05/04 13:54:10 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/05/04 13:54:10 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/05/04 13:54:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013/05/04 13:54:08 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013/05/04 13:53:38 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Mozilla
[2013/05/04 13:53:38 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Mozilla
[2013/05/04 13:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/04 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/04 13:53:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2013/05/04 13:53:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013/05/04 13:53:19 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/05/04 13:53:19 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013/05/04 13:53:19 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/05/04 13:53:19 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/05/04 13:53:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013/05/04 13:53:07 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013/05/04 13:53:07 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013/05/04 13:53:07 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/05/04 13:53:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/05/04 13:53:06 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013/05/04 13:53:06 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/05/04 13:53:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013/05/04 13:53:06 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013/05/04 13:53:06 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013/05/04 13:53:06 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/05/04 13:53:06 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/05/04 13:53:05 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/04 13:53:05 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013/05/04 13:53:05 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013/05/04 13:53:05 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013/05/04 13:53:05 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013/05/04 13:53:05 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013/05/04 13:53:05 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013/05/04 13:53:05 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013/05/04 13:53:04 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013/05/04 13:53:04 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013/05/04 13:53:04 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/05/04 13:53:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013/05/04 13:53:03 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013/05/04 13:53:02 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013/05/04 13:53:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013/05/04 13:53:02 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013/05/04 13:53:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013/05/04 13:52:40 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/05/04 13:52:40 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/05/04 13:52:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/04 13:52:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013/05/04 13:52:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013/05/04 13:52:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013/05/04 13:52:02 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/05/04 13:52:01 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/05/04 13:52:01 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013/05/04 13:52:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013/05/04 13:52:01 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013/05/04 13:52:01 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013/05/04 13:52:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013/05/04 13:52:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013/05/04 13:52:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013/05/04 13:52:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013/05/04 13:52:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013/05/04 13:52:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013/05/04 13:52:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013/05/04 13:52:01 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013/05/04 13:51:44 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/04 13:51:43 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/04 13:51:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/05/04 13:51:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/05/04 13:51:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/04 13:51:43 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/04 13:51:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/05/04 13:51:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/05/04 13:51:34 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013/05/04 13:51:31 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013/05/04 13:50:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013/05/04 13:50:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013/05/04 13:50:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/05/04 13:50:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/05/04 13:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/04 13:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/04 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Google
[2013/05/04 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Deployment
[2013/05/04 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Apps
[2013/05/04 13:44:25 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Macromedia
[2013/05/04 13:25:57 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\ASUS WebStorage
[2013/05/04 13:25:30 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/04 13:25:30 | 000,000,000 | R--D | C] -- C:\Users\Annie\Searches
[2013/05/04 13:25:30 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/04 13:25:29 | 000,000,000 | -H-D | C] -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/04 13:25:27 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Adobe
[2013/05/04 13:25:26 | 000,000,000 | R--D | C] -- C:\Users\Annie\Contacts
[2013/05/04 13:25:20 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\ASUS
[2013/05/04 13:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2013/05/04 13:24:25 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\VirtualStore
[2013/05/04 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Packages
[2013/05/04 13:24:08 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\ASUS
[2013/05/04 13:21:39 | 000,000,000 | --SD | C] -- C:\Users\Annie\AppData\Roaming\Microsoft
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Videos
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Saved Games
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Pictures
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Music
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Links
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Favorites
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Downloads
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Documents
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\Desktop
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/04 13:21:39 | 000,000,000 | R--D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\AppData\Local\Temporary Internet Files
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Templates
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Start Menu
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\SendTo
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Recent
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\PrintHood
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\NetHood
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Documents\My Videos
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Documents\My Pictures
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Documents\My Music
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\My Documents
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Local Settings
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\AppData\Local\History
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Cookies
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\Application Data
[2013/05/04 13:21:39 | 000,000,000 | -HSD | C] -- C:\Users\Annie\AppData\Local\Application Data
[2013/05/04 13:21:39 | 000,000,000 | -H-D | C] -- C:\Users\Annie\AppData
[2013/05/04 13:21:39 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Temp
[2013/05/04 13:21:39 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Microsoft
[2013/05/04 13:21:39 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

========== Files - Modified Within 30 Days ==========

[2013/06/02 21:52:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 21:43:20 | 000,000,512 | ---- | M] () -- C:\Users\Annie\Desktop\MBR.dat
[2013/06/02 21:34:15 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/02 21:34:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/02 21:34:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/06/02 21:33:56 | 2480,939,007 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/02 21:19:06 | 000,425,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/02 21:18:55 | 1797,674,516 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/02 19:45:35 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/02 19:45:35 | 000,738,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/02 19:45:35 | 000,142,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/30 22:58:02 | 000,000,408 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\sp_data.sys
[2013/05/29 19:29:28 | 000,001,045 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\TVTrigger.lnk
[2013/05/29 19:29:28 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\TVTrigger.lnk
[2013/05/29 19:06:08 | 000,001,215 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/05/25 23:21:49 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/25 13:37:01 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/25 13:37:01 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/25 13:37:01 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013/05/25 13:37:01 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/05/25 13:37:01 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013/05/25 13:36:21 | 000,001,015 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\XMind 2012.lnk
[2013/05/25 13:36:21 | 000,000,991 | ---- | M] () -- C:\Users\Annie\Desktop\XMind 2012.lnk
[2013/05/24 06:52:18 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/20 20:41:59 | 000,001,009 | ---- | M] () -- C:\Users\Annie\Desktop\Audacity.lnk
[2013/05/20 17:39:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/05/19 22:41:20 | 000,202,149 | ---- | M] () -- C:\Users\Annie\Desktop\Turtool.png
[2013/05/16 01:22:53 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/05/09 08:38:23 | 000,000,079 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/05/09 07:57:44 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/05/08 08:29:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/08 06:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/08 06:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/08 01:51:48 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/08 01:23:11 | 000,017,232 | ---- | M] () -- C:\Users\Annie\Desktop\omg it works.png
[2013/05/07 20:14:05 | 000,059,778 | ---- | M] () -- C:\Users\Annie\Desktop\promo_littlechefs_apron.pdf
[2013/05/07 00:10:28 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/05/07 00:10:28 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/05/07 00:05:37 | 000,002,028 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/05/07 00:05:37 | 000,002,018 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/05/06 10:14:46 | 000,063,096 | ---- | M] () -- C:\Users\Annie\Desktop\549061_320033694789343_1485992789_n.jpg
[2013/05/06 10:13:01 | 000,059,451 | ---- | M] () -- C:\Users\Annie\Desktop\417823_327484580710921_236852414_n.jpg
[2013/05/04 16:45:32 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/04 16:29:51 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/04 15:34:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/05/04 15:01:44 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Power4Gear Hybrid.lnk
[2013/05/04 13:59:27 | 000,002,281 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/04 13:53:34 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/04 13:29:33 | 000,001,426 | ---- | M] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/06/02 21:43:20 | 000,000,512 | ---- | C] () -- C:\Users\Annie\Desktop\MBR.dat
[2013/06/02 21:18:56 | 000,425,056 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/30 22:09:31 | 1797,674,516 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/29 19:29:28 | 000,001,045 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\TVTrigger.lnk
[2013/05/29 19:29:28 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\TVTrigger.lnk
[2013/05/25 23:21:49 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/25 23:11:00 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/05/25 13:36:21 | 000,001,015 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\XMind 2012.lnk
[2013/05/25 13:36:21 | 000,000,991 | ---- | C] () -- C:\Users\Annie\Desktop\XMind 2012.lnk
[2013/05/20 20:41:59 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/05/20 20:41:59 | 000,001,009 | ---- | C] () -- C:\Users\Annie\Desktop\Audacity.lnk
[2013/05/20 17:39:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/05/19 22:41:20 | 000,202,149 | ---- | C] () -- C:\Users\Annie\Desktop\Turtool.png
[2013/05/18 03:02:15 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/05/09 08:38:45 | 000,001,215 | ---- | C] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/05/09 07:57:44 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/05/09 07:55:51 | 000,000,079 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/05/08 08:29:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/08 01:51:48 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/08 01:23:11 | 000,017,232 | ---- | C] () -- C:\Users\Annie\Desktop\omg it works.png
[2013/05/07 20:14:05 | 000,059,778 | ---- | C] () -- C:\Users\Annie\Desktop\promo_littlechefs_apron.pdf
[2013/05/07 00:10:28 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/05/07 00:10:28 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/05/07 00:05:37 | 000,002,028 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/05/07 00:05:37 | 000,002,018 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/05/06 10:14:48 | 000,063,096 | ---- | C] () -- C:\Users\Annie\Desktop\549061_320033694789343_1485992789_n.jpg
[2013/05/06 10:13:01 | 000,059,451 | ---- | C] () -- C:\Users\Annie\Desktop\417823_327484580710921_236852414_n.jpg
[2013/05/06 00:12:49 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/05/06 00:12:44 | 2480,939,007 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/04 22:24:23 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/05/04 16:45:32 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/04 16:29:51 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/04 15:34:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/05/04 15:01:44 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Power4Gear Hybrid.lnk
[2013/05/04 13:53:34 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/04 13:53:33 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/04 13:47:31 | 000,002,281 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/04 13:47:31 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/04 13:47:04 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/04 13:47:04 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/04 13:29:33 | 000,001,426 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/04 13:25:27 | 000,001,432 | ---- | C] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/04 13:25:04 | 000,000,408 | ---- | C] () -- C:\Users\Annie\AppData\Roaming\sp_data.sys
[2013/05/04 13:21:39 | 000,000,352 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/04 13:21:39 | 000,000,334 | ---- | C] () -- C:\Users\Annie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/25 16:14:44 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/27 17:27:02 | 000,004,362 | ---- | C] () -- C:\Windows\SysWow64\DptfInvalidPolicyRemover.ini
[2012/11/27 17:25:33 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/11/27 17:25:17 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/11/27 17:25:14 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/05 11:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/05 11:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/07/26 18:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 18:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 17:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 11:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/26 06:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/26 06:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/26 06:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/26 06:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/03 00:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/21 07:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/05/29 19:21:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 16:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 15:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2012/09/20 16:30:35 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/03/06 16:29:15 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2012/07/26 13:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2012/07/26 13:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2012/11/27 14:17:32 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/07/26 13:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012/07/26 13:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 13:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012/07/26 13:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/26 13:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/07/26 13:05:21 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012/07/26 13:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2012/10/11 15:43:40 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2012/10/11 15:06:02 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/09/20 16:31:07 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2012/07/26 13:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2012/07/26 13:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012/07/26 13:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2012/07/26 13:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2012/07/26 13:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2012/07/26 13:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2012/09/20 16:31:57 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2012/07/26 13:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/02/02 18:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/09/20 16:32:17 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2012/07/26 15:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/09/20 16:33:04 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/07/26 13:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2012/07/26 13:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2012/07/26 13:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012/07/26 13:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2012/07/26 13:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2012/09/20 16:33:39 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/04/09 14:51:41 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012/07/26 13:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2012/07/26 13:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012/07/26 13:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/04/09 14:50:39 | 001,285,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2012/07/26 13:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012/07/26 13:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012/07/26 13:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/07/26 13:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2012/07/26 13:08:49 | 001,482,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013/04/09 14:48:42 | 000,785,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/04/09 14:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/26 13:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/01/29 11:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/26 13:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2012/10/11 15:44:35 | 000,904,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2012/07/26 13:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2012/07/26 13:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012/07/26 13:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/07/26 13:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013/03/02 12:45:19 | 003,240,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012/07/26 13:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2012/11/06 14:19:59 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2012/07/26 13:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/10/11 15:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012/10/11 18:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012/07/26 13:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012/07/26 14:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012/10/11 15:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012/10/11 15:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012/10/11 17:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012/10/11 17:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe

< MD5 for: SERVICES >
[2012/07/26 15:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services

< MD5 for: SERVICES.ASFX >
[2012/12/19 00:28:44 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/12/19 00:28:42 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/12/19 00:28:24 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/12/19 00:28:30 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2010/11/16 14:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010/11/16 14:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX18 >
[2010/11/16 14:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX21 >
[2010/11/16 14:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.CFG >
[2013/05/10 17:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/16 14:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2012/09/20 16:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/07/26 15:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012/09/20 16:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012/09/20 16:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2012/07/26 17:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/26 17:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui

< MD5 for: SERVICES.JS >
[2013/05/04 17:34:33 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.275_x64__8wekyb3d8bbwe\common\js\services.js
[2013/05/04 17:46:53 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.273_x64__8wekyb3d8bbwe\common\js\services.js
[2013/05/04 17:39:31 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\common\js\services.js
[2013/05/04 16:20:27 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.274_x64__8wekyb3d8bbwe\common\js\services.js
[2013/05/04 17:18:20 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.288_x64__8wekyb3d8bbwe\common\js\services.js
[2012/07/26 17:54:02 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:53 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:50 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:54:33 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:57 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js

< MD5 for: SERVICES.LNK >
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk

< MD5 for: SERVICES.MOF >
[2012/06/03 00:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/03 00:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof

< MD5 for: SERVICES.MSC >
[2012/07/26 17:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/06/03 00:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/26 17:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/03 00:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/26 17:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/03 00:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/03 00:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 17:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc

< MD5 for: SERVICES.PTXML >
[2012/07/26 06:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/26 06:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2012/07/26 13:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/07/26 13:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/09/20 16:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012/09/20 15:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/09/20 15:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012/09/20 16:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/09/20 16:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012/09/20 15:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

< MD5 for: USERINIT.EXE >
[2012/07/26 13:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/26 13:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/26 13:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 13:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/20 16:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/09/20 16:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/26 13:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012/10/11 15:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012/10/11 15:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012/10/11 15:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: KINGSTON SMSM150S324G
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST1000LM024 HN-M101MBB
Partitions: 5
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 18.00GB
Starting Offset: 4297064448
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 4.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 300.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 900.00MB
Starting Offset: 315621376
Hidden sectors: 0


DeviceID: Disk #1, Partition #2
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 373.00GB
Starting Offset: 1393557504
Hidden sectors: 0


DeviceID: Disk #1, Partition #3
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 538.00GB
Starting Offset: 401474584576
Hidden sectors: 0


DeviceID: Disk #1, Partition #4
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 20.00GB
Starting Offset: 978718818304
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.2.9200
Copyright © 1999-2012 Microsoft Corporation.
On computer: ACHIEM-LAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E Rabbetts CDFS DVD-ROM 48 MB Healthy
Volume 1 C OS NTFS Partition 372 GB Healthy Boot
Volume 2 D DATA NTFS Partition 537 GB Healthy
Volume 3 SYSTEM FAT32 Partition 300 MB Healthy System
Volume 4 Recovery NTFS Partition 900 MB Healthy Hidden
Volume 5 Restore NTFS Partition 20 GB Healthy Hidden

< End of report >



  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Thanks for the logs. The OTL fix removed some nasties. AdwCleaner found some more that we will remove in this round. The aswMBR log is clean

You mentioned " If your P2P program is not configured correctly, your computer may also be sharing more files than you realize." I was wondering if you could tell me how to configure it (if i choose to install it again) properly so that this doesn't happen?

Unfortunately I can't. With Peer 2 Peer programs the major problem is that a LOT of the files that are available are infected and configuring the program properly does not address this problem. The risk of infection from files downloaded through a P2P program is so great that the Terme Of Use on this board only allows us to discuss removal of P2P programs (see 3.q)

After this round please let me know if you are still getting the oyodomo pop up.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • (Vista 7 and 8 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Before running Steps 2 and 3 I want you to disable any screen saver you might have running.

Step-2

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Right click on the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 /8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application and screen saver after running the above scan!


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S1].txt log
2. The MalwareBytes log
3. The ESET log (IF it found anything). IF it didn't just tell me.
4. How is the computer running now?
  • 0

#7
HELP.ME

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
1.# AdwCleaner v2.301 - Logfile created 06/04/2013 at 13:53:22
# Updated 16/05/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Annie - ACHIEM-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Annie\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Annie\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\pl2f3bh7.default\prefs.js

C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\pl2f3bh7.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3324] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48", "[...]

*************************

AdwCleaner[R1].txt - [2051 octets] - [02/06/2013 21:48:53]
AdwCleaner[S1].txt - [1953 octets] - [04/06/2013 13:53:22]

########## EOF - C:\AdwCleaner[S1].txt - [2013 octets] ##########

2. Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.04.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
Annie :: ACHIEM-LAPTOP [administrator]

4/06/2013 2:11:18 PM
mbam-log-2013-06-04 (14-11-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 455462
Time elapsed: 1 hour(s), 29 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Annie\Downloads\Activator\Activation Helper v1.5 x86.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

3. C:\Users\Annie\Downloads\cbsidlm-tr1_13-TVTrigger-ORG-10958207.exe Win32/DownloadAdmin.G application
C:\Users\Annie\Downloads\epson14055.exe a variant of Win32/Bundled.Toolbar.Ask.C application

4. The computer was running great and oyodomo never popped up ever since I uninstalled the mysterious application "TopArcadeHits". :)

  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The computer was running great and oyodomo never popped up ever since I uninstalled the mysterious application "TopArcadeHits".

Does that mean that the computer was running great but it isn't now, or is it still runing good?

Let's check services and check any programs that need updating.


Step-1.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Right click the FSS.exe file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-2.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Windows 8 users may need to right click the file and click Run as Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The FSS.txt log
2. The checkup.txt log
  • 0

#9
HELP.ME

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello, I meant that my computer was running fine EVER SINCE I removed the application.. so yes it's still working well :)

1.
Farbar Service Scanner Version: 31-05-2013 01
Ran by Annie (administrator) on 05-06-2013 at 23:22:52
Running from "C:\Users\Annie\Downloads"
Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-05-04 15:14] - [2013-03-02 19:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2013-05-18 03:02] - [2013-04-09 14:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-05-04 15:14] - [2013-03-02 12:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-05-04 13:51] - [2013-01-29 09:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-05-04 13:51] - [2013-01-29 11:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

2. I ran into some trouble here. McAfee detected the downloads from both links as both trojans so it refuses to let me download it. Should I just ignore these warnings?
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

2. I ran into some trouble here. McAfee detected the downloads from both links as both trojans so it refuses to let me download it. Should I just ignore these warnings?

Did you disable McAfee before going to the site to run the scan?
Did you right click on the IE of FF browser (If you were using IE or FF) executable file to run the browser?
If you did both of those then yes just ignore the warnings and see if McAfee will let you complete the scan....just don't allow it to delete or quarantine anything.

I also want to have some files checked.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\System32\Drivers\tcpip.sys
    C:\Windows\System32\wscsvc.dll
    C:\Windows\System32\wuaueng.dll

  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 6 for each file listed.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The ESET scan if you were able to complete it.
2. The VirusTotal links.
  • 0

#11
HELP.ME

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
1. Checkup.txt
Results of screen317's Security Check version 0.99.64
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 37
Java version out of Date!
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
mcafee VIRUSS~1 mcvsmap.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

2. I couldn't run VirusTotal because when I tried to paste the file names into the choose file box, they said they couldn't find the files.
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

2. I couldn't run VirusTotal because when I tried to paste the file names into the choose file box, they said they couldn't find the files.

That is odd. Most of those are system files and Windows wouldn't run properly without them.

The logs are looking good :thumbsup:
Let's run an abbreviated OTL scan and see if it can locate the files.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
tcppip.sys
wscsvc.dll
wuaueng.dll
MpSvc.dll
MsMpEng.exe
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 /8 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out button beside None at the top of the console.<---Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP