Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"My Anti Virus is turned off" [Closed]

Started by Ayame12 , Aug 01 2013 09:47 PM

  • This topic is locked This topic is locked

#1
Ayame12
Posted 01 August 2013 - 09:47 PM

Ayame12

    New Member

  • Member
  • Pip
  • 9 posts
I clicked on a link on my Facebook Account as a result I was not able to talk to my friends on Facebook anymore so I deactivated my account. But my computer acting strange:
1. My computer is very slow
2. My McAfee Internet Security which is outdated so I just recently unstalled it. I got a message on my computer that say "My Anti Virus is turned off" on the Notification Area.
3. The Encryption (http://) on the address bar on my browser keep on crashing.
4. sometimes my webpages won't up.

I have to check my laptop and my external hard drive ( which came from old laptop) for any viruses, malware and etc.


So thank you for taking the time to read this and so please help me fix this.



OTL logfile created on: 8/1/2013 11:16:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 59.71% Memory free
7.36 Gb Paging File | 5.27 Gb Available in Paging File | 71.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 405.18 Gb Free Space | 90.51% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive F: | 447.66 Gb Total Space | 96.41 Gb Free Space | 21.54% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/01 22:36:51 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/23 22:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
PRC - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/05/09 04:58:35 | 006,583,664 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/31 08:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/31 08:38:36 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/31 08:38:34 | 001,092,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 19:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 22:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 19:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 19:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/28 18:04:59 | 000,057,344 | ---- | M] () -- C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
MOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 20:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 20:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/23 20:56:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/23 20:56:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/23 20:56:46 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45e4072bdc78b50abd6a5f28386e8153\IAStorUtil.ni.dll
MOD - [2013/07/23 20:56:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/23 20:56:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/23 20:56:30 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\bda7430e393758ce03bd26509f5a8762\System.Xml.ni.dll
MOD - [2013/07/23 20:56:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/23 20:56:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/23 20:56:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/01 23:09:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/23 01:49:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/02/27 14:15:16 | 000,833,616 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\Mars\AppData\Local\Temp\0028321375410684mcinst.exe -- (0028321375410684mcinstcleanup)
SRV - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/01 22:35:59 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/19 00:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/19 00:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/19 00:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/17 05:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/08 06:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/21 21:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 19:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/09/17 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/23 23:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/07/28 18:04:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...rc=IE-SearchBox
CHR - default_search_provider: suggest_url = http://api.bing.com/...=U019&dt=072813
CHR - homepage: http://www.msn.com/?...19DHP&dt=072813
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\
CHR - Extension: avast! Online Security = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Freemake Video Converter = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Torch Share = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_0\
CHR - Extension: Gmail = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A628AEC7-B29E-4539-B31B-F5752705852B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/01 23:09:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/01 22:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/08/01 22:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013/08/01 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
[2013/08/01 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Avast EasyPass Data
[2013/08/01 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2013/08/01 22:35:32 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:32 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/08/01 22:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/01 22:35:31 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/08/01 22:35:31 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/08/01 22:35:30 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:27 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/08/01 22:35:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/08/01 22:34:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/01 22:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/01 22:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/29 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Calibre Library
[2013/07/29 22:06:49 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/07/28 18:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler
[2013/07/28 18:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/07/28 18:58:43 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
[2013/07/28 18:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Torch
[2013/07/28 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\FreemakeVideoConverter
[2013/07/28 18:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Freemake
[2013/07/28 18:04:36 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/07/28 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\OpenCandy
[2013/07/28 18:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/07/28 17:58:08 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Programs
[2013/07/23 22:34:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/07/23 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TP
[2013/07/23 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe_Systems_Incorporate
[2013/07/23 14:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/07/23 14:40:30 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Digital Editions
[2013/07/23 11:11:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/23 02:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/07/23 02:31:05 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013/07/23 02:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Youcam
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/07/23 01:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2013/07/23 01:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2013/07/23 01:58:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2013/07/23 01:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2013/07/23 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/07/23 01:51:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
[2013/07/23 01:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NTI Launcher
[2013/07/23 01:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
[2013/07/23 01:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/07/23 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013/07/23 01:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/07/23 01:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
[2013/07/23 01:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/07/23 01:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/07/23 01:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/07/23 01:38:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/07/23 01:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2013/07/23 01:37:32 | 000,000,000 | ---D | C] -- C:\book
[2013/07/23 01:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2013/07/23 01:34:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/23 00:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\clear.fi
[2013/07/22 23:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/22 23:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/22 23:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Google
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Deployment
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Apps
[2013/07/22 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\EgisTec IPS
[2013/07/22 23:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/07/22 23:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/07/22 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Times Reader
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\CyberLink
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Acer
[2013/07/22 23:24:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\PowerCinema
[2013/07/22 23:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection
[2013/07/22 23:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\VirtualStore
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Temporary Internet Files
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Templates
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Start Menu
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\SendTo
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Recent
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\PrintHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\NetHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Videos
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Pictures
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Music
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\My Documents
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Local Settings
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\History
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Cookies
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Application Data
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Application Data
[2013/07/22 23:24:17 | 000,000,000 | --SD | C] -- C:\Users\Mars\AppData\Roaming\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Videos
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Searches
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Saved Games
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Pictures
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Music
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Links
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Favorites
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Downloads
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Documents
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Desktop
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Contacts
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\AppData
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Temp
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Macromedia
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Intel Corporation
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\InstallShield
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Identities
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Downloaded Installations
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Adobe
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe
[2013/07/22 23:24:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/01 23:18:56 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/01 23:18:56 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/01 23:18:56 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/01 23:09:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 22:47:52 | 000,417,513 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:59 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 21:22:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/01 15:40:55 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/01 15:24:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/01 15:24:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/01 15:17:02 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/01 15:13:52 | 000,000,675 | ---- | M] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/31 06:21:13 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/30 01:46:25 | 000,000,289 | ---- | M] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/07/29 22:05:21 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:35:04 | 000,002,138 | ---- | M] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:35:04 | 000,002,136 | ---- | M] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:35:04 | 000,001,335 | ---- | M] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/29 10:34:39 | 000,001,139 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 22:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/07/23 15:49:09 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:31:05 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 01:58:40 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:54:16 | 000,282,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/23 01:52:49 | 000,000,017 | ---- | M] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:47:08 | 000,015,762 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013/07/23 00:08:30 | 000,002,283 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:29:58 | 000,001,441 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:57 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Times Reader.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/01 23:09:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 22:47:04 | 000,417,513 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:28 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:28 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/08/01 22:35:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 15:13:52 | 000,000,675 | ---- | C] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/30 01:46:25 | 000,000,289 | ---- | C] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/07/29 22:05:21 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:34:39 | 000,002,138 | ---- | C] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:34:39 | 000,002,136 | ---- | C] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:34:37 | 000,001,343 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2013/07/28 18:58:43 | 000,001,335 | ---- | C] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/28 18:58:43 | 000,001,139 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 15:49:09 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:32:32 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 02:01:20 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/07/23 01:58:40 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:52:49 | 000,000,017 | ---- | C] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:48:55 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013/07/23 01:47:08 | 000,015,762 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2013/07/23 01:34:02 | 2962,255,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/23 00:57:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/07/23 00:45:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/07/22 23:44:35 | 000,002,283 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:44:35 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/22 23:38:12 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 23:38:11 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 23:29:58 | 000,001,441 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:57 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Times Reader.lnk
[2013/07/22 23:24:18 | 000,000,290 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/22 23:24:18 | 000,000,272 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/07/22 23:24:17 | 000,001,417 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/31 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/07/28 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\OpenCandy
[2013/07/28 18:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/07/31 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TP

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
godawgs
Posted 02 August 2013 - 07:16 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello again Ayame12,

Can you please tell me why you abandoned the original topic you opened here and opened this new topic?

It appears that you uninstalled the AVG and McAfee programs to the point where they no longer start up when the computer does but I still see some McAfee remnants. That may be why the Notification Area shows the AV is turned off.

3. The Encryption (http://) on the address bar on my browser keep on crashing.
4. sometimes my webpages won't up.

Does this happen in all browsers or just certain ones?

I am going to need a fresh OTL Extras.txt log so please post it in your next reply.


Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above
2. The aswMBR log
3. The Extras.txt log
  • 0

#3
Ayame12
Posted 03 August 2013 - 08:31 PM

Ayame12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
And unstall all the McAfee except the McAfee SiteAdvisor I wanted to keep that.

1.I did the quick scan on the OTL to get a fresh on the Extra.txt log. It didn't provide me with one ,just a OTL.txt Log. What can I do to fix this?
2.The crashing on the http:\\ this happens on one of my browsers Google chrome sometimes.
3. My Computer recently Crashed I was trying start Use Microsoft Office Starter 2010 " it said there was a problem setting up Microsoft Office Starter 2010" too.


Thank you for taking the time to help me and sorry choosing a new topic i didn't know how to reverse the Closed Case.

4. aswMBR log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-03 21:41:33
-----------------------------
21:41:33.002 OS Version: Windows x64 6.1.7601 Service Pack 1
21:41:33.002 Number of processors: 2 586 0x2505
21:41:33.003 ComputerName: MARS-PC UserName: Mars
21:41:40.119 Initialize success
21:41:41.251 AVAST engine defs: 13080301
21:43:56.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:43:56.288 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
21:43:56.395 Disk 0 MBR read successfully
21:43:56.400 Disk 0 MBR scan
21:43:56.407 Disk 0 Windows 7 default MBR code
21:43:56.427 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
21:43:56.443 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
21:43:56.455 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458406 MB offset 37955584
21:43:56.564 Disk 0 scanning C:\Windows\system32\drivers
21:44:08.356 Service scanning
21:44:32.293 Modules scanning
21:44:32.309 Disk 0 trace - called modules:
21:44:32.342 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:44:32.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b47060]
21:44:32.365 3 CLASSPNP.SYS[fffff8800119843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004982050]
21:44:33.392 AVAST engine scan C:\Windows
21:44:35.771 AVAST engine scan C:\Windows\system32
21:46:27.681 AVAST engine scan C:\Windows\system32\drivers
21:46:35.638 AVAST engine scan C:\Users\Mars
21:48:45.218 AVAST engine scan C:\ProgramData
21:49:13.522 Scan finished successfully
21:57:08.165 Disk 0 MBR has been saved successfully to "C:\Users\Mars\Desktop\MBR.dat"
21:57:08.171 The log file has been saved successfully to "C:\Users\Mars\Desktop\aswMBR.txt"
  • 0

#4
godawgs
Posted 03 August 2013 - 10:43 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

And unstall all the McAfee except the McAfee SiteAdvisor I wanted to keep that.

Acknowledged

1.I did the quick scan on the OTL to get a fresh on the Extra.txt log. It didn't provide me with one ,just a OTL.txt Log. What can I do to fix this?

The Extras.txt log should be on the desktop, but I will post instructions to get a fresh OTL scan that includes all users and the Extras.txt log.

2.The crashing on the http:\\ this happens on one of my browsers Google chrome sometimes.

Acknowledged

3. My Computer recently Crashed I was trying start Use Microsoft Office Starter 2010 " it said there was a problem setting up Microsoft Office Starter 2010" too.

Let's see what kind of errors the Extras.txt log shows. But if removing the malware doesn't solve the problem you may well have to go the the Applications forum when we are done here for the Office problem :)


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
DRIVES


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use SafeList<---Very Important
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.txt on the desktop. The Extras.txt file will be minimized on the Taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your next reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The Extras.txt log
  • 0

#5
Ayame12
Posted 05 August 2013 - 11:39 PM

Ayame12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
First of all thank you for taking the time to help me.

OTL.txt

OTL logfile created on: 8/6/2013 1:20:34 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 67.07% Memory free
7.36 Gb Paging File | 5.40 Gb Available in Paging File | 73.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 403.33 Gb Free Space | 90.10% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive F: | 447.66 Gb Total Space | 24.59 Gb Free Space | 5.49% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/05 16:50:30 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Mars\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/08/02 14:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
PRC - [2013/08/01 22:36:51 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/31 08:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/31 08:38:36 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/31 08:38:34 | 001,092,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 19:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 22:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 19:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 19:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/23 20:56:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/23 20:56:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/23 20:56:46 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45e4072bdc78b50abd6a5f28386e8153\IAStorUtil.ni.dll
MOD - [2013/07/23 20:56:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/23 20:56:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/23 20:56:30 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\bda7430e393758ce03bd26509f5a8762\System.Xml.ni.dll
MOD - [2013/07/23 20:56:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/23 20:56:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/23 20:56:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/01 23:09:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/23 01:49:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/01 22:35:59 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/19 00:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/19 00:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/19 00:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/17 05:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/08 06:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/21 21:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 19:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/09/17 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3905402568-11843471-3572921917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-3905402568-11843471-3572921917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKU\S-1-5-21-3905402568-11843471-3572921917-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3905402568-11843471-3572921917-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3905402568-11843471-3572921917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/23 23:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/07/28 18:04:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...rc=IE-SearchBox
CHR - default_search_provider: suggest_url = http://api.bing.com/...=U019&dt=072813
CHR - homepage: http://www.msn.com/?...19DHP&dt=072813
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\
CHR - Extension: avast! Online Security = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Freemake Video Converter = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Torch Share = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_0\
CHR - Extension: Gmail = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3905402568-11843471-3572921917-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3905402568-11843471-3572921917-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3905402568-11843471-3572921917-1000..\Run: [uTorrent] C:\Users\Mars\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3905402568-11843471-3572921917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A628AEC7-B29E-4539-B31B-F5752705852B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\uTorrent
[2013/08/03 21:14:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mars\Desktop\aswMBR.exe
[2013/08/02 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\FFP
[2013/08/02 14:57:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/08/02 01:09:46 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/02 01:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/02 01:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/02 01:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/01 23:09:42 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/01 23:09:42 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/01 23:09:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/01 22:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/08/01 22:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013/08/01 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
[2013/08/01 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Avast EasyPass Data
[2013/08/01 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2013/08/01 22:35:32 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:32 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/08/01 22:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/01 22:35:31 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/08/01 22:35:31 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/08/01 22:35:30 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:27 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/08/01 22:35:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/08/01 22:34:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/01 22:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/01 22:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/29 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Calibre Library
[2013/07/29 22:06:49 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/07/28 18:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler
[2013/07/28 18:58:54 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2013/07/28 18:58:54 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013/07/28 18:58:54 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2013/07/28 18:58:54 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2013/07/28 18:58:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2013/07/28 18:58:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2013/07/28 18:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/07/28 18:58:43 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
[2013/07/28 18:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Torch
[2013/07/28 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\FreemakeVideoConverter
[2013/07/28 18:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Freemake
[2013/07/28 18:04:36 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/07/28 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\OpenCandy
[2013/07/28 18:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/07/28 17:58:08 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Programs
[2013/07/23 18:02:45 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/07/23 18:02:45 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/07/23 18:02:34 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/07/23 18:02:33 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/07/23 18:02:33 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/07/23 18:02:33 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013/07/23 18:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2013/07/23 18:02:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013/07/23 18:02:33 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013/07/23 18:01:59 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/07/23 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TP
[2013/07/23 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe_Systems_Incorporate
[2013/07/23 14:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/07/23 14:40:30 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Digital Editions
[2013/07/23 11:11:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/23 02:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/07/23 02:33:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/07/23 02:33:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/07/23 02:33:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/07/23 02:33:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/07/23 02:33:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/07/23 02:33:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/23 02:33:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/07/23 02:33:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/07/23 02:33:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/07/23 02:33:06 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/23 02:33:06 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/23 02:33:06 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/23 02:33:06 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/07/23 02:33:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/07/23 02:33:06 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/07/23 02:33:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/23 02:33:06 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/07/23 02:33:06 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/07/23 02:33:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/07/23 02:33:06 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/07/23 02:33:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/07/23 02:33:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/07/23 02:33:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/07/23 02:33:05 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/23 02:33:05 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/23 02:31:05 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013/07/23 02:27:10 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/07/23 02:26:49 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/23 02:26:45 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/07/23 02:26:45 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/07/23 02:11:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/23 02:11:28 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/23 02:11:28 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/23 02:11:28 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/07/23 02:11:28 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/07/23 02:11:28 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/07/23 02:11:28 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/07/23 02:11:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/23 02:11:28 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/07/23 02:11:28 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/07/23 02:11:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/23 02:11:28 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/07/23 02:11:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/23 02:11:28 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/23 02:11:28 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/23 02:11:28 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/07/23 02:11:28 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/07/23 02:11:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/23 02:11:28 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/07/23 02:11:28 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/07/23 02:11:28 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/23 02:11:28 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/23 02:11:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/07/23 02:11:28 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/07/23 02:11:28 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/07/23 02:11:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/07/23 02:11:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/23 02:11:28 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/07/23 02:11:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/07/23 02:11:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/07/23 02:11:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/07/23 02:11:28 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/07/23 02:11:28 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/07/23 02:11:28 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/23 02:11:28 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/23 02:11:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/07/23 02:11:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/07/23 02:11:28 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/07/23 02:11:28 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/07/23 02:11:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/07/23 02:11:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/23 02:11:28 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/07/23 02:11:28 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/23 02:11:28 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/07/23 02:11:28 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/23 02:11:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/07/23 02:11:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/07/23 02:11:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/23 02:11:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/07/23 02:11:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/07/23 02:11:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/23 02:11:28 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/07/23 02:11:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/23 02:11:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/07/23 02:11:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/07/23 02:11:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/23 02:11:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/07/23 02:11:28 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/23 02:11:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/07/23 02:11:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/07/23 02:11:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/07/23 02:11:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/23 02:11:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/23 02:11:28 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/07/23 02:11:28 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/07/23 02:11:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/07/23 02:11:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/07/23 02:11:28 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/07/23 02:08:14 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/07/23 02:08:14 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/07/23 02:08:14 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/07/23 02:08:14 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/07/23 02:08:14 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/07/23 02:08:14 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/07/23 02:08:14 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/07/23 02:08:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/07/23 02:08:14 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/07/23 02:08:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/07/23 02:08:13 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/07/23 02:08:13 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/07/23 02:08:13 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/07/23 02:08:13 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/07/23 02:08:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/07/23 02:08:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/07/23 02:08:13 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/07/23 02:08:13 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/07/23 02:08:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/07/23 02:08:13 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/07/23 02:08:13 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/07/23 02:08:13 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/07/23 02:08:13 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/07/23 02:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Youcam
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/07/23 01:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2013/07/23 01:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2013/07/23 01:58:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2013/07/23 01:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2013/07/23 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/07/23 01:51:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
[2013/07/23 01:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NTI Launcher
[2013/07/23 01:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
[2013/07/23 01:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/07/23 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013/07/23 01:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/07/23 01:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
[2013/07/23 01:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/07/23 01:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/07/23 01:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/07/23 01:38:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/07/23 01:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2013/07/23 01:37:32 | 000,000,000 | ---D | C] -- C:\book
[2013/07/23 01:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2013/07/23 01:34:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/23 00:57:58 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/07/23 00:57:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/07/23 00:46:57 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/07/23 00:46:57 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/07/23 00:46:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/07/23 00:46:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/07/23 00:45:53 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/07/23 00:45:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/07/23 00:45:52 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/07/23 00:45:52 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/07/23 00:42:25 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/07/23 00:42:25 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013/07/23 00:39:18 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2013/07/23 00:39:13 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/07/23 00:39:13 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/07/23 00:39:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/07/23 00:39:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/07/23 00:39:13 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/07/23 00:39:13 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/07/23 00:39:13 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/07/23 00:39:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/07/23 00:39:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013/07/23 00:39:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/07/23 00:39:13 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/07/23 00:39:13 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/07/23 00:39:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013/07/23 00:39:09 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013/07/23 00:39:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013/07/23 00:39:04 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2013/07/23 00:39:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/07/23 00:38:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/07/23 00:38:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/07/23 00:38:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/07/23 00:38:33 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/07/23 00:38:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/07/23 00:38:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/07/23 00:38:33 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/07/23 00:37:35 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/07/23 00:37:35 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/07/23 00:37:34 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/07/23 00:37:07 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/07/23 00:37:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/07/23 00:37:06 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013/07/23 00:37:06 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013/07/23 00:37:03 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2013/07/23 00:37:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2013/07/23 00:37:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2013/07/23 00:37:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2013/07/23 00:37:03 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2013/07/23 00:37:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2013/07/23 00:37:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2013/07/23 00:37:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2013/07/23 00:37:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2013/07/23 00:37:01 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/07/23 00:37:01 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/07/23 00:36:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/07/23 00:36:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/07/23 00:36:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/07/23 00:36:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/07/23 00:36:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/07/23 00:36:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/07/23 00:36:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/07/23 00:36:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/07/23 00:36:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/07/23 00:36:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/07/23 00:36:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/23 00:36:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/23 00:36:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/07/23 00:36:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/07/23 00:36:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/07/23 00:36:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/07/23 00:36:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/07/23 00:36:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/07/23 00:36:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/07/23 00:36:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/07/23 00:36:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/07/23 00:36:10 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/07/23 00:36:09 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/07/23 00:35:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/07/23 00:35:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/07/23 00:35:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/07/23 00:35:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/07/23 00:35:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/07/23 00:35:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/07/23 00:35:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/07/23 00:35:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/07/23 00:35:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/07/23 00:35:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/07/23 00:35:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/07/23 00:35:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/07/23 00:35:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/07/23 00:35:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/07/23 00:35:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/07/23 00:35:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/07/23 00:35:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/07/23 00:35:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/07/23 00:35:35 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/07/23 00:35:35 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/07/23 00:35:35 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/07/23 00:35:35 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/07/23 00:35:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/07/23 00:35:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/07/23 00:35:34 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/07/23 00:35:34 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/07/23 00:35:34 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/07/23 00:35:34 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/07/23 00:35:34 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/07/23 00:35:34 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/07/23 00:35:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/07/23 00:35:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/07/23 00:33:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/07/23 00:33:38 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/07/23 00:33:38 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/07/23 00:33:38 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/07/23 00:33:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/07/23 00:33:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/07/23 00:33:24 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013/07/23 00:33:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013/07/23 00:33:16 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/07/23 00:33:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/07/23 00:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/07/23 00:33:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/07/23 00:33:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/07/23 00:33:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/07/23 00:33:09 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/07/23 00:33:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/07/23 00:33:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/07/23 00:33:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/07/23 00:33:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/07/23 00:33:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/07/23 00:33:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/07/23 00:32:57 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/07/23 00:32:57 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/07/23 00:32:57 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/07/23 00:32:57 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/07/23 00:32:57 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2013/07/23 00:32:57 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2013/07/23 00:32:57 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2013/07/23 00:32:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013/07/23 00:32:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/07/23 00:32:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/07/23 00:32:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/07/23 00:32:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/07/23 00:32:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/07/23 00:32:24 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/07/23 00:32:15 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/07/23 00:32:13 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2013/07/23 00:32:12 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013/07/23 00:32:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2013/07/23 00:32:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/07/23 00:32:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/07/23 00:32:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/07/23 00:31:52 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/07/23 00:31:52 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/07/23 00:31:51 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/07/23 00:31:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/07/23 00:31:50 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/07/23 00:31:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/07/23 00:31:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/07/23 00:31:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/07/23 00:31:46 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/07/23 00:31:45 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/07/23 00:30:24 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2013/07/23 00:30:24 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2013/07/23 00:29:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013/07/23 00:29:24 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/23 00:29:24 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/23 00:29:20 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/07/23 00:29:20 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/07/23 00:29:16 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2013/07/23 00:29:16 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2013/07/23 00:29:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2013/07/23 00:29:16 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2013/07/23 00:29:11 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2013/07/23 00:29:11 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2013/07/23 00:29:11 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2013/07/23 00:29:11 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2013/07/23 00:29:06 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/07/23 00:29:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/07/23 00:29:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/07/23 00:29:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/07/23 00:29:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/07/23 00:29:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/07/23 00:29:02 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/23 00:29:02 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/23 00:29:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/07/23 00:29:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/07/23 00:28:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/07/23 00:28:54 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/07/23 00:28:54 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/07/23 00:28:52 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013/07/23 00:28:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013/07/23 00:28:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/07/23 00:28:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/07/23 00:28:46 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013/07/23 00:28:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2013/07/23 00:28:44 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2013/07/23 00:28:42 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/07/23 00:28:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2013/07/23 00:28:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2013/07/23 00:28:23 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2013/07/23 00:28:22 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013/07/23 00:28:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013/07/23 00:28:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013/07/23 00:28:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013/07/23 00:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\clear.fi
[2013/07/22 23:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/22 23:40:16 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/07/22 23:40:16 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/07/22 23:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/22 23:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Google
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Deployment
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Apps
[2013/07/22 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\EgisTec IPS
[2013/07/22 23:27:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/07/22 23:27:30 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/07/22 23:27:30 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/07/22 23:27:24 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/07/22 23:27:24 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/07/22 23:27:24 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/07/22 23:27:15 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/07/22 23:27:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/07/22 23:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/07/22 23:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/07/22 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Times Reader
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\CyberLink
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Acer
[2013/07/22 23:24:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\PowerCinema
[2013/07/22 23:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection
[2013/07/22 23:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\VirtualStore
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Temporary Internet Files
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Templates
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Start Menu
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\SendTo
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Recent
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\PrintHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\NetHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Videos
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Pictures
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Music
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\My Documents
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Local Settings
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\History
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Cookies
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Application Data
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Application Data
[2013/07/22 23:24:17 | 000,000,000 | --SD | C] -- C:\Users\Mars\AppData\Roaming\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Videos
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Searches
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Saved Games
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Pictures
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Music
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Links
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Favorites
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Downloads
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Documents
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Desktop
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Contacts
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\AppData
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Temp
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Macromedia
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Intel Corporation
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\InstallShield
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Identities
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Downloaded Installations
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Adobe
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe
[2013/07/22 23:24:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/06 01:14:18 | 000,001,037 | ---- | M] () -- C:\Users\Mars\Documents\instruction to finish scan.rtf
[2013/08/06 01:10:03 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6c3cdca8-ce8e-4736-bd73-56f9e5dcea2c.job
[2013/08/06 01:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/06 00:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 23:43:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/05 23:21:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/05 20:53:25 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/05 20:53:25 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/05 20:53:25 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/05 16:50:31 | 000,000,816 | ---- | M] () -- C:\Users\Mars\Desktop\µTorrent.lnk
[2013/08/05 16:50:31 | 000,000,796 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/08/05 03:26:41 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8271c96-c82f-4c9e-af98-08c6300f2585.job
[2013/08/03 21:57:08 | 000,000,512 | ---- | M] () -- C:\Users\Mars\Desktop\MBR.dat
[2013/08/03 21:39:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mars\Desktop\aswMBR.exe
[2013/08/03 13:53:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/08/03 13:20:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 13:20:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 13:12:37 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/02 14:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/08/02 01:09:26 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/01 23:09:42 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/01 23:09:42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/01 22:47:52 | 000,417,513 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:59 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 15:13:52 | 000,000,675 | ---- | M] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/31 06:21:13 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/30 01:46:25 | 000,000,289 | ---- | M] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/07/29 22:05:21 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:35:04 | 000,002,138 | ---- | M] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:35:04 | 000,002,136 | ---- | M] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:35:04 | 000,001,335 | ---- | M] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/29 10:34:39 | 000,001,139 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 15:49:09 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:31:05 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/07/23 02:11:28 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/23 02:11:28 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/23 02:11:28 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/23 02:11:28 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/07/23 02:11:28 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/07/23 02:11:28 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/07/23 02:11:28 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/07/23 02:11:28 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/23 02:11:28 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/07/23 02:11:28 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/07/23 02:11:28 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/23 02:11:28 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/07/23 02:11:28 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/23 02:11:28 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/23 02:11:28 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/23 02:11:28 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/07/23 02:11:28 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/07/23 02:11:28 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/23 02:11:28 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/07/23 02:11:28 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/07/23 02:11:28 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/23 02:11:28 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/23 02:11:28 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/07/23 02:11:28 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/07/23 02:11:28 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/07/23 02:11:28 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/07/23 02:11:28 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/23 02:11:28 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/07/23 02:11:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/07/23 02:11:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/07/23 02:11:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/07/23 02:11:28 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/07/23 02:11:28 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/07/23 02:11:28 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/23 02:11:28 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/23 02:11:28 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/07/23 02:11:28 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/07/23 02:11:28 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/07/23 02:11:28 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/07/23 02:11:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/07/23 02:11:28 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/23 02:11:28 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/07/23 02:11:28 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/23 02:11:28 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/07/23 02:11:28 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/23 02:11:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/07/23 02:11:28 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/07/23 02:11:28 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/23 02:11:28 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/07/23 02:11:28 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/07/23 02:11:28 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/23 02:11:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/07/23 02:11:28 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/23 02:11:28 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/07/23 02:11:28 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/07/23 02:11:28 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/23 02:11:28 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/07/23 02:11:28 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/23 02:11:28 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/07/23 02:11:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/07/23 02:11:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/07/23 02:11:28 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/23 02:11:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/23 02:11:28 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 02:11:28 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/07/23 02:11:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/07/23 02:11:28 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/07/23 02:11:28 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/07/23 02:08:14 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/07/23 02:08:14 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/07/23 02:08:14 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/07/23 02:08:14 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/07/23 02:08:14 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/07/23 02:08:14 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/07/23 02:08:14 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/07/23 02:08:14 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/07/23 02:08:14 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/07/23 02:08:14 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/07/23 02:08:14 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/07/23 02:08:13 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/07/23 02:08:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/07/23 02:08:13 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/07/23 02:08:13 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/07/23 02:08:13 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/07/23 02:08:13 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/07/23 02:08:13 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/07/23 02:08:13 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/07/23 02:08:13 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/07/23 02:08:13 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/07/23 02:08:13 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/07/23 02:08:13 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/07/23 02:08:13 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/07/23 01:58:40 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:54:16 | 000,282,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/23 01:52:49 | 000,000,017 | ---- | M] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:47:08 | 000,015,762 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013/07/23 00:08:30 | 000,002,283 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:29:58 | 000,001,441 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:57 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Times Reader.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/06 01:14:03 | 000,001,037 | ---- | C] () -- C:\Users\Mars\Documents\instruction to finish scan.rtf
[2013/08/05 16:50:31 | 000,000,816 | ---- | C] () -- C:\Users\Mars\Desktop\µTorrent.lnk
[2013/08/05 16:50:31 | 000,000,796 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/08/04 01:37:09 | 005,554,323 | ---- | C] () -- C:\Users\Mars\Desktop\Christ the Healer By FF Bosworth.pdf
[2013/08/04 01:36:05 | 001,692,820 | ---- | C] () -- C:\Users\Mars\Desktop\Cant You Talk Louder God.pdf
[2013/08/04 01:34:46 | 000,929,060 | ---- | C] () -- C:\Users\Mars\Desktop\BIBLICAL_MEDITATIONedited[etowns].pdf
[2013/08/04 01:30:32 | 012,998,003 | ---- | C] () -- C:\Users\Mars\Desktop\54-the_amazing_results_of_positivethinking.pdf
[2013/08/04 01:26:36 | 002,454,607 | ---- | C] () -- C:\Users\Mars\Desktop\THE PROPHET'S DICTIONARY by Paula A Price.pdf
[2013/08/04 01:26:14 | 012,939,786 | ---- | C] () -- C:\Users\Mars\Desktop\SMITH WIGGLESWORTH ON PRAYER, POWER AND MIRACLES.pdf
[2013/08/04 01:25:59 | 000,227,638 | ---- | C] () -- C:\Users\Mars\Desktop\Smith_WigglesworthFaith_That_Prevails.pdf
[2013/08/04 01:25:46 | 009,440,017 | ---- | C] () -- C:\Users\Mars\Desktop\smiths-bible-dictionary.pdf
[2013/08/03 21:57:08 | 000,000,512 | ---- | C] () -- C:\Users\Mars\Desktop\MBR.dat
[2013/08/03 13:53:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/08/02 16:16:20 | 005,286,811 | ---- | C] () -- C:\Users\Mars\Documents\Transforming Grace_ Living Confidently i - Gerald Bridges;Jerry Bridges.pdf
[2013/08/02 16:16:20 | 003,265,589 | ---- | C] () -- C:\Users\Mars\Documents\Understanding bible Mysteries.pdf
[2013/08/02 16:16:20 | 001,289,251 | ---- | C] () -- C:\Users\Mars\Documents\Time to Defeat the Devil_ Strategies to - Pierce, Chuck D_.pdf
[2013/08/02 16:16:20 | 001,268,727 | ---- | C] () -- C:\Users\Mars\Documents\TuneInToTheVoiceOfGod_ebook(2).pdf
[2013/08/02 16:16:20 | 001,127,643 | ---- | C] () -- C:\Users\Mars\Documents\Transform Your Thinking, Transform Your - Winston, Bill.pdf
[2013/08/02 16:16:20 | 001,127,613 | ---- | C] () -- C:\Users\Mars\Documents\Wading.pdf
[2013/08/02 16:16:20 | 000,432,289 | ---- | C] () -- C:\Users\Mars\Documents\Tongues - King, Patricia.pdf
[2013/08/02 16:16:20 | 000,378,451 | ---- | C] () -- C:\Users\Mars\Documents\The_Laws_of_Prosperity-.pdf
[2013/08/02 16:16:20 | 000,378,451 | ---- | C] () -- C:\Users\Mars\Documents\The_Laws_of_Prosperity- - Copy.pdf
[2013/08/02 16:16:20 | 000,111,199 | ---- | C] () -- C:\Users\Mars\Documents\The-Four-Realms-of-Riches.pdf
[2013/08/02 16:16:20 | 000,047,211 | ---- | C] () -- C:\Users\Mars\Documents\TIKE201207freeshots.pdf
[2013/08/02 16:16:19 | 003,043,982 | ---- | C] () -- C:\Users\Mars\Documents\The Future Of Worship.pdf
[2013/08/02 16:16:19 | 002,611,035 | ---- | C] () -- C:\Users\Mars\Documents\The Seer Expanded Edition_ The Prophetic - Goll, James W_.pdf
[2013/08/02 16:16:19 | 002,597,714 | ---- | C] () -- C:\Users\Mars\Documents\The Frontier Boys 9780768488494.pdf
[2013/08/02 16:16:19 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\The Life Giver - Copy.pdf
[2013/08/02 16:16:19 | 002,474,695 | ---- | C] () -- C:\Users\Mars\Documents\The Voice How We Can Participate How We should Respond.pdf
[2013/08/02 16:16:19 | 002,243,280 | ---- | C] () -- C:\Users\Mars\Documents\The New How to Study Your Bible - Arthur, Kay.pdf
[2013/08/02 16:16:19 | 001,795,859 | ---- | C] () -- C:\Users\Mars\Documents\The Power of the Cross_ Epicenter of Glo - Chavda, Mahesh.pdf
[2013/08/02 16:16:18 | 002,800,508 | ---- | C] () -- C:\Users\Mars\Documents\The Daily Prophecy_ Your Future Revealed - Kunneman, Brenda.pdf
[2013/08/02 16:16:18 | 001,890,800 | ---- | C] () -- C:\Users\Mars\Documents\SemGuide.pdf
[2013/08/02 16:16:18 | 001,388,279 | ---- | C] () -- C:\Users\Mars\Documents\Satan, You Can't Have My Miracle_ A spir - Delgado, Iris.pdf
[2013/08/02 16:16:18 | 001,160,875 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 3 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 001,154,699 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 1 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 001,131,360 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 2 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 000,961,077 | ---- | C] () -- C:\Users\Mars\Documents\Spiritual Revolution_ Experience the Sup - King, Patricia.pdf
[2013/08/02 16:16:18 | 000,693,527 | ---- | C] () -- C:\Users\Mars\Documents\RiverGlory.pdf
[2013/08/02 16:16:18 | 000,630,138 | ---- | C] () -- C:\Users\Mars\Documents\Stop The Bully_ Cures for the Bully Epid - King, Patricia.pdf
[2013/08/02 16:16:18 | 000,505,301 | ---- | C] () -- C:\Users\Mars\Documents\revivalglory.pdf
[2013/08/02 16:16:18 | 000,208,896 | ---- | C] () -- C:\Users\Mars\Documents\Rumors Of War.pdf
[2013/08/02 16:16:17 | 012,718,589 | ---- | C] () -- C:\Users\Mars\Documents\receive-prophecy-from-global-community.pdf
[2013/08/02 16:16:17 | 002,022,720 | ---- | C] () -- C:\Users\Mars\Documents\Praying-the-Scriptures-by-Judson-Cornwall.pdf
[2013/08/02 16:16:16 | 014,903,490 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Rout-Demons-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:16 | 007,315,656 | ---- | C] () -- C:\Users\Mars\Documents\Praying the Bible_ Pathway to Spirituali - Wesley Campbell.pdf
[2013/08/02 16:16:16 | 005,634,690 | ---- | C] () -- C:\Users\Mars\Documents\Praying the Bible Book of Prayers_ Prayi - Wesley Campbell;Stacey Campbell.pdf
[2013/08/02 16:16:16 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Bring-Healing-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:16 | 000,597,526 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-that-release-heaven-on-earth-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:15 | 001,423,221 | ---- | C] () -- C:\Users\Mars\Documents\Prayers that Move Mountains_ Powerful pr - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,962,358 | ---- | C] () -- C:\Users\Mars\Documents\Prayer in Another Dimension_ Discover th - Curran, Sue.pdf
[2013/08/02 16:16:15 | 000,856,732 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,815,664 | ---- | C] () -- C:\Users\Mars\Documents\Possessing Your Healing_ Taking Authorit - Bridges, Kynan.pdf
[2013/08/02 16:16:15 | 000,671,702 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Bring-Change-by-Kimberly-Daniels - Copy.pdf
[2013/08/02 16:16:15 | 000,623,374 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-that-activate-blessings-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:15 | 000,568,188 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Break Curses_ Prayers for b - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,568,188 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Break Curses_ Prayers for b - Eckhardt, John - Copy.pdf
[2013/08/02 16:16:15 | 000,321,239 | ---- | C] () -- C:\Users\Mars\Documents\parent-ver-sch-0-6yrsShotRecord.pdf
[2013/08/02 16:16:15 | 000,270,343 | ---- | C] () -- C:\Users\Mars\Documents\No_Fear_Here-Ebook.pdf
[2013/08/02 16:16:15 | 000,129,596 | ---- | C] () -- C:\Users\Mars\Documents\OvercomeBlocks and Hinder.pdf
[2013/08/02 16:16:14 | 026,180,435 | ---- | C] () -- C:\Users\Mars\Documents\NIV Women's Devotional Bible - Zondervan.pdf
[2013/08/02 16:16:13 | 002,532,688 | ---- | C] () -- C:\Users\Mars\Documents\My Time With God New Testament Devotions - Loth, Paul J_.pdf
[2013/08/02 16:16:13 | 002,389,847 | ---- | C] () -- C:\Users\Mars\Documents\May_2012_Newsletter.pdf
[2013/08/02 16:16:13 | 002,284,165 | ---- | C] () -- C:\Users\Mars\Documents\Limitless Love_ A 365-Day Devotional - Copeland, Gloria.pdf
[2013/08/02 16:16:13 | 002,283,780 | ---- | C] () -- C:\Users\Mars\Documents\Light Belongs in the Darkness_ Finding Y - King, Patricia.pdf
[2013/08/02 16:16:13 | 001,854,843 | ---- | C] () -- C:\Users\Mars\Documents\Mar12_news.pdf
[2013/08/02 16:16:13 | 001,709,859 | ---- | C] () -- C:\Users\Mars\Documents\My Time With God Old Testament Devotions - Loth, Paul J_.pdf
[2013/08/02 16:16:13 | 000,659,167 | ---- | C] () -- C:\Users\Mars\Documents\Living_In_Heavens_Blessing_Now.pdf
[2013/08/02 16:16:13 | 000,423,772 | ---- | C] () -- C:\Users\Mars\Documents\lawsofprosperity.pdf
[2013/08/02 16:16:13 | 000,278,805 | ---- | C] () -- C:\Users\Mars\Documents\keys-for-accelerated-change.pdf
[2013/08/02 16:16:13 | 000,173,811 | ---- | C] () -- C:\Users\Mars\Documents\LiveLongFinish_Online_Leaders_Guide.pdf
[2013/08/02 16:16:12 | 002,325,965 | ---- | C] () -- C:\Users\Mars\Documents\Jesus Calling_ 365 Devotions For Kids_ T - Young, Sarah.pdf
[2013/08/02 16:16:12 | 001,809,200 | ---- | C] () -- C:\Users\Mars\Documents\Jesus Calling_ Enjoying Peace in His Pre - Young, Sarah.pdf
[2013/08/02 16:16:12 | 000,743,668 | ---- | C] () -- C:\Users\Mars\Documents\Jerusalem.pdf
[2013/08/02 16:16:11 | 013,500,693 | ---- | C] () -- C:\Users\Mars\Documents\IntheZoneEBOOK.pdf
[2013/08/02 16:16:11 | 013,500,693 | ---- | C] () -- C:\Users\Mars\Documents\IntheZoneEBOOK - Copy.pdf
[2013/08/02 16:16:11 | 001,063,451 | ---- | C] () -- C:\Users\Mars\Documents\how-to-train-your-imagination-youhub.pdf
[2013/08/02 16:16:11 | 000,210,112 | ---- | C] () -- C:\Users\Mars\Documents\How-to-Receive-Revelation-Knowledge.pdf
[2013/08/02 16:16:10 | 013,109,628 | ---- | C] () -- C:\Users\Mars\Documents\how-to-prophesy-in-boldness.pdf
[2013/08/02 16:16:10 | 010,421,154 | ---- | C] () -- C:\Users\Mars\Documents\how-to-go-into-heavely-realms.pdf
[2013/08/02 16:16:10 | 002,620,410 | ---- | C] () -- C:\Users\Mars\Documents\-How-to-Meditate-God-s-Word-Dennis-Burke.pdf
[2013/08/02 16:16:09 | 016,681,705 | ---- | C] () -- C:\Users\Mars\Documents\how-to-be-appointed-as-a-prophet-to-the-nations.pdf
[2013/08/02 16:16:09 | 016,602,410 | ---- | C] () -- C:\Users\Mars\Documents\how-to-encounter-jesus-face-to-face.pdf
[2013/08/02 16:16:08 | 006,056,505 | ---- | C] () -- C:\Users\Mars\Documents\Help_God_Im_Broke_Ebook.pdf
[2013/08/02 16:16:08 | 002,761,154 | ---- | C] () -- C:\Users\Mars\Documents\Holiness Day by Day_ Transformational Th - Jerry Bridges.pdf
[2013/08/02 16:16:08 | 002,536,466 | ---- | C] () -- C:\Users\Mars\Documents\How to Experience God.pdf
[2013/08/02 16:16:08 | 001,245,148 | ---- | C] () -- C:\Users\Mars\Documents\Holy Habits_ A Woman's Guide to Intentio - Wilson, Marilyn.pdf
[2013/08/02 16:16:08 | 001,222,329 | ---- | C] () -- C:\Users\Mars\Documents\How To Walk In The Supernatural Power Of - Maldonado, Guillermo.pdf
[2013/08/02 16:16:08 | 000,246,310 | ---- | C] () -- C:\Users\Mars\Documents\How To Study the Bible.pdf
[2013/08/02 16:16:07 | 006,056,505 | ---- | C] () -- C:\Users\Mars\Documents\Help_God_Im_Broke_Ebook - Copy.pdf
[2013/08/02 16:16:07 | 002,873,392 | ---- | C] () -- C:\Users\Mars\Documents\God's Word in My Heart - Loth, Paul J_.pdf
[2013/08/02 16:16:07 | 001,296,563 | ---- | C] () -- C:\Users\Mars\Documents\Handle with Prayer_ Unwrap the Source of - Stanley, Charles.pdf
[2013/08/02 16:16:07 | 000,882,455 | ---- | C] () -- C:\Users\Mars\Documents\God's Supernatural Power - Conner, Bobby.pdf
[2013/08/02 16:16:07 | 000,877,773 | ---- | C] () -- C:\Users\Mars\Documents\Healing The Whole Man Handbook - Hunter, Joan.pdf
[2013/08/02 16:16:07 | 000,185,300 | ---- | C] () -- C:\Users\Mars\Documents\Healing_Scriptures.pdf
[2013/08/02 16:16:07 | 000,185,300 | ---- | C] () -- C:\Users\Mars\Documents\Healing_Scriptures - Copy.pdf
[2013/08/02 16:16:07 | 000,017,082 | ---- | C] () -- C:\Users\Mars\Documents\Having Ears to Hear Study Notes.pdf
[2013/08/02 16:16:06 | 003,598,351 | ---- | C] () -- C:\Users\Mars\Documents\God Takes Care of Me (First Steps Devoti - Loth, Paul J_.pdf
[2013/08/02 16:16:06 | 003,080,563 | ---- | C] () -- C:\Users\Mars\Documents\Glory.pdf
[2013/08/02 16:16:06 | 002,996,838 | ---- | C] () -- C:\Users\Mars\Documents\God's Plan For Our Success Nehemiah's Way(1).pdf
[2013/08/02 16:16:06 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\Godly Success - Copy.pdf
[2013/08/02 16:16:06 | 001,181,232 | ---- | C] () -- C:\Users\Mars\Documents\God, You've Got Mail_ 15 Keys to Abundan - Crawford, Danette.pdf
[2013/08/02 16:16:06 | 001,110,946 | ---- | C] () -- C:\Users\Mars\Documents\Glory Of God_ Experience a Supernatural - Maldonado, Guillermo.pdf
[2013/08/02 16:16:06 | 000,937,359 | ---- | C] () -- C:\Users\Mars\Documents\God's Promises for Your Every Need_ 25th - Nelson, Thomas.pdf
[2013/08/02 16:16:05 | 003,851,162 | ---- | C] () -- C:\Users\Mars\Documents\Finding Father - Jones, A.J_.pdf
[2013/08/02 16:16:05 | 003,764,624 | ---- | C] () -- C:\Users\Mars\Documents\First Steps Devotions for Families with - Loth, Paul J_.pdf
[2013/08/02 16:16:05 | 000,990,017 | ---- | C] () -- C:\Users\Mars\Documents\Fasting and Prayer_ God's Nuclear Power - Brooks, Steven.pdf
[2013/08/02 16:16:05 | 000,524,374 | ---- | C] () -- C:\Users\Mars\Documents\Faith_and_Patience.pdf
[2013/08/02 16:16:05 | 000,524,374 | ---- | C] () -- C:\Users\Mars\Documents\Faith_and_Patience(1).pdf
[2013/08/02 16:16:05 | 000,176,810 | ---- | C] () -- C:\Users\Mars\Documents\FreedomFromFear.pdf
[2013/08/02 16:16:05 | 000,031,288 | ---- | C] () -- C:\Users\Mars\Documents\fatherloveLett.pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\EyesOf Honor9780768488296.pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\EyesOf Honor 9780768488296(1).pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\Eyes Of Honor Copy.pdf
[2013/08/02 16:16:04 | 001,395,618 | ---- | C] () -- C:\Users\Mars\Documents\faith By faith By Ken and Gloria Copeland.pdf
[2013/08/02 16:16:04 | 001,112,949 | ---- | C] () -- C:\Users\Mars\Documents\Experiencing the Heavenly Realm_ Keys to - Franklin, Judy.pdf
[2013/08/02 16:16:03 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Documents\EbookGreaterThings_Complete.pdf
[2013/08/02 16:16:03 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Documents\EbookGreaterThings_Complete - Copy.pdf
[2013/08/02 16:16:03 | 002,082,866 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee.pdf
[2013/08/02 16:16:03 | 002,082,866 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee - Copy.pdf
[2013/08/02 16:16:03 | 002,029,399 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee1.pdf
[2013/08/02 16:16:02 | 008,326,262 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges1.pdf
[2013/08/02 16:16:02 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF1.pdf
[2013/08/02 16:16:02 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF1 - Copy.pdf
[2013/08/02 16:16:02 | 002,180,860 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF.pdf
[2013/08/02 16:16:02 | 002,180,860 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF - Copy.pdf
[2013/08/02 16:16:01 | 008,425,022 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges.pdf
[2013/08/02 16:16:01 | 008,425,022 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges - Copy.pdf
[2013/08/02 16:16:01 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld.pdf
[2013/08/02 16:16:00 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-122LoveLetters.pdf
[2013/08/02 16:16:00 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld(1).pdf
[2013/08/02 16:16:00 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld - Copy.pdf
[2013/08/02 16:15:59 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-122LoveLetters - Copy.pdf
[2013/08/02 16:15:59 | 004,474,754 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-12FACTSaboutTONGES.pdf
[2013/08/02 16:15:59 | 004,474,754 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-12FACTSaboutTONGES(1).pdf
[2013/08/02 16:15:58 | 010,038,457 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_DecreesInspiredByThePsalms.pdf
[2013/08/02 16:15:58 | 005,927,766 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_alignedheaven.pdf
[2013/08/02 16:15:58 | 005,927,766 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_alignedheaven - Copy.pdf
[2013/08/02 16:15:58 | 001,116,084 | ---- | C] () -- C:\Users\Mars\Documents\Developing a Supernatural Lifestyle_ A P - Vallotton, Kris.pdf
[2013/08/02 16:15:58 | 000,540,825 | ---- | C] () -- C:\Users\Mars\Documents\dream_big.pdf
[2013/08/02 16:15:58 | 000,054,644 | ---- | C] () -- C:\Users\Mars\Documents\DHMH K12 Immunz Requirments.pdf
[2013/08/02 16:15:57 | 007,159,992 | ---- | C] () -- C:\Users\Mars\Documents\Decree_EBOOK.pdf
[2013/08/02 16:15:57 | 004,638,161 | ---- | C] () -- C:\Users\Mars\Documents\Designed for Devotion_ A 365-Day Journey - Matthews, Dianne Neal.pdf
[2013/08/02 16:15:57 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\Define Your Destiny Through Prayer - Copy.pdf
[2013/08/02 16:15:57 | 003,653,178 | ---- | C] () -- C:\Users\Mars\Documents\Dare to Believe - Copy.pdf
[2013/08/02 16:15:56 | 002,419,687 | ---- | C] () -- C:\Users\Mars\Documents\Born To Create supernatural in your Destiny 9780768488180.pdf
[2013/08/02 16:15:56 | 002,419,687 | ---- | C] () -- C:\Users\Mars\Documents\Born To Create Copy.pdf
[2013/08/02 16:15:56 | 001,817,050 | ---- | C] () -- C:\Users\Mars\Documents\Dancing with Angels 2_ The Role of the H - Basconi, Kevin.pdf
[2013/08/02 16:15:56 | 001,625,025 | ---- | C] () -- C:\Users\Mars\Documents\Dancing with Angels_ How You Can Work Wi - Basconi, Kevin.pdf
[2013/08/02 16:15:56 | 000,596,704 | ---- | C] () -- C:\Users\Mars\Documents\Daily Scripture Reading and Meditation_ - Coleman, Gloria.pdf
[2013/08/02 16:15:56 | 000,414,901 | ---- | C] () -- C:\Users\Mars\Documents\Build your Financial Fountain.pdf
[2013/08/02 16:15:56 | 000,154,441 | ---- | C] () -- C:\Users\Mars\Documents\blessing_for_your_children.pdf
[2013/08/02 16:15:56 | 000,046,170 | ---- | C] () -- C:\Users\Mars\Documents\Christian-Dream-Interpretation.pdf
[2013/08/02 16:15:55 | 008,775,700 | ---- | C] () -- C:\Users\Mars\Documents\Big Book of All-Time Favorite Bible Stor - Beers, V. Gilbert.pdf
[2013/08/02 16:15:55 | 007,732,188 | ---- | C] () -- C:\Users\Mars\Documents\Becoming a Prayer Warrior_ A Guide to Ef - Beth Alves.pdf
[2013/08/02 16:15:55 | 004,517,247 | ---- | C] () -- C:\Users\Mars\Documents\BibleNewInternationalVersionPDF.pdf
[2013/08/02 16:15:54 | 033,801,943 | ---- | C] () -- C:\Users\Mars\Documents\april 12 d.pdf
[2013/08/02 16:15:53 | 018,326,783 | ---- | C] () -- C:\Users\Mars\Documents\angels-visitations-the-audible-voice-of-the-lord.pdf
[2013/08/02 16:15:53 | 003,120,630 | ---- | C] () -- C:\Users\Mars\Documents\Angels In The Realm Of Heaven.pdf
[2013/08/02 16:15:53 | 001,876,706 | ---- | C] () -- C:\Users\Mars\Documents\Another10DaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:52 | 007,817,312 | ---- | C] () -- C:\Users\Mars\Documents\amp.pdf
[2013/08/02 16:15:52 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\9780768488081(1) Define Your Destiny Through Prayer.pdf
[2013/08/02 16:15:52 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\9780768488081 Define Your Destiny Through Prayer.pdf
[2013/08/02 16:15:52 | 001,619,354 | ---- | C] () -- C:\Users\Mars\Documents\A Book of Prayer - Omartian, Stormie.pdf
[2013/08/02 16:15:52 | 000,903,620 | ---- | C] () -- C:\Users\Mars\Documents\A Divine Revelation of Spiritual Warfare - T. L., Lowery.pdf
[2013/08/02 16:15:51 | 002,922,114 | ---- | C] () -- C:\Users\Mars\Documents\9780768487886 Open Heaven the Secret Power of Door Keeper.pdf
[2013/08/02 16:15:51 | 002,912,477 | ---- | C] () -- C:\Users\Mars\Documents\9780768484991.pdf
[2013/08/02 16:15:51 | 002,912,477 | ---- | C] () -- C:\Users\Mars\Documents\9780768484991 (1).pdf
[2013/08/02 16:15:51 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\9780768441420(1)The Life Giver.pdf
[2013/08/02 16:15:51 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\9780768441420 The Life Giver.pdf
[2013/08/02 16:15:51 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\9780768441260Godly Success.pdf
[2013/08/02 16:15:51 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\9780768441260(1)Godly Success.pdf
[2013/08/02 16:15:50 | 003,682,261 | ---- | C] () -- C:\Users\Mars\Documents\118418399-Healing-Through-Spiritual-Warfare-Peggy-Scarborough.pdf
[2013/08/02 16:15:50 | 003,653,178 | ---- | C] () -- C:\Users\Mars\Documents\9780768440973(1)Dare to Believe.pdf
[2013/08/02 16:15:50 | 001,425,539 | ---- | C] () -- C:\Users\Mars\Documents\114021710-The-Holy-Spirit-and-His-Gifts-by-Kenneth-e-Hagin.pdf
[2013/08/02 16:15:50 | 000,532,515 | ---- | C] () -- C:\Users\Mars\Documents\114224646-You-Shall-Receive-Power-by-Derek-Prince.pdf
[2013/08/02 16:15:49 | 014,903,490 | ---- | C] () -- C:\Users\Mars\Documents\113857365-Prayers-That-Rout-Demons-John-Eckhardt.pdf
[2013/08/02 16:15:49 | 007,931,316 | ---- | C] () -- C:\Users\Mars\Documents\112491828-Commanding-Your-Morning-by-Cindy-Trimm.pdf
[2013/08/02 16:15:49 | 002,211,894 | ---- | C] () -- C:\Users\Mars\Documents\113777499-If-You-Need-Healing-Do-These-Things-by-Oral-Roberts.pdf
[2013/08/02 16:15:49 | 000,671,702 | ---- | C] () -- C:\Users\Mars\Documents\113857348-Prayers-That-Bring-Change-by-Kimberly-Daniels.pdf
[2013/08/02 16:15:48 | 004,016,750 | ---- | C] () -- C:\Users\Mars\Documents\103400447-Catching-the-Initiatives-of-Heaven-Dennis-Walker.pdf
[2013/08/02 16:15:48 | 003,535,743 | ---- | C] () -- C:\Users\Mars\Documents\89445266-Understanding-How-to-Fight-the-Good-Fight-of-Faith-Kenneth-Hagin.pdf
[2013/08/02 16:15:48 | 002,562,512 | ---- | C] () -- C:\Users\Mars\Documents\365 daysofhealing.pdf
[2013/08/02 16:15:48 | 000,862,066 | ---- | C] () -- C:\Users\Mars\Documents\82842139-The-Power-of-the-Blood-H-A-Maxwell-Whyte.pdf
[2013/08/02 16:15:48 | 000,739,457 | ---- | C] () -- C:\Users\Mars\Documents\110926966-How-To-Hear-From-God-Joyce-Meyer.pdf
[2013/08/02 16:15:48 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\95144332-Prayers-That-Bring-Healing-John-Eckhardt.pdf
[2013/08/02 16:15:48 | 000,623,374 | ---- | C] () -- C:\Users\Mars\Documents\102807258-Prayers-that-activate-blessings-John-Eckhardt.pdf
[2013/08/02 16:15:48 | 000,597,526 | ---- | C] () -- C:\Users\Mars\Documents\102807454-Prayers-that-release-heaven-on-earth-John-Eckhardt.pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF.pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF(1).pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF - Copy.pdf
[2013/08/02 16:15:47 | 001,157,263 | ---- | C] () -- C:\Users\Mars\Documents\65 Promises from God for Your Child_ Pow - Shreve, Mike.pdf
[2013/08/02 16:15:47 | 000,490,036 | ---- | C] () -- C:\Users\Mars\Documents\10MoreDaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:47 | 000,477,042 | ---- | C] () -- C:\Users\Mars\Documents\10DaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:47 | 000,412,963 | ---- | C] () -- C:\Users\Mars\Documents\31 Powerful Prayers - Guaranteed To Make - Coleman, Gloria.pdf
[2013/08/02 16:15:47 | 000,316,793 | ---- | C] () -- C:\Users\Mars\Documents\31 Powerful Prayers For Children - Guara - Coleman, Gloria.pdf
[2013/08/02 16:15:46 | 001,878,803 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of True Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,878,803 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of True Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 001,369,813 | ---- | C] () -- C:\Users\Mars\Documents\10 Marvelous Days of Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,369,813 | ---- | C] () -- C:\Users\Mars\Documents\10 Marvelous Days of Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 001,358,485 | ---- | C] () -- C:\Users\Mars\Documents\10 Awesome Days of Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,358,485 | ---- | C] () -- C:\Users\Mars\Documents\10 Awesome Days of Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 000,578,398 | ---- | C] () -- C:\Users\Mars\Documents\10 Glorious Days of Prosperity Series PG Study Notes PDF.pdf
[2013/08/02 16:15:46 | 000,558,701 | ---- | C] () -- C:\Users\Mars\Documents\10 More Extraordinary Days of Prosperity Series PG Study Notes.pdf
[2013/08/02 16:15:46 | 000,555,507 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of Kingdom Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 000,555,507 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of Kingdom Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 000,133,097 | ---- | C] () -- C:\Users\Mars\Documents\4-keys-lesson-5-remove-idols-from-heart.pdf
[2013/08/02 16:15:45 | 006,460,153 | ---- | C] () -- C:\Users\Mars\Documents\4 Keys to Hearing God's Voice - Virkler, Mark.pdf
[2013/08/02 16:15:45 | 003,260,110 | ---- | C] () -- C:\Users\Mars\Documents\1EyesOf Honor9780768488296.pdf
[2013/08/02 16:15:45 | 002,828,289 | ---- | C] () -- C:\Users\Mars\Documents\1God's Plan For Our Success Nehemiah's Way(1).pdf
[2013/08/02 16:15:45 | 002,541,657 | ---- | C] () -- C:\Users\Mars\Documents\1The Life Giver9780768441420.pdf
[2013/08/02 16:15:45 | 002,326,452 | ---- | C] () -- C:\Users\Mars\Documents\1Glory.pdf
[2013/08/02 16:15:45 | 001,823,215 | ---- | C] () -- C:\Users\Mars\Documents\1Godly Success9780768441260.pdf
[2013/08/02 16:15:44 | 007,277,220 | ---- | C] () -- C:\Users\Mars\Documents\1Decree_EBOOK.pdf
[2013/08/02 16:15:44 | 003,358,158 | ---- | C] () -- C:\Users\Mars\Documents\1 Understanding bible Mysteries.pdf
[2013/08/02 16:15:44 | 002,730,104 | ---- | C] () -- C:\Users\Mars\Documents\1 Psalm 91_ Real-Life Stories of God's Shi - Ruth, Peggy Joyce.pdf
[2013/08/02 16:15:44 | 002,714,763 | ---- | C] () -- C:\Users\Mars\Documents\1 The Frontier Boys 9780768488494.pdf
[2013/08/02 16:15:44 | 001,404,688 | ---- | C] () -- C:\Users\Mars\Documents\1 The-Holy-Spirit-and-His-Gifts-by-Kenneth-e-Hagin - Copy.pdf
[2013/08/02 16:15:44 | 000,671,054 | ---- | C] () -- C:\Users\Mars\Documents\1Commanding Your Morning_ Unleashing the - Trimm, Cindy.pdf
[2013/08/02 16:15:44 | 000,319,813 | ---- | C] () -- C:\Users\Mars\Documents\1Decree - Third Edition.pdf
[2013/08/02 16:15:43 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK.pdf
[2013/08/02 16:15:43 | 001,788,411 | ---- | C] () -- C:\Users\Mars\Documents\1 Jesus Calling_ Enjoying Peace in His Pre - Young, Sarah.pdf
[2013/08/02 16:15:43 | 001,423,221 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers that Move Mountains_ Powerful pr - Eckhardt, John - Copy.pdf
[2013/08/02 16:15:43 | 000,838,129 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/08/02 16:15:43 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers-That-Bring-Healing-John-Eckhardt - Copy - Copy.pdf
[2013/08/02 16:15:43 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers-That-Bring-Healing-John-Eckhardt - Copy - Copy - Copy.pdf
[2013/08/02 16:15:42 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK - Copy.pdf
[2013/08/02 16:15:41 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK - Copy (2).pdf
[2013/08/02 16:15:41 | 005,929,955 | ---- | C] () -- C:\Users\Mars\Documents\1 Help_God_Im_Broke_Ebook.pdf
[2013/08/02 16:15:41 | 005,929,955 | ---- | C] () -- C:\Users\Mars\Documents\1 Help_God_Im_Broke_Ebook - Copy.pdf
[2013/08/02 16:15:40 | 004,208,918 | ---- | C] () -- C:\Users\Mars\Documents\1 Define Your Destiny Through Prayer 9780768488081.pdf
[2013/08/02 16:15:40 | 002,996,770 | ---- | C] () -- C:\Users\Mars\Documents\1 Ebook-CreateYourWorld.pdf
[2013/08/02 16:15:40 | 002,996,770 | ---- | C] () -- C:\Users\Mars\Documents\1 Ebook-CreateYourWorld - Copy.pdf
[2013/08/02 16:15:40 | 002,423,804 | ---- | C] () -- C:\Users\Mars\Documents\1 The Voice How We Can Participate How We should Respond.pdf
[2013/08/02 16:15:40 | 000,951,027 | ---- | C] () -- C:\Users\Mars\Documents\1 Spiritual Revolution_ Experience the Sup - King, Patricia.pdf
[2013/08/02 16:15:40 | 000,571,803 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers That Break Curses_ Prayers for b - Eckhardt, John.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF - Copy.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF - Copy (2).pdf
[2013/08/02 16:15:39 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(2)Dare to Believe1 - Copy.pdf
[2013/08/02 16:15:39 | 000,190,616 | ---- | C] () -- C:\Users\Mars\Documents\0-6yrs-schedule-pr.pdf
[2013/08/02 16:15:38 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(1)Dare to Believe1.pdf
[2013/08/02 16:15:38 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(1)Dare to Believe1 - Copy.pdf
[2013/08/02 16:15:38 | 002,870,609 | ---- | C] () -- C:\Users\Mars\Documents\(1)Open Heaven the Secret Power of Door Keeper 9780768487886.pdf
[2013/08/02 16:15:38 | 002,570,714 | ---- | C] () -- C:\Users\Mars\Documents\(1)Born To Create supernatural in your Destiny1.pdf
[2013/08/02 16:15:37 | 005,816,617 | ---- | C] () -- C:\Users\Mars\Documents\(1)4 Keys to Hearing God's Voice - Virkler, Mark.pdf
[2013/08/02 16:15:37 | 000,636,167 | ---- | C] () -- C:\Users\Mars\Documents\(1) 20120709-Calendar-English-FINAL.pdf
[2013/08/02 16:15:37 | 000,409,396 | ---- | C] () -- C:\Users\Mars\Documents\You-Can-Hear-God's-Voice.pdf
[2013/08/02 16:15:37 | 000,176,873 | ---- | C] () -- C:\Users\Mars\Documents\welcomefamily.pdf
[2013/08/02 16:15:37 | 000,095,541 | ---- | C] () -- C:\Users\Mars\Documents\weight petition.pdf
[2013/08/02 01:10:16 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8271c96-c82f-4c9e-af98-08c6300f2585.job
[2013/08/02 01:10:16 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6c3cdca8-ce8e-4736-bd73-56f9e5dcea2c.job
[2013/08/02 01:09:26 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/01 23:09:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 22:47:04 | 000,417,513 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:28 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:28 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/08/01 22:35:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 15:13:52 | 000,000,675 | ---- | C] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/30 01:46:25 | 000,000,289 | ---- | C] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/07/29 22:05:21 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:34:39 | 000,002,138 | ---- | C] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:34:39 | 000,002,136 | ---- | C] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:34:37 | 000,001,343 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2013/07/28 18:58:43 | 000,001,335 | ---- | C] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/28 18:58:43 | 000,001,139 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 15:49:09 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:32:32 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 02:01:20 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/07/23 01:58:40 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:52:49 | 000,000,017 | ---- | C] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:48:55 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013/07/23 01:47:08 | 000,015,762 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2013/07/23 01:34:02 | 2962,255,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/23 00:57:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/07/23 00:45:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/07/22 23:44:35 | 000,002,283 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:44:35 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/22 23:38:12 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 23:38:11 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 23:29:58 | 000,001,441 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:57 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Times Reader.lnk
[2013/07/22 23:24:18 | 000,000,290 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/22 23:24:18 | 000,000,272 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/07/22 23:24:17 | 000,001,417 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/31 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/08/02 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\FFP
[2013/07/28 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\OpenCandy
[2013/07/28 18:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/08/03 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TP
[2013/08/06 01:23:50 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/13 01:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/13 00:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JS >
[2010/08/16 15:07:26 | 000,018,674 | ---- | M] () MD5=7209830374F12E59D7802B687A5F0542 -- C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\HTML\js\services.js

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is 3850-0A0A
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mars
07/22/2013 11:24 PM <JUNCTION> Application Data [C:\Users\Mars\AppData\Roaming]
07/22/2013 11:24 PM <JUNCTION> Cookies [C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Cookies]
07/22/2013 11:24 PM <JUNCTION> Local Settings [C:\Users\Mars\AppData\Local]
07/22/2013 11:24 PM <JUNCTION> My Documents [C:\Users\Mars\Documents]
07/22/2013 11:24 PM <JUNCTION> NetHood [C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/22/2013 11:24 PM <JUNCTION> PrintHood [C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/22/2013 11:24 PM <JUNCTION> Recent [C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Recent]
07/22/2013 11:24 PM <JUNCTION> SendTo [C:\Users\Mars\AppData\Roaming\Microsoft\Windows\SendTo]
07/22/2013 11:24 PM <JUNCTION> Start Menu [C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu]
07/22/2013 11:24 PM <JUNCTION> Templates [C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mars\AppData\Local
07/22/2013 11:24 PM <JUNCTION> Application Data [C:\Users\Mars\AppData\Local]
07/22/2013 11:24 PM <JUNCTION> History [C:\Users\Mars\AppData\Local\Microsoft\Windows\History]
07/22/2013 11:24 PM <JUNCTION> Temporary Internet Files [C:\Users\Mars\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mars\AppData\LocalLow\Siber Systems\RoboForm
08/01/2013 10:37 PM <SYMLINKD> UserData [C:\Users\Mars\Documents\My Avast EasyPass Data\Default Profile]
0 File(s) 0 bytes
Directory of C:\Users\Mars\Documents
07/22/2013 11:24 PM <JUNCTION> My Music [C:\Users\Mars\Music]
07/22/2013 11:24 PM <JUNCTION> My Pictures [C:\Users\Mars\Pictures]
07/22/2013 11:24 PM <JUNCTION> My Videos [C:\Users\Mars\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 432,927,424,512 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: ST950032 5AS USB Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 18.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 19328401408
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 448.00GB
Starting Offset: 19433259008
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 18.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 19328401408
Hidden sectors: 0


DeviceID: Disk #1, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 448.00GB
Starting Offset: 19433259008
Hidden sectors: 0


< End of report >











Extras.txt Log

OTL Extras logfile created on: 8/6/2013 1:20:34 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 67.07% Memory free
7.36 Gb Paging File | 5.40 Gb Available in Paging File | 73.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 403.33 Gb Free Space | 90.10% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive F: | 447.66 Gb Total Space | 24.59 Gb Free Space | 5.49% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3905402568-11843471-3572921917-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018BF93A-8360-456A-9A06-1AF7F22A4FF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1994096C-CAB0-41FC-AF9B-768421CCBB47}" = rport=10243 | protocol=6 | dir=out | app=system |
"{450AF69E-DC94-4DAE-A724-A1C6AED5FAF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45DDDBDF-DF25-416A-A20B-D2DED40F50B4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{578E39D6-92FB-4FFB-9FAE-25904C9E8129}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BBFAB76-CDBD-44B3-BF89-3DF12F98F677}" = lport=10243 | protocol=6 | dir=in | app=system |
"{88EC4423-239D-4F14-8724-CB90A13C9083}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{99EF6830-9870-4E89-80BD-DBD8754CCD36}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA9C802F-F2BD-4774-9BA9-DFBC5C603644}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C4E1800A-5115-41CF-9049-18294CE25195}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E967346F-7F01-4F9B-9410-8A9E26F18EE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8638B-46DD-411C-8976-19B1DF50BA04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A7888FA-EF50-4DA9-A330-E8B4C1DE77A1}" = dir=in | app=c:\users\mars\appdata\local\torch\plugins\hola\hola_plugin.exe |
"{0C7F164E-1A46-4768-A209-4D05C652DFD0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{105D7E03-7D71-4702-B041-81879EC0B7DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B0C84E9-6072-4E56-9170-5A5B55143F9F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22771C85-6F3D-4ABA-9FE1-80861E171BE3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{38547F6F-314E-4EB1-9BAA-CA7D6932AD77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38AEB062-ED7A-4951-98D9-DF32A4957729}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{4441B1EE-DAA1-4A14-8559-E133129DB283}" = protocol=6 | dir=in | app=c:\users\mars\appdata\roaming\utorrent\utorrent.exe |
"{51624BF8-9FE6-4D45-BFB5-721F70B729A2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{555B20C1-DFEE-479D-BF12-A8B235FC9575}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56D6305C-B70D-4CB4-BBF2-7595E0824930}" = protocol=6 | dir=out | app=system |
"{58A03610-3E74-427C-8256-30E616E5FE33}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{58A777A4-0ECE-4D6E-825D-077A6A4606AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67EF7408-134E-43F6-9FC1-C8D31EC86583}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{68261AB4-A17B-4E69-ADA0-2FF2D610FA3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6922A3A8-BBBB-4FA6-B6E9-8601E5733D75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AED1A65-0157-49D8-8CD4-87CB5C266BB0}" = dir=in | app=c:\users\mars\appdata\local\torch\plugins\hola\hola_plugin_x64.exe |
"{742EAE0B-B3C8-4E0F-9821-CD9ADC5D7AA6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7491B564-329B-42BD-AA5E-56BA9DA021DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BBC050F-81C0-4735-89C4-BCCFBB676598}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{7E44C0E2-259A-4E4F-BD3B-BB17A6880ECA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9270C686-043E-4669-86D9-684F90529E6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9E3E443-98FB-475E-B4A3-78ADE2777606}" = protocol=17 | dir=in | app=c:\users\mars\appdata\roaming\utorrent\utorrent.exe |
"{B52A0F61-6028-4ABE-A4DD-53036C05C4F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B8C437FE-44D3-4C9C-BF37-90BBA1B946B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB204367-00B4-42EB-8AA8-19A4D915738C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD81D695-FBA6-46D7-BDBC-432B12EB863F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{C0DC918D-0524-46D5-A6C2-C7788443675C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D699384E-E48D-472B-A444-11D139ADC056}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA3B05C8-585E-4ADF-8F6B-798A67A37E7A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{F4D36208-1DA8-4431-AA08-D0ED7F1DC21C}" = dir=in | app=c:\users\mars\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{F546D0A2-D82A-4C02-A320-A33579E1775C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B652DD9C-F162-4B40-B38F-A1D0F866CAFA}" = calibre
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C47B36EC-0639-4462-A9CE-7809CF2F6100}" = ZoneAlarm Security
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4FB136D-2802-4578-A023-E7243BD0D7D5}" = ZoneAlarm Firewall
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AI RoboForm" = avast! EasyPass
"avast" = avast! Free Antivirus
"BN_DesktopReader" = NOOK for PC
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.2
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-036dc91c-3596-41cf-afb5-8fe9d76b3bfa" = Dora's World Adventure
"WTA-10f999da-3c38-4d87-99a6-08e748bc4ba3" = Zuma's Revenge
"WTA-2426fbc3-e9a4-4c29-a0e0-0e1d4e09dac2" = Chuzzle Deluxe
"WTA-307d684f-8bcc-4503-bd58-e0668db6dcee" = Bejeweled 2 Deluxe
"WTA-33f18576-3d19-4dd3-8aed-e5f1426eec54" = Torchlight
"WTA-3ad4add0-74f7-4427-af1c-b53fd4ae149e" = Poker Superstars III
"WTA-3aec2ce0-a643-49ae-8194-e6c66943a931" = Polar Golfer
"WTA-3fee7dc0-7906-4d83-af4b-9082669c7728" = Penguins!
"WTA-55a36a0e-cdb4-40e8-8991-ea915b04200d" = Virtual Villagers 4 - The Tree of Life
"WTA-5a6d223e-900a-444b-8c22-6305da7969cb" = Agatha Christie - 4:50 from Paddington
"WTA-6416da14-ff05-49d1-b29a-b02e570a0151" = Final Drive: Nitro
"WTA-7b109e19-a2a7-4b5e-89d9-97cd63d3c014" = Polar Bowler
"WTA-925d71b3-6eb9-4e84-832d-7508c57cde5c" = Mystery P.I. - Stolen in San Francisco
"WTA-acf2bd08-527f-443b-9b95-0fe1fe832281" = Build-a-lot 2
"WTA-b66be362-fd3d-4611-b53b-23a494960737" = Plants vs. Zombies - Game of the Year
"WTA-c31c13b2-3d44-43d5-a9d1-8506d541cea9" = Diner Dash 2 Restaurant Rescue
"WTA-dab7998f-5b94-454a-a1c2-5fc158365431" = Jewel Quest Heritage
"WTA-e550e22e-d07b-4a1b-8e1a-7f6d371cf0db" = FATE - The Traitor Soul
"WTA-f226e527-daaa-41cf-bc32-d211e6ba9153" = Namco All-Stars: PAC-MAN
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3905402568-11843471-3572921917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Torch" = Torch
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2013 1:52:26 AM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: dsiwmis.exe, version: 3.5.0.1938, time
stamp: 0x4d947521 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73536cdc Faulting process id: 0x5d0 Faulting application
start time: 0x01ce875a2f4b2a9a Faulting application path: C:\Program Files (x86)\Launch
Manager\dsiwmis.exe Faulting module path: unknown Report Id: 0cbf8c3b-f35c-11e2-9a5f-b870f4dd30d3

Error - 7/23/2013 1:52:27 AM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GREGsvc.exe, version: 1.0.0.1, time stamp:
0x4afbd2e4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73536cdc Faulting process id: 0x63c Faulting application
start time: 0x01ce875a3036d2d5 Faulting application path: C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
Faulting
module path: unknown Report Id: 0ddf92bc-f35c-11e2-9a5f-b870f4dd30d3

Error - 7/23/2013 1:52:29 AM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UpdaterService.exe, version: 1.2.3005.0,
time stamp: 0x4d464b65 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x73536cdc Faulting process id:
0x668 Faulting application start time: 0x01ce875a30bc1fe5 Faulting application path:
C:\Program Files\Acer\Acer Updater\UpdaterService.exe Faulting module path: unknown
Report
Id: 0ea06232-f35c-11e2-9a5f-b870f4dd30d3

Error - 7/23/2013 1:52:29 AM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LMS.exe, version: 6.0.40.1213, time stamp:
0x4b8ee3ba Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73536cdc Faulting process id: 0x6a8 Faulting application
start time: 0x01ce875a310d0eae Faulting application path: C:\Program Files (x86)\Intel\Intel®
Management Engine Components\LMS\LMS.exe Faulting module path: unknown Report Id:
0f06bd5e-f35c-11e2-9a5f-b870f4dd30d3

Error - 7/23/2013 1:52:30 AM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IScheduleSvc.exe, version: 3.0.0.85, time
stamp: 0x4d59ed0d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73536cdc Faulting process id: 0x748 Faulting application
start time: 0x01ce875a3228526e Faulting application path: C:\Program Files (x86)\NTI\Acer
Backup Manager\IScheduleSvc.exe Faulting module path: unknown Report Id: 0f5c6ee8-f35c-11e2-9a5f-b870f4dd30d3

Error - 7/23/2013 1:52:35 AM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IAStorDataMgrSvc.exe, version: 9.6.2.1001,
time stamp: 0x4bc4a166 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x73536cdc Faulting process id:
0xe70 Faulting application start time: 0x01ce875a812628fa Faulting application path:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting
module path: unknown Report Id: 12620e21-f35c-11e2-9a5f-b870f4dd30d3

Error - 7/23/2013 1:52:38 AM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UNS.exe, version: 6.0.40.1213, time stamp:
0x4b8ee429 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73536cdc Faulting process id: 0x10fc Faulting application
start time: 0x01ce875a834e683a Faulting application path: C:\Program Files (x86)\Intel\Intel®
Management Engine Components\UNS\UNS.exe Faulting module path: unknown Report Id:
146698bc-f35c-11e2-9a5f-b870f4dd30d3

Error - 7/23/2013 1:55:10 AM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 2:22:49 AM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 9:56:14 AM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/2/2013 8:23:45 PM | Computer Name = Mars-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A628AEC7-B29E-4539-B31B-F5752705852B}
because another computer on the network has the same name. The server could not
start.

Error - 8/2/2013 8:23:45 PM | Computer Name = Mars-PC | Source = NetBT | ID = 4321
Description = The name "MARS-PC :0" could not be registered on the interface
with IP address 192.168.1.30. The computer with the IP address 192.168.1.40 did
not allow the name to be claimed by this computer.

Error - 8/2/2013 8:23:45 PM | Computer Name = Mars-PC | Source = NetBT | ID = 4321
Description = The name "MARS-PC :20" could not be registered on the interface
with IP address 192.168.1.30. The computer with the IP address 192.168.1.40 did
not allow the name to be claimed by this computer.

Error - 8/3/2013 1:13:35 PM | Computer Name = Mars-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm
Privacy Service service to connect.

Error - 8/3/2013 1:13:35 PM | Computer Name = Mars-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Privacy Service service failed to start due to the following
error: %%1053

Error - 8/3/2013 9:47:32 PM | Computer Name = Mars-PC | Source = volsnap | ID = 393245
Description = The shadow copies of volume F: were aborted during detection.

Error - 8/4/2013 12:22:06 AM | Computer Name = Mars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 8/4/2013 12:22:07 AM | Computer Name = Mars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 8/4/2013 12:22:08 AM | Computer Name = Mars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 8/4/2013 12:22:09 AM | Computer Name = Mars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.


< End of report >
  • 0

#6
godawgs
Posted 06 August 2013 - 12:07 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Ayame12,

I don't really see any malware in the logs. Let's run some additional scans and try some system maintenance.

Did these problems start around the time you installed the ZoneAlarm firewall?

Have you recently upgraded Windows or reinstalled Windows on this computer?

You have a Peer-to-Peer program on the system.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

You can uninstall uTorrent through the Programs item in Control Panel. If you need help just let me know.

I want you to disable the real time feature of SurerAntiSpyware so it doesn't interfere with our scans or removals. To do that:
  • Double click on the SUPERantispyware icon in the system tray, to access the main menu.
  • Click on the Preferences button.
  • Go to the General and Startup tab.
  • In the "Start-Up Options" section, uncheck the box next to Start SupreAntiSpyware when Windows starts[/b].
  • A small warning prompt will be displayed, click on Yes to proceed.


Step-1.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users:) Right click the adwcleaner.exe file and click Run as administrator, then accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.

Disable any screen saver you might have running before the next step.


Step-3.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-4

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above.
2. The AdwCleaner[S1].txt log
3. The JRT.txt log
3. The MalwareBytes log
  • 0

#7
Ayame12
Posted 09 August 2013 - 03:46 AM

Ayame12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
1. I recently Reinstalled Windows within the hard drive because i was not able to connect to the internet. I need to Check for virus, spyware and etc from my external hard drive. My External Hard Drive(F:) came from previous laptop which is fried now but my hard drive works. So all the problems came from external drive(F:) when my laptop was working.




I'm Sorry for not posting the logs yet.I have trouble finding directions to disable the ZoneAlarm firewall. can you direct me please.

Thank you so much of your time.
  • 0

#8
godawgs
Posted 09 August 2013 - 10:31 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Click here and follow the instructions for the Zone Alarm firewall.

Then complete the directions in my post #6. If you leave the external hard drive plugged in during the MalwareBytes scan it will check it. If the external drives have a lot of info on them the scan may take a long time.
After you complete the Steps in Post #6 please get me a fresh OTL quick scan. To do that:

Open OTL again and press the Quick Scan button. Then post the OTL.txt log along with the other logs.
  • 0

#9
Ayame12
Posted 10 August 2013 - 04:45 AM

Ayame12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
One of the Application remove my torch browser and my video converter can you help me restore it back.

1. AdwCleaner[S1]


# AdwCleaner v2.306 - Logfile created 08/10/2013 at 01:56:08
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mars - MARS-PC
# Boot Mode : Normal
# Running from : C:\Users\Mars\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Users\Mars\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [873 octets] - [10/08/2013 01:56:08]

########## EOF - C:\AdwCleaner[S1].txt - [932 octets] ##########


2.JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by Mars on Sat 08/10/2013 at 2:04:24.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Users\Mars\appdata\local\torch"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Mars\appdata\local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/10/2013 at 2:11:39.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


3.MBAM Log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Mars :: MARS-PC [administrator]

Protection: Enabled

8/10/2013 2:29:39 AM
MBAM-log-2013-08-10 (06-22-04).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 472693
Time elapsed: 1 hour(s), 34 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
F:\Users\Mars\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> No action taken.
F:\Users\Mars\Mars\GOMPLAYERENSETUP.EXE (PUP.Optional.AskToolbar) -> No action taken.
F:\Users\Mars\Mars 5\windows.7.codec.pack.v4.0.4.setup.exe (PUP.Dealio.TB) -> No action taken.
F:\Users\Mars\Mars Extra\Marsha\GOMPLAYERENSETUP.EXE (PUP.Optional.AskToolbar) -> No action taken.

(end)



OTL.log

OTL logfile created on: 8/10/2013 6:34:56 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 53.81% Memory free
7.36 Gb Paging File | 5.20 Gb Available in Paging File | 70.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 399.96 Gb Free Space | 89.34% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive F: | 447.66 Gb Total Space | 24.12 Gb Free Space | 5.39% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/02 14:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
PRC - [2013/08/01 22:36:51 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/31 08:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/31 08:38:36 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/31 08:38:34 | 001,092,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 19:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 22:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 19:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 19:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/28 18:04:59 | 000,057,344 | ---- | M] () -- C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
MOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 20:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 20:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/23 20:56:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/23 20:56:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/23 20:56:46 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45e4072bdc78b50abd6a5f28386e8153\IAStorUtil.ni.dll
MOD - [2013/07/23 20:56:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/23 20:56:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/23 20:56:30 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\bda7430e393758ce03bd26509f5a8762\System.Xml.ni.dll
MOD - [2013/07/23 20:56:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/23 20:56:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/23 20:56:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/01 23:09:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/23 01:49:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/01 22:35:59 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/19 00:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/19 00:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/19 00:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/17 05:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/08 06:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/21 21:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 19:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/09/17 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mars\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/23 23:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/07/28 18:04:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...rc=IE-SearchBox
CHR - default_search_provider: suggest_url = http://api.bing.com/...=U019&dt=072813
CHR - homepage: http://www.msn.com/?...19DHP&dt=072813
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\
CHR - Extension: avast! Online Security = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Freemake Video Converter = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mars\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A628AEC7-B29E-4539-B31B-F5752705852B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/10 06:27:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\Grace Williams Deep Waters
[2013/08/10 03:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/08/10 03:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/08/10 03:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/08/10 02:16:20 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Malwarebytes
[2013/08/10 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/10 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/10 02:16:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/10 02:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/10 02:04:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/09 22:59:26 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Facebook
[2013/08/09 20:16:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Windows Live Writer
[2013/08/09 20:16:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live Writer
[2013/08/09 04:44:12 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mars\Desktop\mbam-setup.exe
[2013/08/08 23:05:02 | 000,957,230 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Mars\Desktop\JRT.exe
[2013/08/08 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\vlc
[2013/08/08 19:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/08 19:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/08/08 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Solid State Networks
[2013/08/05 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\uTorrent
[2013/08/03 21:14:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mars\Desktop\aswMBR.exe
[2013/08/02 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\FFP
[2013/08/02 14:57:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/08/02 01:09:46 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/02 01:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/02 01:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/02 01:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/01 23:09:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/01 22:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/08/01 22:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013/08/01 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
[2013/08/01 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Avast EasyPass Data
[2013/08/01 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2013/08/01 22:35:32 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:32 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/08/01 22:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/01 22:35:31 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/08/01 22:35:31 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/08/01 22:35:30 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:27 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/08/01 22:35:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/08/01 22:34:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/01 22:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/01 22:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/29 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Calibre Library
[2013/07/29 22:06:49 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/07/28 18:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler
[2013/07/28 18:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/07/28 18:58:43 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
[2013/07/28 18:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Torch
[2013/07/28 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\FreemakeVideoConverter
[2013/07/28 18:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Freemake
[2013/07/28 18:04:36 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/07/28 18:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/07/28 17:58:08 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Programs
[2013/07/23 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TP
[2013/07/23 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe_Systems_Incorporate
[2013/07/23 14:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/07/23 14:40:30 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Digital Editions
[2013/07/23 11:11:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/23 02:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/07/23 02:31:05 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013/07/23 02:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Youcam
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/07/23 01:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2013/07/23 01:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2013/07/23 01:58:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2013/07/23 01:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2013/07/23 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/07/23 01:51:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
[2013/07/23 01:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NTI Launcher
[2013/07/23 01:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
[2013/07/23 01:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/07/23 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013/07/23 01:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/07/23 01:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
[2013/07/23 01:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/07/23 01:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/07/23 01:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/07/23 01:38:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/07/23 01:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2013/07/23 01:37:32 | 000,000,000 | ---D | C] -- C:\book
[2013/07/23 01:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2013/07/23 01:34:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/23 00:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\clear.fi
[2013/07/22 23:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/22 23:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/22 23:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Google
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Deployment
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Apps
[2013/07/22 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\EgisTec IPS
[2013/07/22 23:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/07/22 23:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/07/22 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Times Reader
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\CyberLink
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Acer
[2013/07/22 23:24:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\PowerCinema
[2013/07/22 23:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection
[2013/07/22 23:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\VirtualStore
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Temporary Internet Files
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Templates
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Start Menu
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\SendTo
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Recent
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\PrintHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\NetHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Videos
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Pictures
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Music
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\My Documents
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Local Settings
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\History
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Cookies
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Application Data
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Application Data
[2013/07/22 23:24:17 | 000,000,000 | --SD | C] -- C:\Users\Mars\AppData\Roaming\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Videos
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Searches
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Saved Games
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Pictures
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Music
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Links
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Favorites
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Downloads
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Documents
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Desktop
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Contacts
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\AppData
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Temp
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Macromedia
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Intel Corporation
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\InstallShield
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Identities
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Downloaded Installations
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Adobe
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe
[2013/07/22 23:24:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/10 06:34:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/10 06:34:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/10 06:32:08 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/10 06:31:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/10 06:31:24 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/10 06:18:24 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/10 06:18:24 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/10 06:18:24 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/10 06:16:54 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000UA.job
[2013/08/10 06:16:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/10 06:16:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/10 02:16:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/10 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8271c96-c82f-4c9e-af98-08c6300f2585.job
[2013/08/10 01:10:03 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6c3cdca8-ce8e-4736-bd73-56f9e5dcea2c.job
[2013/08/09 23:04:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000Core.job
[2013/08/09 06:28:14 | 000,000,530 | ---- | M] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/08/09 05:43:29 | 000,007,973 | ---- | M] () -- C:\Users\Mars\Documents\instructions geeks.rtf
[2013/08/09 05:00:21 | 000,000,549 | ---- | M] () -- C:\Users\Mars\Documents\geekstogo.rtf
[2013/08/09 04:46:21 | 010,284,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mars\Desktop\mbam-setup.exe
[2013/08/08 23:06:05 | 000,957,230 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Mars\Desktop\JRT.exe
[2013/08/08 21:44:59 | 000,666,633 | ---- | M] () -- C:\Users\Mars\Desktop\adwcleaner.exe
[2013/08/08 19:20:25 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/08 14:28:12 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/08/08 01:02:55 | 000,001,592 | ---- | M] () -- C:\Users\Mars\Documents\Document1.rtf
[2013/08/06 01:14:18 | 000,001,037 | ---- | M] () -- C:\Users\Mars\Documents\instruction to finish scan.rtf
[2013/08/03 21:57:08 | 000,000,512 | ---- | M] () -- C:\Users\Mars\Desktop\MBR.dat
[2013/08/03 21:39:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mars\Desktop\aswMBR.exe
[2013/08/03 13:53:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/08/02 14:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/08/02 01:09:26 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/01 22:47:52 | 000,417,513 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:59 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 15:13:52 | 000,000,675 | ---- | M] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/31 06:21:13 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/29 22:44:09 | 001,216,579 | ---- | M] () -- C:\Users\Mars\Desktop\A Touch From Heaven - Neal Pylant.pdf
[2013/07/29 22:05:21 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:35:04 | 000,002,138 | ---- | M] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:35:04 | 000,002,136 | ---- | M] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:35:04 | 000,001,335 | ---- | M] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/29 10:34:39 | 000,001,139 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 15:49:09 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:31:05 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 01:58:40 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:54:16 | 000,282,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/23 01:52:49 | 000,000,017 | ---- | M] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:47:08 | 000,015,762 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013/07/23 00:08:30 | 000,002,283 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:29:58 | 000,001,441 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Times Reader.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/10 06:36:30 | 008,326,262 | ---- | C] () -- C:\Users\Mars\Desktop\EBOOKDominion-Surges1.pdf
[2013/08/10 06:36:30 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Desktop\EbookGreaterThings_Complete - Copy.pdf
[2013/08/10 06:36:30 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Desktop\ebookearsthathear PDF1.pdf
[2013/08/10 06:36:30 | 002,029,399 | ---- | C] () -- C:\Users\Mars\Desktop\ebookeyes_thatsee1.pdf
[2013/08/10 06:36:29 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Desktop\Ebook-122LoveLetters.pdf
[2013/08/10 06:36:29 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Desktop\Ebook-CreateYourWorld - Copy.pdf
[2013/08/10 02:16:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/09 22:59:41 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000UA.job
[2013/08/09 22:59:41 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000Core.job
[2013/08/09 05:43:29 | 000,007,973 | ---- | C] () -- C:\Users\Mars\Documents\instructions geeks.rtf
[2013/08/09 04:42:12 | 000,000,549 | ---- | C] () -- C:\Users\Mars\Documents\geekstogo.rtf
[2013/08/08 21:44:50 | 000,666,633 | ---- | C] () -- C:\Users\Mars\Desktop\adwcleaner.exe
[2013/08/08 19:20:25 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/08 18:43:28 | 001,216,579 | ---- | C] () -- C:\Users\Mars\Desktop\A Touch From Heaven - Neal Pylant.pdf
[2013/08/08 06:45:40 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/08/08 01:02:55 | 000,001,592 | ---- | C] () -- C:\Users\Mars\Documents\Document1.rtf
[2013/08/06 01:14:03 | 000,001,037 | ---- | C] () -- C:\Users\Mars\Documents\instruction to finish scan.rtf
[2013/08/04 01:37:09 | 005,554,323 | ---- | C] () -- C:\Users\Mars\Desktop\Christ the Healer By FF Bosworth.pdf
[2013/08/04 01:36:05 | 001,692,820 | ---- | C] () -- C:\Users\Mars\Desktop\Cant You Talk Louder God.pdf
[2013/08/04 01:34:46 | 000,929,060 | ---- | C] () -- C:\Users\Mars\Desktop\BIBLICAL_MEDITATIONedited[etowns].pdf
[2013/08/04 01:30:32 | 012,998,003 | ---- | C] () -- C:\Users\Mars\Desktop\54-the_amazing_results_of_positivethinking.pdf
[2013/08/04 01:26:36 | 002,454,607 | ---- | C] () -- C:\Users\Mars\Desktop\THE PROPHET'S DICTIONARY by Paula A Price.pdf
[2013/08/04 01:26:14 | 012,939,786 | ---- | C] () -- C:\Users\Mars\Desktop\SMITH WIGGLESWORTH ON PRAYER, POWER AND MIRACLES.pdf
[2013/08/04 01:25:59 | 000,227,638 | ---- | C] () -- C:\Users\Mars\Desktop\Smith_WigglesworthFaith_That_Prevails.pdf
[2013/08/04 01:25:46 | 009,440,017 | ---- | C] () -- C:\Users\Mars\Desktop\smiths-bible-dictionary.pdf
[2013/08/03 21:57:08 | 000,000,512 | ---- | C] () -- C:\Users\Mars\Desktop\MBR.dat
[2013/08/03 13:53:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/08/02 16:16:20 | 005,286,811 | ---- | C] () -- C:\Users\Mars\Documents\Transforming Grace_ Living Confidently i - Gerald Bridges;Jerry Bridges.pdf
[2013/08/02 16:16:20 | 003,265,589 | ---- | C] () -- C:\Users\Mars\Documents\Understanding bible Mysteries.pdf
[2013/08/02 16:16:20 | 001,289,251 | ---- | C] () -- C:\Users\Mars\Documents\Time to Defeat the Devil_ Strategies to - Pierce, Chuck D_.pdf
[2013/08/02 16:16:20 | 001,268,727 | ---- | C] () -- C:\Users\Mars\Documents\TuneInToTheVoiceOfGod_ebook(2).pdf
[2013/08/02 16:16:20 | 001,127,643 | ---- | C] () -- C:\Users\Mars\Documents\Transform Your Thinking, Transform Your - Winston, Bill.pdf
[2013/08/02 16:16:20 | 001,127,613 | ---- | C] () -- C:\Users\Mars\Documents\Wading.pdf
[2013/08/02 16:16:20 | 000,432,289 | ---- | C] () -- C:\Users\Mars\Documents\Tongues - King, Patricia.pdf
[2013/08/02 16:16:20 | 000,378,451 | ---- | C] () -- C:\Users\Mars\Documents\The_Laws_of_Prosperity-.pdf
[2013/08/02 16:16:20 | 000,378,451 | ---- | C] () -- C:\Users\Mars\Documents\The_Laws_of_Prosperity- - Copy.pdf
[2013/08/02 16:16:20 | 000,111,199 | ---- | C] () -- C:\Users\Mars\Documents\The-Four-Realms-of-Riches.pdf
[2013/08/02 16:16:20 | 000,047,211 | ---- | C] () -- C:\Users\Mars\Documents\TIKE201207freeshots.pdf
[2013/08/02 16:16:19 | 003,043,982 | ---- | C] () -- C:\Users\Mars\Documents\The Future Of Worship.pdf
[2013/08/02 16:16:19 | 002,611,035 | ---- | C] () -- C:\Users\Mars\Documents\The Seer Expanded Edition_ The Prophetic - Goll, James W_.pdf
[2013/08/02 16:16:19 | 002,597,714 | ---- | C] () -- C:\Users\Mars\Documents\The Frontier Boys 9780768488494.pdf
[2013/08/02 16:16:19 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\The Life Giver - Copy.pdf
[2013/08/02 16:16:19 | 002,474,695 | ---- | C] () -- C:\Users\Mars\Documents\The Voice How We Can Participate How We should Respond.pdf
[2013/08/02 16:16:19 | 002,243,280 | ---- | C] () -- C:\Users\Mars\Documents\The New How to Study Your Bible - Arthur, Kay.pdf
[2013/08/02 16:16:19 | 001,795,859 | ---- | C] () -- C:\Users\Mars\Documents\The Power of the Cross_ Epicenter of Glo - Chavda, Mahesh.pdf
[2013/08/02 16:16:18 | 002,800,508 | ---- | C] () -- C:\Users\Mars\Documents\The Daily Prophecy_ Your Future Revealed - Kunneman, Brenda.pdf
[2013/08/02 16:16:18 | 001,890,800 | ---- | C] () -- C:\Users\Mars\Documents\SemGuide.pdf
[2013/08/02 16:16:18 | 001,388,279 | ---- | C] () -- C:\Users\Mars\Documents\Satan, You Can't Have My Miracle_ A spir - Delgado, Iris.pdf
[2013/08/02 16:16:18 | 001,160,875 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 3 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 001,154,699 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 1 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 001,131,360 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 2 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 000,961,077 | ---- | C] () -- C:\Users\Mars\Documents\Spiritual Revolution_ Experience the Sup - King, Patricia.pdf
[2013/08/02 16:16:18 | 000,693,527 | ---- | C] () -- C:\Users\Mars\Documents\RiverGlory.pdf
[2013/08/02 16:16:18 | 000,630,138 | ---- | C] () -- C:\Users\Mars\Documents\Stop The Bully_ Cures for the Bully Epid - King, Patricia.pdf
[2013/08/02 16:16:18 | 000,505,301 | ---- | C] () -- C:\Users\Mars\Documents\revivalglory.pdf
[2013/08/02 16:16:18 | 000,208,896 | ---- | C] () -- C:\Users\Mars\Documents\Rumors Of War.pdf
[2013/08/02 16:16:17 | 012,718,589 | ---- | C] () -- C:\Users\Mars\Documents\receive-prophecy-from-global-community.pdf
[2013/08/02 16:16:17 | 002,022,720 | ---- | C] () -- C:\Users\Mars\Documents\Praying-the-Scriptures-by-Judson-Cornwall.pdf
[2013/08/02 16:16:16 | 014,903,490 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Rout-Demons-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:16 | 007,315,656 | ---- | C] () -- C:\Users\Mars\Documents\Praying the Bible_ Pathway to Spirituali - Wesley Campbell.pdf
[2013/08/02 16:16:16 | 005,634,690 | ---- | C] () -- C:\Users\Mars\Documents\Praying the Bible Book of Prayers_ Prayi - Wesley Campbell;Stacey Campbell.pdf
[2013/08/02 16:16:16 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Bring-Healing-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:16 | 000,597,526 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-that-release-heaven-on-earth-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:15 | 001,423,221 | ---- | C] () -- C:\Users\Mars\Documents\Prayers that Move Mountains_ Powerful pr - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,962,358 | ---- | C] () -- C:\Users\Mars\Documents\Prayer in Another Dimension_ Discover th - Curran, Sue.pdf
[2013/08/02 16:16:15 | 000,856,732 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,815,664 | ---- | C] () -- C:\Users\Mars\Documents\Possessing Your Healing_ Taking Authorit - Bridges, Kynan.pdf
[2013/08/02 16:16:15 | 000,671,702 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Bring-Change-by-Kimberly-Daniels - Copy.pdf
[2013/08/02 16:16:15 | 000,623,374 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-that-activate-blessings-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:15 | 000,568,188 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Break Curses_ Prayers for b - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,568,188 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Break Curses_ Prayers for b - Eckhardt, John - Copy.pdf
[2013/08/02 16:16:15 | 000,321,239 | ---- | C] () -- C:\Users\Mars\Documents\parent-ver-sch-0-6yrsShotRecord.pdf
[2013/08/02 16:16:15 | 000,270,343 | ---- | C] () -- C:\Users\Mars\Documents\No_Fear_Here-Ebook.pdf
[2013/08/02 16:16:15 | 000,129,596 | ---- | C] () -- C:\Users\Mars\Documents\OvercomeBlocks and Hinder.pdf
[2013/08/02 16:16:14 | 026,180,435 | ---- | C] () -- C:\Users\Mars\Documents\NIV Women's Devotional Bible - Zondervan.pdf
[2013/08/02 16:16:13 | 002,532,688 | ---- | C] () -- C:\Users\Mars\Documents\My Time With God New Testament Devotions - Loth, Paul J_.pdf
[2013/08/02 16:16:13 | 002,389,847 | ---- | C] () -- C:\Users\Mars\Documents\May_2012_Newsletter.pdf
[2013/08/02 16:16:13 | 002,284,165 | ---- | C] () -- C:\Users\Mars\Documents\Limitless Love_ A 365-Day Devotional - Copeland, Gloria.pdf
[2013/08/02 16:16:13 | 002,283,780 | ---- | C] () -- C:\Users\Mars\Documents\Light Belongs in the Darkness_ Finding Y - King, Patricia.pdf
[2013/08/02 16:16:13 | 001,854,843 | ---- | C] () -- C:\Users\Mars\Documents\Mar12_news.pdf
[2013/08/02 16:16:13 | 001,709,859 | ---- | C] () -- C:\Users\Mars\Documents\My Time With God Old Testament Devotions - Loth, Paul J_.pdf
[2013/08/02 16:16:13 | 000,659,167 | ---- | C] () -- C:\Users\Mars\Documents\Living_In_Heavens_Blessing_Now.pdf
[2013/08/02 16:16:13 | 000,423,772 | ---- | C] () -- C:\Users\Mars\Documents\lawsofprosperity.pdf
[2013/08/02 16:16:13 | 000,278,805 | ---- | C] () -- C:\Users\Mars\Documents\keys-for-accelerated-change.pdf
[2013/08/02 16:16:13 | 000,173,811 | ---- | C] () -- C:\Users\Mars\Documents\LiveLongFinish_Online_Leaders_Guide.pdf
[2013/08/02 16:16:12 | 002,325,965 | ---- | C] () -- C:\Users\Mars\Documents\Jesus Calling_ 365 Devotions For Kids_ T - Young, Sarah.pdf
[2013/08/02 16:16:12 | 001,809,200 | ---- | C] () -- C:\Users\Mars\Documents\Jesus Calling_ Enjoying Peace in His Pre - Young, Sarah.pdf
[2013/08/02 16:16:12 | 000,743,668 | ---- | C] () -- C:\Users\Mars\Documents\Jerusalem.pdf
[2013/08/02 16:16:11 | 013,500,693 | ---- | C] () -- C:\Users\Mars\Documents\IntheZoneEBOOK.pdf
[2013/08/02 16:16:11 | 013,500,693 | ---- | C] () -- C:\Users\Mars\Documents\IntheZoneEBOOK - Copy.pdf
[2013/08/02 16:16:11 | 001,063,451 | ---- | C] () -- C:\Users\Mars\Documents\how-to-train-your-imagination-youhub.pdf
[2013/08/02 16:16:11 | 000,210,112 | ---- | C] () -- C:\Users\Mars\Documents\How-to-Receive-Revelation-Knowledge.pdf
[2013/08/02 16:16:10 | 013,109,628 | ---- | C] () -- C:\Users\Mars\Documents\how-to-prophesy-in-boldness.pdf
[2013/08/02 16:16:10 | 010,421,154 | ---- | C] () -- C:\Users\Mars\Documents\how-to-go-into-heavely-realms.pdf
[2013/08/02 16:16:10 | 002,620,410 | ---- | C] () -- C:\Users\Mars\Documents\-How-to-Meditate-God-s-Word-Dennis-Burke.pdf
[2013/08/02 16:16:09 | 016,681,705 | ---- | C] () -- C:\Users\Mars\Documents\how-to-be-appointed-as-a-prophet-to-the-nations.pdf
[2013/08/02 16:16:09 | 016,602,410 | ---- | C] () -- C:\Users\Mars\Documents\how-to-encounter-jesus-face-to-face.pdf
[2013/08/02 16:16:08 | 006,056,505 | ---- | C] () -- C:\Users\Mars\Documents\Help_God_Im_Broke_Ebook.pdf
[2013/08/02 16:16:08 | 002,761,154 | ---- | C] () -- C:\Users\Mars\Documents\Holiness Day by Day_ Transformational Th - Jerry Bridges.pdf
[2013/08/02 16:16:08 | 002,536,466 | ---- | C] () -- C:\Users\Mars\Documents\How to Experience God.pdf
[2013/08/02 16:16:08 | 001,245,148 | ---- | C] () -- C:\Users\Mars\Documents\Holy Habits_ A Woman's Guide to Intentio - Wilson, Marilyn.pdf
[2013/08/02 16:16:08 | 001,222,329 | ---- | C] () -- C:\Users\Mars\Documents\How To Walk In The Supernatural Power Of - Maldonado, Guillermo.pdf
[2013/08/02 16:16:08 | 000,246,310 | ---- | C] () -- C:\Users\Mars\Documents\How To Study the Bible.pdf
[2013/08/02 16:16:07 | 006,056,505 | ---- | C] () -- C:\Users\Mars\Documents\Help_God_Im_Broke_Ebook - Copy.pdf
[2013/08/02 16:16:07 | 002,873,392 | ---- | C] () -- C:\Users\Mars\Documents\God's Word in My Heart - Loth, Paul J_.pdf
[2013/08/02 16:16:07 | 001,296,563 | ---- | C] () -- C:\Users\Mars\Documents\Handle with Prayer_ Unwrap the Source of - Stanley, Charles.pdf
[2013/08/02 16:16:07 | 000,882,455 | ---- | C] () -- C:\Users\Mars\Documents\God's Supernatural Power - Conner, Bobby.pdf
[2013/08/02 16:16:07 | 000,877,773 | ---- | C] () -- C:\Users\Mars\Documents\Healing The Whole Man Handbook - Hunter, Joan.pdf
[2013/08/02 16:16:07 | 000,185,300 | ---- | C] () -- C:\Users\Mars\Documents\Healing_Scriptures.pdf
[2013/08/02 16:16:07 | 000,185,300 | ---- | C] () -- C:\Users\Mars\Documents\Healing_Scriptures - Copy.pdf
[2013/08/02 16:16:07 | 000,017,082 | ---- | C] () -- C:\Users\Mars\Documents\Having Ears to Hear Study Notes.pdf
[2013/08/02 16:16:06 | 003,598,351 | ---- | C] () -- C:\Users\Mars\Documents\God Takes Care of Me (First Steps Devoti - Loth, Paul J_.pdf
[2013/08/02 16:16:06 | 003,080,563 | ---- | C] () -- C:\Users\Mars\Documents\Glory.pdf
[2013/08/02 16:16:06 | 002,996,838 | ---- | C] () -- C:\Users\Mars\Documents\God's Plan For Our Success Nehemiah's Way(1).pdf
[2013/08/02 16:16:06 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\Godly Success - Copy.pdf
[2013/08/02 16:16:06 | 001,181,232 | ---- | C] () -- C:\Users\Mars\Documents\God, You've Got Mail_ 15 Keys to Abundan - Crawford, Danette.pdf
[2013/08/02 16:16:06 | 001,110,946 | ---- | C] () -- C:\Users\Mars\Documents\Glory Of God_ Experience a Supernatural - Maldonado, Guillermo.pdf
[2013/08/02 16:16:06 | 000,937,359 | ---- | C] () -- C:\Users\Mars\Documents\God's Promises for Your Every Need_ 25th - Nelson, Thomas.pdf
[2013/08/02 16:16:05 | 003,851,162 | ---- | C] () -- C:\Users\Mars\Documents\Finding Father - Jones, A.J_.pdf
[2013/08/02 16:16:05 | 003,764,624 | ---- | C] () -- C:\Users\Mars\Documents\First Steps Devotions for Families with - Loth, Paul J_.pdf
[2013/08/02 16:16:05 | 000,990,017 | ---- | C] () -- C:\Users\Mars\Documents\Fasting and Prayer_ God's Nuclear Power - Brooks, Steven.pdf
[2013/08/02 16:16:05 | 000,524,374 | ---- | C] () -- C:\Users\Mars\Documents\Faith_and_Patience.pdf
[2013/08/02 16:16:05 | 000,524,374 | ---- | C] () -- C:\Users\Mars\Documents\Faith_and_Patience(1).pdf
[2013/08/02 16:16:05 | 000,176,810 | ---- | C] () -- C:\Users\Mars\Documents\FreedomFromFear.pdf
[2013/08/02 16:16:05 | 000,031,288 | ---- | C] () -- C:\Users\Mars\Documents\fatherloveLett.pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\EyesOf Honor9780768488296.pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\EyesOf Honor 9780768488296(1).pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\Eyes Of Honor Copy.pdf
[2013/08/02 16:16:04 | 001,395,618 | ---- | C] () -- C:\Users\Mars\Documents\faith By faith By Ken and Gloria Copeland.pdf
[2013/08/02 16:16:04 | 001,112,949 | ---- | C] () -- C:\Users\Mars\Documents\Experiencing the Heavenly Realm_ Keys to - Franklin, Judy.pdf
[2013/08/02 16:16:03 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Documents\EbookGreaterThings_Complete.pdf
[2013/08/02 16:16:03 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Documents\EbookGreaterThings_Complete - Copy.pdf
[2013/08/02 16:16:03 | 002,082,866 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee.pdf
[2013/08/02 16:16:03 | 002,082,866 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee - Copy.pdf
[2013/08/02 16:16:03 | 002,029,399 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee1.pdf
[2013/08/02 16:16:02 | 008,326,262 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges1.pdf
[2013/08/02 16:16:02 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF1.pdf
[2013/08/02 16:16:02 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF1 - Copy.pdf
[2013/08/02 16:16:02 | 002,180,860 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF.pdf
[2013/08/02 16:16:02 | 002,180,860 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF - Copy.pdf
[2013/08/02 16:16:01 | 008,425,022 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges.pdf
[2013/08/02 16:16:01 | 008,425,022 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges - Copy.pdf
[2013/08/02 16:16:01 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld.pdf
[2013/08/02 16:16:00 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-122LoveLetters.pdf
[2013/08/02 16:16:00 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld(1).pdf
[2013/08/02 16:16:00 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld - Copy.pdf
[2013/08/02 16:15:59 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-122LoveLetters - Copy.pdf
[2013/08/02 16:15:59 | 004,474,754 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-12FACTSaboutTONGES.pdf
[2013/08/02 16:15:59 | 004,474,754 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-12FACTSaboutTONGES(1).pdf
[2013/08/02 16:15:58 | 010,038,457 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_DecreesInspiredByThePsalms.pdf
[2013/08/02 16:15:58 | 005,927,766 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_alignedheaven.pdf
[2013/08/02 16:15:58 | 005,927,766 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_alignedheaven - Copy.pdf
[2013/08/02 16:15:58 | 001,116,084 | ---- | C] () -- C:\Users\Mars\Documents\Developing a Supernatural Lifestyle_ A P - Vallotton, Kris.pdf
[2013/08/02 16:15:58 | 000,540,825 | ---- | C] () -- C:\Users\Mars\Documents\dream_big.pdf
[2013/08/02 16:15:58 | 000,054,644 | ---- | C] () -- C:\Users\Mars\Documents\DHMH K12 Immunz Requirments.pdf
[2013/08/02 16:15:57 | 007,159,992 | ---- | C] () -- C:\Users\Mars\Documents\Decree_EBOOK.pdf
[2013/08/02 16:15:57 | 004,638,161 | ---- | C] () -- C:\Users\Mars\Documents\Designed for Devotion_ A 365-Day Journey - Matthews, Dianne Neal.pdf
[2013/08/02 16:15:57 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\Define Your Destiny Through Prayer - Copy.pdf
[2013/08/02 16:15:57 | 003,653,178 | ---- | C] () -- C:\Users\Mars\Documents\Dare to Believe - Copy.pdf
[2013/08/02 16:15:56 | 002,419,687 | ---- | C] () -- C:\Users\Mars\Documents\Born To Create supernatural in your Destiny 9780768488180.pdf
[2013/08/02 16:15:56 | 002,419,687 | ---- | C] () -- C:\Users\Mars\Documents\Born To Create Copy.pdf
[2013/08/02 16:15:56 | 001,817,050 | ---- | C] () -- C:\Users\Mars\Documents\Dancing with Angels 2_ The Role of the H - Basconi, Kevin.pdf
[2013/08/02 16:15:56 | 001,625,025 | ---- | C] () -- C:\Users\Mars\Documents\Dancing with Angels_ How You Can Work Wi - Basconi, Kevin.pdf
[2013/08/02 16:15:56 | 000,596,704 | ---- | C] () -- C:\Users\Mars\Documents\Daily Scripture Reading and Meditation_ - Coleman, Gloria.pdf
[2013/08/02 16:15:56 | 000,414,901 | ---- | C] () -- C:\Users\Mars\Documents\Build your Financial Fountain.pdf
[2013/08/02 16:15:56 | 000,154,441 | ---- | C] () -- C:\Users\Mars\Documents\blessing_for_your_children.pdf
[2013/08/02 16:15:56 | 000,046,170 | ---- | C] () -- C:\Users\Mars\Documents\Christian-Dream-Interpretation.pdf
[2013/08/02 16:15:55 | 008,775,700 | ---- | C] () -- C:\Users\Mars\Documents\Big Book of All-Time Favorite Bible Stor - Beers, V. Gilbert.pdf
[2013/08/02 16:15:55 | 007,732,188 | ---- | C] () -- C:\Users\Mars\Documents\Becoming a Prayer Warrior_ A Guide to Ef - Beth Alves.pdf
[2013/08/02 16:15:55 | 004,517,247 | ---- | C] () -- C:\Users\Mars\Documents\BibleNewInternationalVersionPDF.pdf
[2013/08/02 16:15:54 | 033,801,943 | ---- | C] () -- C:\Users\Mars\Documents\april 12 d.pdf
[2013/08/02 16:15:53 | 018,326,783 | ---- | C] () -- C:\Users\Mars\Documents\angels-visitations-the-audible-voice-of-the-lord.pdf
[2013/08/02 16:15:53 | 003,120,630 | ---- | C] () -- C:\Users\Mars\Documents\Angels In The Realm Of Heaven.pdf
[2013/08/02 16:15:53 | 001,876,706 | ---- | C] () -- C:\Users\Mars\Documents\Another10DaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:52 | 007,817,312 | ---- | C] () -- C:\Users\Mars\Documents\amp.pdf
[2013/08/02 16:15:52 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\9780768488081(1) Define Your Destiny Through Prayer.pdf
[2013/08/02 16:15:52 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\9780768488081 Define Your Destiny Through Prayer.pdf
[2013/08/02 16:15:52 | 001,619,354 | ---- | C] () -- C:\Users\Mars\Documents\A Book of Prayer - Omartian, Stormie.pdf
[2013/08/02 16:15:52 | 000,903,620 | ---- | C] () -- C:\Users\Mars\Documents\A Divine Revelation of Spiritual Warfare - T. L., Lowery.pdf
[2013/08/02 16:15:51 | 002,922,114 | ---- | C] () -- C:\Users\Mars\Documents\9780768487886 Open Heaven the Secret Power of Door Keeper.pdf
[2013/08/02 16:15:51 | 002,912,477 | ---- | C] () -- C:\Users\Mars\Documents\9780768484991.pdf
[2013/08/02 16:15:51 | 002,912,477 | ---- | C] () -- C:\Users\Mars\Documents\9780768484991 (1).pdf
[2013/08/02 16:15:51 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\9780768441420(1)The Life Giver.pdf
[2013/08/02 16:15:51 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\9780768441420 The Life Giver.pdf
[2013/08/02 16:15:51 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\9780768441260Godly Success.pdf
[2013/08/02 16:15:51 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\9780768441260(1)Godly Success.pdf
[2013/08/02 16:15:50 | 003,682,261 | ---- | C] () -- C:\Users\Mars\Documents\118418399-Healing-Through-Spiritual-Warfare-Peggy-Scarborough.pdf
[2013/08/02 16:15:50 | 003,653,178 | ---- | C] () -- C:\Users\Mars\Documents\9780768440973(1)Dare to Believe.pdf
[2013/08/02 16:15:50 | 001,425,539 | ---- | C] () -- C:\Users\Mars\Documents\114021710-The-Holy-Spirit-and-His-Gifts-by-Kenneth-e-Hagin.pdf
[2013/08/02 16:15:50 | 000,532,515 | ---- | C] () -- C:\Users\Mars\Documents\114224646-You-Shall-Receive-Power-by-Derek-Prince.pdf
[2013/08/02 16:15:49 | 014,903,490 | ---- | C] () -- C:\Users\Mars\Documents\113857365-Prayers-That-Rout-Demons-John-Eckhardt.pdf
[2013/08/02 16:15:49 | 007,931,316 | ---- | C] () -- C:\Users\Mars\Documents\112491828-Commanding-Your-Morning-by-Cindy-Trimm.pdf
[2013/08/02 16:15:49 | 002,211,894 | ---- | C] () -- C:\Users\Mars\Documents\113777499-If-You-Need-Healing-Do-These-Things-by-Oral-Roberts.pdf
[2013/08/02 16:15:49 | 000,671,702 | ---- | C] () -- C:\Users\Mars\Documents\113857348-Prayers-That-Bring-Change-by-Kimberly-Daniels.pdf
[2013/08/02 16:15:48 | 004,016,750 | ---- | C] () -- C:\Users\Mars\Documents\103400447-Catching-the-Initiatives-of-Heaven-Dennis-Walker.pdf
[2013/08/02 16:15:48 | 003,535,743 | ---- | C] () -- C:\Users\Mars\Documents\89445266-Understanding-How-to-Fight-the-Good-Fight-of-Faith-Kenneth-Hagin.pdf
[2013/08/02 16:15:48 | 002,562,512 | ---- | C] () -- C:\Users\Mars\Documents\365 daysofhealing.pdf
[2013/08/02 16:15:48 | 000,862,066 | ---- | C] () -- C:\Users\Mars\Documents\82842139-The-Power-of-the-Blood-H-A-Maxwell-Whyte.pdf
[2013/08/02 16:15:48 | 000,739,457 | ---- | C] () -- C:\Users\Mars\Documents\110926966-How-To-Hear-From-God-Joyce-Meyer.pdf
[2013/08/02 16:15:48 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\95144332-Prayers-That-Bring-Healing-John-Eckhardt.pdf
[2013/08/02 16:15:48 | 000,623,374 | ---- | C] () -- C:\Users\Mars\Documents\102807258-Prayers-that-activate-blessings-John-Eckhardt.pdf
[2013/08/02 16:15:48 | 000,597,526 | ---- | C] () -- C:\Users\Mars\Documents\102807454-Prayers-that-release-heaven-on-earth-John-Eckhardt.pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF.pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF(1).pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF - Copy.pdf
[2013/08/02 16:15:47 | 001,157,263 | ---- | C] () -- C:\Users\Mars\Documents\65 Promises from God for Your Child_ Pow - Shreve, Mike.pdf
[2013/08/02 16:15:47 | 000,490,036 | ---- | C] () -- C:\Users\Mars\Documents\10MoreDaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:47 | 000,477,042 | ---- | C] () -- C:\Users\Mars\Documents\10DaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:47 | 000,412,963 | ---- | C] () -- C:\Users\Mars\Documents\31 Powerful Prayers - Guaranteed To Make - Coleman, Gloria.pdf
[2013/08/02 16:15:47 | 000,316,793 | ---- | C] () -- C:\Users\Mars\Documents\31 Powerful Prayers For Children - Guara - Coleman, Gloria.pdf
[2013/08/02 16:15:46 | 001,878,803 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of True Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,878,803 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of True Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 001,369,813 | ---- | C] () -- C:\Users\Mars\Documents\10 Marvelous Days of Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,369,813 | ---- | C] () -- C:\Users\Mars\Documents\10 Marvelous Days of Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 001,358,485 | ---- | C] () -- C:\Users\Mars\Documents\10 Awesome Days of Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,358,485 | ---- | C] () -- C:\Users\Mars\Documents\10 Awesome Days of Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 000,578,398 | ---- | C] () -- C:\Users\Mars\Documents\10 Glorious Days of Prosperity Series PG Study Notes PDF.pdf
[2013/08/02 16:15:46 | 000,558,701 | ---- | C] () -- C:\Users\Mars\Documents\10 More Extraordinary Days of Prosperity Series PG Study Notes.pdf
[2013/08/02 16:15:46 | 000,555,507 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of Kingdom Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 000,555,507 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of Kingdom Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 000,133,097 | ---- | C] () -- C:\Users\Mars\Documents\4-keys-lesson-5-remove-idols-from-heart.pdf
[2013/08/02 16:15:45 | 006,460,153 | ---- | C] () -- C:\Users\Mars\Documents\4 Keys to Hearing God's Voice - Virkler, Mark.pdf
[2013/08/02 16:15:45 | 003,260,110 | ---- | C] () -- C:\Users\Mars\Documents\1EyesOf Honor9780768488296.pdf
[2013/08/02 16:15:45 | 002,828,289 | ---- | C] () -- C:\Users\Mars\Documents\1God's Plan For Our Success Nehemiah's Way(1).pdf
[2013/08/02 16:15:45 | 002,541,657 | ---- | C] () -- C:\Users\Mars\Documents\1The Life Giver9780768441420.pdf
[2013/08/02 16:15:45 | 002,326,452 | ---- | C] () -- C:\Users\Mars\Documents\1Glory.pdf
[2013/08/02 16:15:45 | 001,823,215 | ---- | C] () -- C:\Users\Mars\Documents\1Godly Success9780768441260.pdf
[2013/08/02 16:15:44 | 007,277,220 | ---- | C] () -- C:\Users\Mars\Documents\1Decree_EBOOK.pdf
[2013/08/02 16:15:44 | 003,358,158 | ---- | C] () -- C:\Users\Mars\Documents\1 Understanding bible Mysteries.pdf
[2013/08/02 16:15:44 | 002,730,104 | ---- | C] () -- C:\Users\Mars\Documents\1 Psalm 91_ Real-Life Stories of God's Shi - Ruth, Peggy Joyce.pdf
[2013/08/02 16:15:44 | 002,714,763 | ---- | C] () -- C:\Users\Mars\Documents\1 The Frontier Boys 9780768488494.pdf
[2013/08/02 16:15:44 | 001,404,688 | ---- | C] () -- C:\Users\Mars\Documents\1 The-Holy-Spirit-and-His-Gifts-by-Kenneth-e-Hagin - Copy.pdf
[2013/08/02 16:15:44 | 000,671,054 | ---- | C] () -- C:\Users\Mars\Documents\1Commanding Your Morning_ Unleashing the - Trimm, Cindy.pdf
[2013/08/02 16:15:44 | 000,319,813 | ---- | C] () -- C:\Users\Mars\Documents\1Decree - Third Edition.pdf
[2013/08/02 16:15:43 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK.pdf
[2013/08/02 16:15:43 | 001,788,411 | ---- | C] () -- C:\Users\Mars\Documents\1 Jesus Calling_ Enjoying Peace in His Pre - Young, Sarah.pdf
[2013/08/02 16:15:43 | 001,423,221 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers that Move Mountains_ Powerful pr - Eckhardt, John - Copy.pdf
[2013/08/02 16:15:43 | 000,838,129 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/08/02 16:15:43 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers-That-Bring-Healing-John-Eckhardt - Copy - Copy.pdf
[2013/08/02 16:15:43 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers-That-Bring-Healing-John-Eckhardt - Copy - Copy - Copy.pdf
[2013/08/02 16:15:42 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK - Copy.pdf
[2013/08/02 16:15:41 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK - Copy (2).pdf
[2013/08/02 16:15:41 | 005,929,955 | ---- | C] () -- C:\Users\Mars\Documents\1 Help_God_Im_Broke_Ebook.pdf
[2013/08/02 16:15:41 | 005,929,955 | ---- | C] () -- C:\Users\Mars\Documents\1 Help_God_Im_Broke_Ebook - Copy.pdf
[2013/08/02 16:15:40 | 004,208,918 | ---- | C] () -- C:\Users\Mars\Documents\1 Define Your Destiny Through Prayer 9780768488081.pdf
[2013/08/02 16:15:40 | 002,996,770 | ---- | C] () -- C:\Users\Mars\Documents\1 Ebook-CreateYourWorld.pdf
[2013/08/02 16:15:40 | 002,996,770 | ---- | C] () -- C:\Users\Mars\Documents\1 Ebook-CreateYourWorld - Copy.pdf
[2013/08/02 16:15:40 | 002,423,804 | ---- | C] () -- C:\Users\Mars\Documents\1 The Voice How We Can Participate How We should Respond.pdf
[2013/08/02 16:15:40 | 000,951,027 | ---- | C] () -- C:\Users\Mars\Documents\1 Spiritual Revolution_ Experience the Sup - King, Patricia.pdf
[2013/08/02 16:15:40 | 000,571,803 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers That Break Curses_ Prayers for b - Eckhardt, John.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF - Copy.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF - Copy (2).pdf
[2013/08/02 16:15:39 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(2)Dare to Believe1 - Copy.pdf
[2013/08/02 16:15:39 | 000,190,616 | ---- | C] () -- C:\Users\Mars\Documents\0-6yrs-schedule-pr.pdf
[2013/08/02 16:15:38 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(1)Dare to Believe1.pdf
[2013/08/02 16:15:38 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(1)Dare to Believe1 - Copy.pdf
[2013/08/02 16:15:38 | 002,870,609 | ---- | C] () -- C:\Users\Mars\Documents\(1)Open Heaven the Secret Power of Door Keeper 9780768487886.pdf
[2013/08/02 16:15:38 | 002,570,714 | ---- | C] () -- C:\Users\Mars\Documents\(1)Born To Create supernatural in your Destiny1.pdf
[2013/08/02 16:15:37 | 005,816,617 | ---- | C] () -- C:\Users\Mars\Documents\(1)4 Keys to Hearing God's Voice - Virkler, Mark.pdf
[2013/08/02 16:15:37 | 000,636,167 | ---- | C] () -- C:\Users\Mars\Documents\(1) 20120709-Calendar-English-FINAL.pdf
[2013/08/02 16:15:37 | 000,409,396 | ---- | C] () -- C:\Users\Mars\Documents\You-Can-Hear-God's-Voice.pdf
[2013/08/02 16:15:37 | 000,176,873 | ---- | C] () -- C:\Users\Mars\Documents\welcomefamily.pdf
[2013/08/02 16:15:37 | 000,095,541 | ---- | C] () -- C:\Users\Mars\Documents\weight petition.pdf
[2013/08/02 01:10:16 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8271c96-c82f-4c9e-af98-08c6300f2585.job
[2013/08/02 01:10:16 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6c3cdca8-ce8e-4736-bd73-56f9e5dcea2c.job
[2013/08/02 01:09:26 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/01 23:09:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 22:47:04 | 000,417,513 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:28 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:28 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/08/01 22:35:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 15:13:52 | 000,000,675 | ---- | C] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/30 01:46:25 | 000,000,530 | ---- | C] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/07/29 22:05:21 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:34:39 | 000,002,138 | ---- | C] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:34:39 | 000,002,136 | ---- | C] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:34:37 | 000,001,343 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2013/07/28 18:58:43 | 000,001,335 | ---- | C] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/28 18:58:43 | 000,001,139 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 15:49:09 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:32:32 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 02:01:20 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/07/23 01:58:40 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:52:49 | 000,000,017 | ---- | C] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:48:55 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013/07/23 01:47:08 | 000,015,762 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2013/07/23 01:34:02 | 2962,255,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/23 00:57:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/07/23 00:45:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/07/22 23:44:35 | 000,002,283 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:44:35 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/22 23:38:12 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 23:38:11 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 23:29:58 | 000,001,441 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Times Reader.lnk
[2013/07/22 23:24:18 | 000,000,290 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/22 23:24:18 | 000,000,272 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/07/22 23:24:17 | 000,001,417 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/31 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/08/02 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\FFP
[2013/07/28 18:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/08/09 05:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TP
[2013/08/06 22:27:23 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\uTorrent
[2013/08/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#10
Ayame12
Posted 10 August 2013 - 05:06 AM

Ayame12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I just unstall MBAM application and get this this file my desktop "desktop.ini". Can you tell me what that is?

OLT.log


OTL logfile created on: 8/10/2013 6:59:04 AM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 59.50% Memory free
7.36 Gb Paging File | 5.32 Gb Available in Paging File | 72.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 399.74 Gb Free Space | 89.30% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/02 14:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
PRC - [2013/08/01 22:36:51 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/31 08:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/31 08:38:36 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/31 08:38:34 | 001,092,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 19:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 22:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 19:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 19:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/28 18:04:59 | 000,057,344 | ---- | M] () -- C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
MOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 20:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 20:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/23 20:56:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/23 20:56:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/23 20:56:46 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45e4072bdc78b50abd6a5f28386e8153\IAStorUtil.ni.dll
MOD - [2013/07/23 20:56:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/23 20:56:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/23 20:56:30 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\bda7430e393758ce03bd26509f5a8762\System.Xml.ni.dll
MOD - [2013/07/23 20:56:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/23 20:56:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/23 20:56:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/01 23:09:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/26 09:57:54 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/23 01:49:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/07/20 14:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/01 22:35:59 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/19 00:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/19 00:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/19 00:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/17 05:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/08 06:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/21 21:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 19:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/09/17 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mars\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/23 23:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/07/28 18:04:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...rc=IE-SearchBox
CHR - default_search_provider: suggest_url = http://api.bing.com/...=U019&dt=072813
CHR - homepage: http://www.msn.com/?...19DHP&dt=072813
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\
CHR - Extension: avast! Online Security = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Freemake Video Converter = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mars\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A628AEC7-B29E-4539-B31B-F5752705852B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/10 06:27:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\Grace Williams Deep Waters
[2013/08/10 03:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/08/10 03:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/08/10 03:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/08/10 02:16:20 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Malwarebytes
[2013/08/10 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/10 02:04:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/09 22:59:26 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Facebook
[2013/08/09 20:16:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Windows Live Writer
[2013/08/09 20:16:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live Writer
[2013/08/09 04:44:12 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mars\Desktop\mbam-setup.exe
[2013/08/08 23:05:02 | 000,957,230 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Mars\Desktop\JRT.exe
[2013/08/08 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\vlc
[2013/08/08 19:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/08 19:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/08/08 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Solid State Networks
[2013/08/05 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\uTorrent
[2013/08/03 21:14:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mars\Desktop\aswMBR.exe
[2013/08/02 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\FFP
[2013/08/02 14:57:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/08/02 01:09:46 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/02 01:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/02 01:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/02 01:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/01 23:09:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/01 22:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/08/01 22:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013/08/01 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013/08/01 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
[2013/08/01 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Avast EasyPass Data
[2013/08/01 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2013/08/01 22:35:32 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:32 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/08/01 22:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/01 22:35:31 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/08/01 22:35:31 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/08/01 22:35:30 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:27 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/08/01 22:35:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/08/01 22:34:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/01 22:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/01 22:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/29 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Calibre Library
[2013/07/29 22:06:49 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/07/29 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/07/28 18:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler
[2013/07/28 18:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/07/28 18:58:43 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
[2013/07/28 18:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Torch
[2013/07/28 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\FreemakeVideoConverter
[2013/07/28 18:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Freemake
[2013/07/28 18:04:36 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/28 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/07/28 18:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/07/28 17:58:08 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Programs
[2013/07/23 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TP
[2013/07/23 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe_Systems_Incorporate
[2013/07/23 14:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/07/23 14:40:30 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Digital Editions
[2013/07/23 11:11:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/23 02:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/07/23 02:31:05 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013/07/23 02:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Youcam
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/07/23 01:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2013/07/23 01:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2013/07/23 01:58:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2013/07/23 01:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2013/07/23 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/07/23 01:51:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
[2013/07/23 01:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NTI Launcher
[2013/07/23 01:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
[2013/07/23 01:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/07/23 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013/07/23 01:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/07/23 01:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
[2013/07/23 01:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/07/23 01:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/07/23 01:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/07/23 01:38:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/07/23 01:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2013/07/23 01:37:32 | 000,000,000 | ---D | C] -- C:\book
[2013/07/23 01:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2013/07/23 01:34:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/23 00:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\clear.fi
[2013/07/22 23:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/22 23:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/22 23:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Google
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Deployment
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Apps
[2013/07/22 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\EgisTec IPS
[2013/07/22 23:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/07/22 23:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/07/22 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Times Reader
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\CyberLink
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Acer
[2013/07/22 23:24:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\PowerCinema
[2013/07/22 23:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection
[2013/07/22 23:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\VirtualStore
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Temporary Internet Files
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Templates
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Start Menu
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\SendTo
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Recent
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\PrintHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\NetHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Videos
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Pictures
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Music
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\My Documents
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Local Settings
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\History
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Cookies
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Application Data
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Application Data
[2013/07/22 23:24:17 | 000,000,000 | --SD | C] -- C:\Users\Mars\AppData\Roaming\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Videos
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Searches
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Saved Games
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Pictures
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Music
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Links
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Favorites
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Downloads
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Documents
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Desktop
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Contacts
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\AppData
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Temp
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Macromedia
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Intel Corporation
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\InstallShield
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Identities
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Downloaded Installations
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Adobe
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe
[2013/07/22 23:24:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/10 06:55:47 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/10 06:55:47 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/10 06:48:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/10 06:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/10 06:47:39 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/10 06:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/10 06:18:24 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/10 06:18:24 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/10 06:18:24 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/10 06:16:54 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000UA.job
[2013/08/10 06:16:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/10 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8271c96-c82f-4c9e-af98-08c6300f2585.job
[2013/08/10 01:10:03 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6c3cdca8-ce8e-4736-bd73-56f9e5dcea2c.job
[2013/08/09 23:04:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000Core.job
[2013/08/09 06:28:14 | 000,000,530 | ---- | M] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/08/09 05:43:29 | 000,007,973 | ---- | M] () -- C:\Users\Mars\Documents\instructions geeks.rtf
[2013/08/09 05:00:21 | 000,000,549 | ---- | M] () -- C:\Users\Mars\Documents\geekstogo.rtf
[2013/08/09 04:46:21 | 010,284,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mars\Desktop\mbam-setup.exe
[2013/08/08 23:06:05 | 000,957,230 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Mars\Desktop\JRT.exe
[2013/08/08 21:44:59 | 000,666,633 | ---- | M] () -- C:\Users\Mars\Desktop\adwcleaner.exe
[2013/08/08 19:20:25 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/08 14:28:12 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/08/08 01:02:55 | 000,001,592 | ---- | M] () -- C:\Users\Mars\Documents\Document1.rtf
[2013/08/06 01:14:18 | 000,001,037 | ---- | M] () -- C:\Users\Mars\Documents\instruction to finish scan.rtf
[2013/08/03 21:57:08 | 000,000,512 | ---- | M] () -- C:\Users\Mars\Desktop\MBR.dat
[2013/08/03 21:39:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mars\Desktop\aswMBR.exe
[2013/08/03 13:53:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/08/02 14:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/08/02 01:09:26 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/01 22:47:52 | 000,417,513 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:35:59 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/01 22:35:59 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/01 22:35:59 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 15:13:52 | 000,000,675 | ---- | M] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/31 06:21:13 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/29 22:44:09 | 001,216,579 | ---- | M] () -- C:\Users\Mars\Desktop\A Touch From Heaven - Neal Pylant.pdf
[2013/07/29 22:05:21 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:35:04 | 000,002,138 | ---- | M] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:35:04 | 000,002,136 | ---- | M] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:35:04 | 000,001,335 | ---- | M] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/29 10:34:39 | 000,001,139 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 15:49:09 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:31:05 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 01:58:40 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:54:16 | 000,282,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/23 01:52:49 | 000,000,017 | ---- | M] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:47:08 | 000,015,762 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013/07/23 00:08:30 | 000,002,283 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:29:58 | 000,001,441 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Times Reader.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/10 06:36:30 | 008,326,262 | ---- | C] () -- C:\Users\Mars\Desktop\EBOOKDominion-Surges1.pdf
[2013/08/10 06:36:30 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Desktop\EbookGreaterThings_Complete - Copy.pdf
[2013/08/10 06:36:30 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Desktop\ebookearsthathear PDF1.pdf
[2013/08/10 06:36:30 | 002,029,399 | ---- | C] () -- C:\Users\Mars\Desktop\ebookeyes_thatsee1.pdf
[2013/08/10 06:36:29 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Desktop\Ebook-122LoveLetters.pdf
[2013/08/10 06:36:29 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Desktop\Ebook-CreateYourWorld - Copy.pdf
[2013/08/09 22:59:41 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000UA.job
[2013/08/09 22:59:41 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3905402568-11843471-3572921917-1000Core.job
[2013/08/09 05:43:29 | 000,007,973 | ---- | C] () -- C:\Users\Mars\Documents\instructions geeks.rtf
[2013/08/09 04:42:12 | 000,000,549 | ---- | C] () -- C:\Users\Mars\Documents\geekstogo.rtf
[2013/08/08 21:44:50 | 000,666,633 | ---- | C] () -- C:\Users\Mars\Desktop\adwcleaner.exe
[2013/08/08 19:20:25 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/08 18:43:28 | 001,216,579 | ---- | C] () -- C:\Users\Mars\Desktop\A Touch From Heaven - Neal Pylant.pdf
[2013/08/08 06:45:40 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/08/08 01:02:55 | 000,001,592 | ---- | C] () -- C:\Users\Mars\Documents\Document1.rtf
[2013/08/06 01:14:03 | 000,001,037 | ---- | C] () -- C:\Users\Mars\Documents\instruction to finish scan.rtf
[2013/08/04 01:37:09 | 005,554,323 | ---- | C] () -- C:\Users\Mars\Desktop\Christ the Healer By FF Bosworth.pdf
[2013/08/04 01:36:05 | 001,692,820 | ---- | C] () -- C:\Users\Mars\Desktop\Cant You Talk Louder God.pdf
[2013/08/04 01:34:46 | 000,929,060 | ---- | C] () -- C:\Users\Mars\Desktop\BIBLICAL_MEDITATIONedited[etowns].pdf
[2013/08/04 01:30:32 | 012,998,003 | ---- | C] () -- C:\Users\Mars\Desktop\54-the_amazing_results_of_positivethinking.pdf
[2013/08/04 01:26:36 | 002,454,607 | ---- | C] () -- C:\Users\Mars\Desktop\THE PROPHET'S DICTIONARY by Paula A Price.pdf
[2013/08/04 01:26:14 | 012,939,786 | ---- | C] () -- C:\Users\Mars\Desktop\SMITH WIGGLESWORTH ON PRAYER, POWER AND MIRACLES.pdf
[2013/08/04 01:25:59 | 000,227,638 | ---- | C] () -- C:\Users\Mars\Desktop\Smith_WigglesworthFaith_That_Prevails.pdf
[2013/08/04 01:25:46 | 009,440,017 | ---- | C] () -- C:\Users\Mars\Desktop\smiths-bible-dictionary.pdf
[2013/08/03 21:57:08 | 000,000,512 | ---- | C] () -- C:\Users\Mars\Desktop\MBR.dat
[2013/08/03 13:53:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/08/02 16:16:20 | 005,286,811 | ---- | C] () -- C:\Users\Mars\Documents\Transforming Grace_ Living Confidently i - Gerald Bridges;Jerry Bridges.pdf
[2013/08/02 16:16:20 | 003,265,589 | ---- | C] () -- C:\Users\Mars\Documents\Understanding bible Mysteries.pdf
[2013/08/02 16:16:20 | 001,289,251 | ---- | C] () -- C:\Users\Mars\Documents\Time to Defeat the Devil_ Strategies to - Pierce, Chuck D_.pdf
[2013/08/02 16:16:20 | 001,268,727 | ---- | C] () -- C:\Users\Mars\Documents\TuneInToTheVoiceOfGod_ebook(2).pdf
[2013/08/02 16:16:20 | 001,127,643 | ---- | C] () -- C:\Users\Mars\Documents\Transform Your Thinking, Transform Your - Winston, Bill.pdf
[2013/08/02 16:16:20 | 001,127,613 | ---- | C] () -- C:\Users\Mars\Documents\Wading.pdf
[2013/08/02 16:16:20 | 000,432,289 | ---- | C] () -- C:\Users\Mars\Documents\Tongues - King, Patricia.pdf
[2013/08/02 16:16:20 | 000,378,451 | ---- | C] () -- C:\Users\Mars\Documents\The_Laws_of_Prosperity-.pdf
[2013/08/02 16:16:20 | 000,378,451 | ---- | C] () -- C:\Users\Mars\Documents\The_Laws_of_Prosperity- - Copy.pdf
[2013/08/02 16:16:20 | 000,111,199 | ---- | C] () -- C:\Users\Mars\Documents\The-Four-Realms-of-Riches.pdf
[2013/08/02 16:16:20 | 000,047,211 | ---- | C] () -- C:\Users\Mars\Documents\TIKE201207freeshots.pdf
[2013/08/02 16:16:19 | 003,043,982 | ---- | C] () -- C:\Users\Mars\Documents\The Future Of Worship.pdf
[2013/08/02 16:16:19 | 002,611,035 | ---- | C] () -- C:\Users\Mars\Documents\The Seer Expanded Edition_ The Prophetic - Goll, James W_.pdf
[2013/08/02 16:16:19 | 002,597,714 | ---- | C] () -- C:\Users\Mars\Documents\The Frontier Boys 9780768488494.pdf
[2013/08/02 16:16:19 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\The Life Giver - Copy.pdf
[2013/08/02 16:16:19 | 002,474,695 | ---- | C] () -- C:\Users\Mars\Documents\The Voice How We Can Participate How We should Respond.pdf
[2013/08/02 16:16:19 | 002,243,280 | ---- | C] () -- C:\Users\Mars\Documents\The New How to Study Your Bible - Arthur, Kay.pdf
[2013/08/02 16:16:19 | 001,795,859 | ---- | C] () -- C:\Users\Mars\Documents\The Power of the Cross_ Epicenter of Glo - Chavda, Mahesh.pdf
[2013/08/02 16:16:18 | 002,800,508 | ---- | C] () -- C:\Users\Mars\Documents\The Daily Prophecy_ Your Future Revealed - Kunneman, Brenda.pdf
[2013/08/02 16:16:18 | 001,890,800 | ---- | C] () -- C:\Users\Mars\Documents\SemGuide.pdf
[2013/08/02 16:16:18 | 001,388,279 | ---- | C] () -- C:\Users\Mars\Documents\Satan, You Can't Have My Miracle_ A spir - Delgado, Iris.pdf
[2013/08/02 16:16:18 | 001,160,875 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 3 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 001,154,699 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 1 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 001,131,360 | ---- | C] () -- C:\Users\Mars\Documents\The Bible Tells Me So, Volume 2 (First S - Loth, Paul J_.pdf
[2013/08/02 16:16:18 | 000,961,077 | ---- | C] () -- C:\Users\Mars\Documents\Spiritual Revolution_ Experience the Sup - King, Patricia.pdf
[2013/08/02 16:16:18 | 000,693,527 | ---- | C] () -- C:\Users\Mars\Documents\RiverGlory.pdf
[2013/08/02 16:16:18 | 000,630,138 | ---- | C] () -- C:\Users\Mars\Documents\Stop The Bully_ Cures for the Bully Epid - King, Patricia.pdf
[2013/08/02 16:16:18 | 000,505,301 | ---- | C] () -- C:\Users\Mars\Documents\revivalglory.pdf
[2013/08/02 16:16:18 | 000,208,896 | ---- | C] () -- C:\Users\Mars\Documents\Rumors Of War.pdf
[2013/08/02 16:16:17 | 012,718,589 | ---- | C] () -- C:\Users\Mars\Documents\receive-prophecy-from-global-community.pdf
[2013/08/02 16:16:17 | 002,022,720 | ---- | C] () -- C:\Users\Mars\Documents\Praying-the-Scriptures-by-Judson-Cornwall.pdf
[2013/08/02 16:16:16 | 014,903,490 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Rout-Demons-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:16 | 007,315,656 | ---- | C] () -- C:\Users\Mars\Documents\Praying the Bible_ Pathway to Spirituali - Wesley Campbell.pdf
[2013/08/02 16:16:16 | 005,634,690 | ---- | C] () -- C:\Users\Mars\Documents\Praying the Bible Book of Prayers_ Prayi - Wesley Campbell;Stacey Campbell.pdf
[2013/08/02 16:16:16 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Bring-Healing-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:16 | 000,597,526 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-that-release-heaven-on-earth-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:15 | 001,423,221 | ---- | C] () -- C:\Users\Mars\Documents\Prayers that Move Mountains_ Powerful pr - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,962,358 | ---- | C] () -- C:\Users\Mars\Documents\Prayer in Another Dimension_ Discover th - Curran, Sue.pdf
[2013/08/02 16:16:15 | 000,856,732 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,815,664 | ---- | C] () -- C:\Users\Mars\Documents\Possessing Your Healing_ Taking Authorit - Bridges, Kynan.pdf
[2013/08/02 16:16:15 | 000,671,702 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-That-Bring-Change-by-Kimberly-Daniels - Copy.pdf
[2013/08/02 16:16:15 | 000,623,374 | ---- | C] () -- C:\Users\Mars\Documents\Prayers-that-activate-blessings-John-Eckhardt - Copy.pdf
[2013/08/02 16:16:15 | 000,568,188 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Break Curses_ Prayers for b - Eckhardt, John.pdf
[2013/08/02 16:16:15 | 000,568,188 | ---- | C] () -- C:\Users\Mars\Documents\Prayers That Break Curses_ Prayers for b - Eckhardt, John - Copy.pdf
[2013/08/02 16:16:15 | 000,321,239 | ---- | C] () -- C:\Users\Mars\Documents\parent-ver-sch-0-6yrsShotRecord.pdf
[2013/08/02 16:16:15 | 000,270,343 | ---- | C] () -- C:\Users\Mars\Documents\No_Fear_Here-Ebook.pdf
[2013/08/02 16:16:15 | 000,129,596 | ---- | C] () -- C:\Users\Mars\Documents\OvercomeBlocks and Hinder.pdf
[2013/08/02 16:16:14 | 026,180,435 | ---- | C] () -- C:\Users\Mars\Documents\NIV Women's Devotional Bible - Zondervan.pdf
[2013/08/02 16:16:13 | 002,532,688 | ---- | C] () -- C:\Users\Mars\Documents\My Time With God New Testament Devotions - Loth, Paul J_.pdf
[2013/08/02 16:16:13 | 002,389,847 | ---- | C] () -- C:\Users\Mars\Documents\May_2012_Newsletter.pdf
[2013/08/02 16:16:13 | 002,284,165 | ---- | C] () -- C:\Users\Mars\Documents\Limitless Love_ A 365-Day Devotional - Copeland, Gloria.pdf
[2013/08/02 16:16:13 | 002,283,780 | ---- | C] () -- C:\Users\Mars\Documents\Light Belongs in the Darkness_ Finding Y - King, Patricia.pdf
[2013/08/02 16:16:13 | 001,854,843 | ---- | C] () -- C:\Users\Mars\Documents\Mar12_news.pdf
[2013/08/02 16:16:13 | 001,709,859 | ---- | C] () -- C:\Users\Mars\Documents\My Time With God Old Testament Devotions - Loth, Paul J_.pdf
[2013/08/02 16:16:13 | 000,659,167 | ---- | C] () -- C:\Users\Mars\Documents\Living_In_Heavens_Blessing_Now.pdf
[2013/08/02 16:16:13 | 000,423,772 | ---- | C] () -- C:\Users\Mars\Documents\lawsofprosperity.pdf
[2013/08/02 16:16:13 | 000,278,805 | ---- | C] () -- C:\Users\Mars\Documents\keys-for-accelerated-change.pdf
[2013/08/02 16:16:13 | 000,173,811 | ---- | C] () -- C:\Users\Mars\Documents\LiveLongFinish_Online_Leaders_Guide.pdf
[2013/08/02 16:16:12 | 002,325,965 | ---- | C] () -- C:\Users\Mars\Documents\Jesus Calling_ 365 Devotions For Kids_ T - Young, Sarah.pdf
[2013/08/02 16:16:12 | 001,809,200 | ---- | C] () -- C:\Users\Mars\Documents\Jesus Calling_ Enjoying Peace in His Pre - Young, Sarah.pdf
[2013/08/02 16:16:12 | 000,743,668 | ---- | C] () -- C:\Users\Mars\Documents\Jerusalem.pdf
[2013/08/02 16:16:11 | 013,500,693 | ---- | C] () -- C:\Users\Mars\Documents\IntheZoneEBOOK.pdf
[2013/08/02 16:16:11 | 013,500,693 | ---- | C] () -- C:\Users\Mars\Documents\IntheZoneEBOOK - Copy.pdf
[2013/08/02 16:16:11 | 001,063,451 | ---- | C] () -- C:\Users\Mars\Documents\how-to-train-your-imagination-youhub.pdf
[2013/08/02 16:16:11 | 000,210,112 | ---- | C] () -- C:\Users\Mars\Documents\How-to-Receive-Revelation-Knowledge.pdf
[2013/08/02 16:16:10 | 013,109,628 | ---- | C] () -- C:\Users\Mars\Documents\how-to-prophesy-in-boldness.pdf
[2013/08/02 16:16:10 | 010,421,154 | ---- | C] () -- C:\Users\Mars\Documents\how-to-go-into-heavely-realms.pdf
[2013/08/02 16:16:10 | 002,620,410 | ---- | C] () -- C:\Users\Mars\Documents\-How-to-Meditate-God-s-Word-Dennis-Burke.pdf
[2013/08/02 16:16:09 | 016,681,705 | ---- | C] () -- C:\Users\Mars\Documents\how-to-be-appointed-as-a-prophet-to-the-nations.pdf
[2013/08/02 16:16:09 | 016,602,410 | ---- | C] () -- C:\Users\Mars\Documents\how-to-encounter-jesus-face-to-face.pdf
[2013/08/02 16:16:08 | 006,056,505 | ---- | C] () -- C:\Users\Mars\Documents\Help_God_Im_Broke_Ebook.pdf
[2013/08/02 16:16:08 | 002,761,154 | ---- | C] () -- C:\Users\Mars\Documents\Holiness Day by Day_ Transformational Th - Jerry Bridges.pdf
[2013/08/02 16:16:08 | 002,536,466 | ---- | C] () -- C:\Users\Mars\Documents\How to Experience God.pdf
[2013/08/02 16:16:08 | 001,245,148 | ---- | C] () -- C:\Users\Mars\Documents\Holy Habits_ A Woman's Guide to Intentio - Wilson, Marilyn.pdf
[2013/08/02 16:16:08 | 001,222,329 | ---- | C] () -- C:\Users\Mars\Documents\How To Walk In The Supernatural Power Of - Maldonado, Guillermo.pdf
[2013/08/02 16:16:08 | 000,246,310 | ---- | C] () -- C:\Users\Mars\Documents\How To Study the Bible.pdf
[2013/08/02 16:16:07 | 006,056,505 | ---- | C] () -- C:\Users\Mars\Documents\Help_God_Im_Broke_Ebook - Copy.pdf
[2013/08/02 16:16:07 | 002,873,392 | ---- | C] () -- C:\Users\Mars\Documents\God's Word in My Heart - Loth, Paul J_.pdf
[2013/08/02 16:16:07 | 001,296,563 | ---- | C] () -- C:\Users\Mars\Documents\Handle with Prayer_ Unwrap the Source of - Stanley, Charles.pdf
[2013/08/02 16:16:07 | 000,882,455 | ---- | C] () -- C:\Users\Mars\Documents\God's Supernatural Power - Conner, Bobby.pdf
[2013/08/02 16:16:07 | 000,877,773 | ---- | C] () -- C:\Users\Mars\Documents\Healing The Whole Man Handbook - Hunter, Joan.pdf
[2013/08/02 16:16:07 | 000,185,300 | ---- | C] () -- C:\Users\Mars\Documents\Healing_Scriptures.pdf
[2013/08/02 16:16:07 | 000,185,300 | ---- | C] () -- C:\Users\Mars\Documents\Healing_Scriptures - Copy.pdf
[2013/08/02 16:16:07 | 000,017,082 | ---- | C] () -- C:\Users\Mars\Documents\Having Ears to Hear Study Notes.pdf
[2013/08/02 16:16:06 | 003,598,351 | ---- | C] () -- C:\Users\Mars\Documents\God Takes Care of Me (First Steps Devoti - Loth, Paul J_.pdf
[2013/08/02 16:16:06 | 003,080,563 | ---- | C] () -- C:\Users\Mars\Documents\Glory.pdf
[2013/08/02 16:16:06 | 002,996,838 | ---- | C] () -- C:\Users\Mars\Documents\God's Plan For Our Success Nehemiah's Way(1).pdf
[2013/08/02 16:16:06 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\Godly Success - Copy.pdf
[2013/08/02 16:16:06 | 001,181,232 | ---- | C] () -- C:\Users\Mars\Documents\God, You've Got Mail_ 15 Keys to Abundan - Crawford, Danette.pdf
[2013/08/02 16:16:06 | 001,110,946 | ---- | C] () -- C:\Users\Mars\Documents\Glory Of God_ Experience a Supernatural - Maldonado, Guillermo.pdf
[2013/08/02 16:16:06 | 000,937,359 | ---- | C] () -- C:\Users\Mars\Documents\God's Promises for Your Every Need_ 25th - Nelson, Thomas.pdf
[2013/08/02 16:16:05 | 003,851,162 | ---- | C] () -- C:\Users\Mars\Documents\Finding Father - Jones, A.J_.pdf
[2013/08/02 16:16:05 | 003,764,624 | ---- | C] () -- C:\Users\Mars\Documents\First Steps Devotions for Families with - Loth, Paul J_.pdf
[2013/08/02 16:16:05 | 000,990,017 | ---- | C] () -- C:\Users\Mars\Documents\Fasting and Prayer_ God's Nuclear Power - Brooks, Steven.pdf
[2013/08/02 16:16:05 | 000,524,374 | ---- | C] () -- C:\Users\Mars\Documents\Faith_and_Patience.pdf
[2013/08/02 16:16:05 | 000,524,374 | ---- | C] () -- C:\Users\Mars\Documents\Faith_and_Patience(1).pdf
[2013/08/02 16:16:05 | 000,176,810 | ---- | C] () -- C:\Users\Mars\Documents\FreedomFromFear.pdf
[2013/08/02 16:16:05 | 000,031,288 | ---- | C] () -- C:\Users\Mars\Documents\fatherloveLett.pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\EyesOf Honor9780768488296.pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\EyesOf Honor 9780768488296(1).pdf
[2013/08/02 16:16:04 | 003,204,929 | ---- | C] () -- C:\Users\Mars\Documents\Eyes Of Honor Copy.pdf
[2013/08/02 16:16:04 | 001,395,618 | ---- | C] () -- C:\Users\Mars\Documents\faith By faith By Ken and Gloria Copeland.pdf
[2013/08/02 16:16:04 | 001,112,949 | ---- | C] () -- C:\Users\Mars\Documents\Experiencing the Heavenly Realm_ Keys to - Franklin, Judy.pdf
[2013/08/02 16:16:03 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Documents\EbookGreaterThings_Complete.pdf
[2013/08/02 16:16:03 | 004,292,336 | ---- | C] () -- C:\Users\Mars\Documents\EbookGreaterThings_Complete - Copy.pdf
[2013/08/02 16:16:03 | 002,082,866 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee.pdf
[2013/08/02 16:16:03 | 002,082,866 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee - Copy.pdf
[2013/08/02 16:16:03 | 002,029,399 | ---- | C] () -- C:\Users\Mars\Documents\ebookeyes_thatsee1.pdf
[2013/08/02 16:16:02 | 008,326,262 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges1.pdf
[2013/08/02 16:16:02 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF1.pdf
[2013/08/02 16:16:02 | 002,242,526 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF1 - Copy.pdf
[2013/08/02 16:16:02 | 002,180,860 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF.pdf
[2013/08/02 16:16:02 | 002,180,860 | ---- | C] () -- C:\Users\Mars\Documents\ebookearsthathear PDF - Copy.pdf
[2013/08/02 16:16:01 | 008,425,022 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges.pdf
[2013/08/02 16:16:01 | 008,425,022 | ---- | C] () -- C:\Users\Mars\Documents\EBOOKDominion-Surges - Copy.pdf
[2013/08/02 16:16:01 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld.pdf
[2013/08/02 16:16:00 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-122LoveLetters.pdf
[2013/08/02 16:16:00 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld(1).pdf
[2013/08/02 16:16:00 | 003,100,344 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-CreateYourWorld - Copy.pdf
[2013/08/02 16:15:59 | 012,344,536 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-122LoveLetters - Copy.pdf
[2013/08/02 16:15:59 | 004,474,754 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-12FACTSaboutTONGES.pdf
[2013/08/02 16:15:59 | 004,474,754 | ---- | C] () -- C:\Users\Mars\Documents\Ebook-12FACTSaboutTONGES(1).pdf
[2013/08/02 16:15:58 | 010,038,457 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_DecreesInspiredByThePsalms.pdf
[2013/08/02 16:15:58 | 005,927,766 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_alignedheaven.pdf
[2013/08/02 16:15:58 | 005,927,766 | ---- | C] () -- C:\Users\Mars\Documents\Ebook_alignedheaven - Copy.pdf
[2013/08/02 16:15:58 | 001,116,084 | ---- | C] () -- C:\Users\Mars\Documents\Developing a Supernatural Lifestyle_ A P - Vallotton, Kris.pdf
[2013/08/02 16:15:58 | 000,540,825 | ---- | C] () -- C:\Users\Mars\Documents\dream_big.pdf
[2013/08/02 16:15:58 | 000,054,644 | ---- | C] () -- C:\Users\Mars\Documents\DHMH K12 Immunz Requirments.pdf
[2013/08/02 16:15:57 | 007,159,992 | ---- | C] () -- C:\Users\Mars\Documents\Decree_EBOOK.pdf
[2013/08/02 16:15:57 | 004,638,161 | ---- | C] () -- C:\Users\Mars\Documents\Designed for Devotion_ A 365-Day Journey - Matthews, Dianne Neal.pdf
[2013/08/02 16:15:57 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\Define Your Destiny Through Prayer - Copy.pdf
[2013/08/02 16:15:57 | 003,653,178 | ---- | C] () -- C:\Users\Mars\Documents\Dare to Believe - Copy.pdf
[2013/08/02 16:15:56 | 002,419,687 | ---- | C] () -- C:\Users\Mars\Documents\Born To Create supernatural in your Destiny 9780768488180.pdf
[2013/08/02 16:15:56 | 002,419,687 | ---- | C] () -- C:\Users\Mars\Documents\Born To Create Copy.pdf
[2013/08/02 16:15:56 | 001,817,050 | ---- | C] () -- C:\Users\Mars\Documents\Dancing with Angels 2_ The Role of the H - Basconi, Kevin.pdf
[2013/08/02 16:15:56 | 001,625,025 | ---- | C] () -- C:\Users\Mars\Documents\Dancing with Angels_ How You Can Work Wi - Basconi, Kevin.pdf
[2013/08/02 16:15:56 | 000,596,704 | ---- | C] () -- C:\Users\Mars\Documents\Daily Scripture Reading and Meditation_ - Coleman, Gloria.pdf
[2013/08/02 16:15:56 | 000,414,901 | ---- | C] () -- C:\Users\Mars\Documents\Build your Financial Fountain.pdf
[2013/08/02 16:15:56 | 000,154,441 | ---- | C] () -- C:\Users\Mars\Documents\blessing_for_your_children.pdf
[2013/08/02 16:15:56 | 000,046,170 | ---- | C] () -- C:\Users\Mars\Documents\Christian-Dream-Interpretation.pdf
[2013/08/02 16:15:55 | 008,775,700 | ---- | C] () -- C:\Users\Mars\Documents\Big Book of All-Time Favorite Bible Stor - Beers, V. Gilbert.pdf
[2013/08/02 16:15:55 | 007,732,188 | ---- | C] () -- C:\Users\Mars\Documents\Becoming a Prayer Warrior_ A Guide to Ef - Beth Alves.pdf
[2013/08/02 16:15:55 | 004,517,247 | ---- | C] () -- C:\Users\Mars\Documents\BibleNewInternationalVersionPDF.pdf
[2013/08/02 16:15:54 | 033,801,943 | ---- | C] () -- C:\Users\Mars\Documents\april 12 d.pdf
[2013/08/02 16:15:53 | 018,326,783 | ---- | C] () -- C:\Users\Mars\Documents\angels-visitations-the-audible-voice-of-the-lord.pdf
[2013/08/02 16:15:53 | 003,120,630 | ---- | C] () -- C:\Users\Mars\Documents\Angels In The Realm Of Heaven.pdf
[2013/08/02 16:15:53 | 001,876,706 | ---- | C] () -- C:\Users\Mars\Documents\Another10DaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:52 | 007,817,312 | ---- | C] () -- C:\Users\Mars\Documents\amp.pdf
[2013/08/02 16:15:52 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\9780768488081(1) Define Your Destiny Through Prayer.pdf
[2013/08/02 16:15:52 | 004,313,613 | ---- | C] () -- C:\Users\Mars\Documents\9780768488081 Define Your Destiny Through Prayer.pdf
[2013/08/02 16:15:52 | 001,619,354 | ---- | C] () -- C:\Users\Mars\Documents\A Book of Prayer - Omartian, Stormie.pdf
[2013/08/02 16:15:52 | 000,903,620 | ---- | C] () -- C:\Users\Mars\Documents\A Divine Revelation of Spiritual Warfare - T. L., Lowery.pdf
[2013/08/02 16:15:51 | 002,922,114 | ---- | C] () -- C:\Users\Mars\Documents\9780768487886 Open Heaven the Secret Power of Door Keeper.pdf
[2013/08/02 16:15:51 | 002,912,477 | ---- | C] () -- C:\Users\Mars\Documents\9780768484991.pdf
[2013/08/02 16:15:51 | 002,912,477 | ---- | C] () -- C:\Users\Mars\Documents\9780768484991 (1).pdf
[2013/08/02 16:15:51 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\9780768441420(1)The Life Giver.pdf
[2013/08/02 16:15:51 | 002,551,829 | ---- | C] () -- C:\Users\Mars\Documents\9780768441420 The Life Giver.pdf
[2013/08/02 16:15:51 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\9780768441260Godly Success.pdf
[2013/08/02 16:15:51 | 001,990,298 | ---- | C] () -- C:\Users\Mars\Documents\9780768441260(1)Godly Success.pdf
[2013/08/02 16:15:50 | 003,682,261 | ---- | C] () -- C:\Users\Mars\Documents\118418399-Healing-Through-Spiritual-Warfare-Peggy-Scarborough.pdf
[2013/08/02 16:15:50 | 003,653,178 | ---- | C] () -- C:\Users\Mars\Documents\9780768440973(1)Dare to Believe.pdf
[2013/08/02 16:15:50 | 001,425,539 | ---- | C] () -- C:\Users\Mars\Documents\114021710-The-Holy-Spirit-and-His-Gifts-by-Kenneth-e-Hagin.pdf
[2013/08/02 16:15:50 | 000,532,515 | ---- | C] () -- C:\Users\Mars\Documents\114224646-You-Shall-Receive-Power-by-Derek-Prince.pdf
[2013/08/02 16:15:49 | 014,903,490 | ---- | C] () -- C:\Users\Mars\Documents\113857365-Prayers-That-Rout-Demons-John-Eckhardt.pdf
[2013/08/02 16:15:49 | 007,931,316 | ---- | C] () -- C:\Users\Mars\Documents\112491828-Commanding-Your-Morning-by-Cindy-Trimm.pdf
[2013/08/02 16:15:49 | 002,211,894 | ---- | C] () -- C:\Users\Mars\Documents\113777499-If-You-Need-Healing-Do-These-Things-by-Oral-Roberts.pdf
[2013/08/02 16:15:49 | 000,671,702 | ---- | C] () -- C:\Users\Mars\Documents\113857348-Prayers-That-Bring-Change-by-Kimberly-Daniels.pdf
[2013/08/02 16:15:48 | 004,016,750 | ---- | C] () -- C:\Users\Mars\Documents\103400447-Catching-the-Initiatives-of-Heaven-Dennis-Walker.pdf
[2013/08/02 16:15:48 | 003,535,743 | ---- | C] () -- C:\Users\Mars\Documents\89445266-Understanding-How-to-Fight-the-Good-Fight-of-Faith-Kenneth-Hagin.pdf
[2013/08/02 16:15:48 | 002,562,512 | ---- | C] () -- C:\Users\Mars\Documents\365 daysofhealing.pdf
[2013/08/02 16:15:48 | 000,862,066 | ---- | C] () -- C:\Users\Mars\Documents\82842139-The-Power-of-the-Blood-H-A-Maxwell-Whyte.pdf
[2013/08/02 16:15:48 | 000,739,457 | ---- | C] () -- C:\Users\Mars\Documents\110926966-How-To-Hear-From-God-Joyce-Meyer.pdf
[2013/08/02 16:15:48 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\95144332-Prayers-That-Bring-Healing-John-Eckhardt.pdf
[2013/08/02 16:15:48 | 000,623,374 | ---- | C] () -- C:\Users\Mars\Documents\102807258-Prayers-that-activate-blessings-John-Eckhardt.pdf
[2013/08/02 16:15:48 | 000,597,526 | ---- | C] () -- C:\Users\Mars\Documents\102807454-Prayers-that-release-heaven-on-earth-John-Eckhardt.pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF.pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF(1).pdf
[2013/08/02 16:15:47 | 003,020,340 | ---- | C] () -- C:\Users\Mars\Documents\50 Days of Prosperity Series PG Study Notes PDF - Copy.pdf
[2013/08/02 16:15:47 | 001,157,263 | ---- | C] () -- C:\Users\Mars\Documents\65 Promises from God for Your Child_ Pow - Shreve, Mike.pdf
[2013/08/02 16:15:47 | 000,490,036 | ---- | C] () -- C:\Users\Mars\Documents\10MoreDaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:47 | 000,477,042 | ---- | C] () -- C:\Users\Mars\Documents\10DaysofProsperity_GeorgePearsons.pdf
[2013/08/02 16:15:47 | 000,412,963 | ---- | C] () -- C:\Users\Mars\Documents\31 Powerful Prayers - Guaranteed To Make - Coleman, Gloria.pdf
[2013/08/02 16:15:47 | 000,316,793 | ---- | C] () -- C:\Users\Mars\Documents\31 Powerful Prayers For Children - Guara - Coleman, Gloria.pdf
[2013/08/02 16:15:46 | 001,878,803 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of True Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,878,803 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of True Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 001,369,813 | ---- | C] () -- C:\Users\Mars\Documents\10 Marvelous Days of Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,369,813 | ---- | C] () -- C:\Users\Mars\Documents\10 Marvelous Days of Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 001,358,485 | ---- | C] () -- C:\Users\Mars\Documents\10 Awesome Days of Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 001,358,485 | ---- | C] () -- C:\Users\Mars\Documents\10 Awesome Days of Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 000,578,398 | ---- | C] () -- C:\Users\Mars\Documents\10 Glorious Days of Prosperity Series PG Study Notes PDF.pdf
[2013/08/02 16:15:46 | 000,558,701 | ---- | C] () -- C:\Users\Mars\Documents\10 More Extraordinary Days of Prosperity Series PG Study Notes.pdf
[2013/08/02 16:15:46 | 000,555,507 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of Kingdom Prosperity Study Notes.pdf
[2013/08/02 16:15:46 | 000,555,507 | ---- | C] () -- C:\Users\Mars\Documents\10 Days of Kingdom Prosperity Study Notes - Copy.pdf
[2013/08/02 16:15:46 | 000,133,097 | ---- | C] () -- C:\Users\Mars\Documents\4-keys-lesson-5-remove-idols-from-heart.pdf
[2013/08/02 16:15:45 | 006,460,153 | ---- | C] () -- C:\Users\Mars\Documents\4 Keys to Hearing God's Voice - Virkler, Mark.pdf
[2013/08/02 16:15:45 | 003,260,110 | ---- | C] () -- C:\Users\Mars\Documents\1EyesOf Honor9780768488296.pdf
[2013/08/02 16:15:45 | 002,828,289 | ---- | C] () -- C:\Users\Mars\Documents\1God's Plan For Our Success Nehemiah's Way(1).pdf
[2013/08/02 16:15:45 | 002,541,657 | ---- | C] () -- C:\Users\Mars\Documents\1The Life Giver9780768441420.pdf
[2013/08/02 16:15:45 | 002,326,452 | ---- | C] () -- C:\Users\Mars\Documents\1Glory.pdf
[2013/08/02 16:15:45 | 001,823,215 | ---- | C] () -- C:\Users\Mars\Documents\1Godly Success9780768441260.pdf
[2013/08/02 16:15:44 | 007,277,220 | ---- | C] () -- C:\Users\Mars\Documents\1Decree_EBOOK.pdf
[2013/08/02 16:15:44 | 003,358,158 | ---- | C] () -- C:\Users\Mars\Documents\1 Understanding bible Mysteries.pdf
[2013/08/02 16:15:44 | 002,730,104 | ---- | C] () -- C:\Users\Mars\Documents\1 Psalm 91_ Real-Life Stories of God's Shi - Ruth, Peggy Joyce.pdf
[2013/08/02 16:15:44 | 002,714,763 | ---- | C] () -- C:\Users\Mars\Documents\1 The Frontier Boys 9780768488494.pdf
[2013/08/02 16:15:44 | 001,404,688 | ---- | C] () -- C:\Users\Mars\Documents\1 The-Holy-Spirit-and-His-Gifts-by-Kenneth-e-Hagin - Copy.pdf
[2013/08/02 16:15:44 | 000,671,054 | ---- | C] () -- C:\Users\Mars\Documents\1Commanding Your Morning_ Unleashing the - Trimm, Cindy.pdf
[2013/08/02 16:15:44 | 000,319,813 | ---- | C] () -- C:\Users\Mars\Documents\1Decree - Third Edition.pdf
[2013/08/02 16:15:43 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK.pdf
[2013/08/02 16:15:43 | 001,788,411 | ---- | C] () -- C:\Users\Mars\Documents\1 Jesus Calling_ Enjoying Peace in His Pre - Young, Sarah.pdf
[2013/08/02 16:15:43 | 001,423,221 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers that Move Mountains_ Powerful pr - Eckhardt, John - Copy.pdf
[2013/08/02 16:15:43 | 000,838,129 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/08/02 16:15:43 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers-That-Bring-Healing-John-Eckhardt - Copy - Copy.pdf
[2013/08/02 16:15:43 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers-That-Bring-Healing-John-Eckhardt - Copy - Copy - Copy.pdf
[2013/08/02 16:15:42 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK - Copy.pdf
[2013/08/02 16:15:41 | 013,796,053 | ---- | C] () -- C:\Users\Mars\Documents\1 IntheZoneEBOOK - Copy (2).pdf
[2013/08/02 16:15:41 | 005,929,955 | ---- | C] () -- C:\Users\Mars\Documents\1 Help_God_Im_Broke_Ebook.pdf
[2013/08/02 16:15:41 | 005,929,955 | ---- | C] () -- C:\Users\Mars\Documents\1 Help_God_Im_Broke_Ebook - Copy.pdf
[2013/08/02 16:15:40 | 004,208,918 | ---- | C] () -- C:\Users\Mars\Documents\1 Define Your Destiny Through Prayer 9780768488081.pdf
[2013/08/02 16:15:40 | 002,996,770 | ---- | C] () -- C:\Users\Mars\Documents\1 Ebook-CreateYourWorld.pdf
[2013/08/02 16:15:40 | 002,996,770 | ---- | C] () -- C:\Users\Mars\Documents\1 Ebook-CreateYourWorld - Copy.pdf
[2013/08/02 16:15:40 | 002,423,804 | ---- | C] () -- C:\Users\Mars\Documents\1 The Voice How We Can Participate How We should Respond.pdf
[2013/08/02 16:15:40 | 000,951,027 | ---- | C] () -- C:\Users\Mars\Documents\1 Spiritual Revolution_ Experience the Sup - King, Patricia.pdf
[2013/08/02 16:15:40 | 000,571,803 | ---- | C] () -- C:\Users\Mars\Documents\1 Prayers That Break Curses_ Prayers for b - Eckhardt, John.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF - Copy.pdf
[2013/08/02 16:15:39 | 004,163,225 | ---- | C] () -- C:\Users\Mars\Documents\1 BibleNewInternationalVersionPDF - Copy (2).pdf
[2013/08/02 16:15:39 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(2)Dare to Believe1 - Copy.pdf
[2013/08/02 16:15:39 | 000,190,616 | ---- | C] () -- C:\Users\Mars\Documents\0-6yrs-schedule-pr.pdf
[2013/08/02 16:15:38 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(1)Dare to Believe1.pdf
[2013/08/02 16:15:38 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(1)Dare to Believe1 - Copy.pdf
[2013/08/02 16:15:38 | 002,870,609 | ---- | C] () -- C:\Users\Mars\Documents\(1)Open Heaven the Secret Power of Door Keeper 9780768487886.pdf
[2013/08/02 16:15:38 | 002,570,714 | ---- | C] () -- C:\Users\Mars\Documents\(1)Born To Create supernatural in your Destiny1.pdf
[2013/08/02 16:15:37 | 005,816,617 | ---- | C] () -- C:\Users\Mars\Documents\(1)4 Keys to Hearing God's Voice - Virkler, Mark.pdf
[2013/08/02 16:15:37 | 000,636,167 | ---- | C] () -- C:\Users\Mars\Documents\(1) 20120709-Calendar-English-FINAL.pdf
[2013/08/02 16:15:37 | 000,409,396 | ---- | C] () -- C:\Users\Mars\Documents\You-Can-Hear-God's-Voice.pdf
[2013/08/02 16:15:37 | 000,176,873 | ---- | C] () -- C:\Users\Mars\Documents\welcomefamily.pdf
[2013/08/02 16:15:37 | 000,095,541 | ---- | C] () -- C:\Users\Mars\Documents\weight petition.pdf
[2013/08/02 01:10:16 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8271c96-c82f-4c9e-af98-08c6300f2585.job
[2013/08/02 01:10:16 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6c3cdca8-ce8e-4736-bd73-56f9e5dcea2c.job
[2013/08/02 01:09:26 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/01 23:09:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 22:47:04 | 000,417,513 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/08/01 22:46:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/01 22:35:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/01 22:35:32 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/01 22:35:28 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/01 22:35:28 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/08/01 22:35:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/08/01 15:13:52 | 000,000,675 | ---- | C] () -- C:\Users\Mars\Documents\Document.rtf
[2013/07/30 01:46:25 | 000,000,530 | ---- | C] () -- C:\Users\Mars\Documents\A touch of heaven review.rtf
[2013/07/29 22:05:21 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/29 10:34:39 | 000,002,138 | ---- | C] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/07/29 10:34:39 | 000,002,136 | ---- | C] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/07/29 10:34:37 | 000,001,343 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2013/07/28 18:58:43 | 000,001,335 | ---- | C] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/28 18:58:43 | 000,001,139 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/28 18:04:36 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/07/23 15:49:09 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:32:32 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 02:01:20 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/07/23 01:58:40 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:52:49 | 000,000,017 | ---- | C] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:48:55 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013/07/23 01:47:08 | 000,015,762 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2013/07/23 01:34:02 | 2962,255,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/23 00:57:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/07/23 00:45:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/07/22 23:44:35 | 000,002,283 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:44:35 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/22 23:38:12 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 23:38:11 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 23:29:58 | 000,001,441 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Times Reader.lnk
[2013/07/22 23:24:18 | 000,000,290 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/22 23:24:18 | 000,000,272 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/07/22 23:24:17 | 000,001,417 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/31 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/08/02 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\FFP
[2013/07/28 18:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TFP
[2013/08/09 05:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TP
[2013/08/06 22:27:23 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\uTorrent
[2013/08/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#11
godawgs
Posted 10 August 2013 - 10:08 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

One of the Application remove my torch browser and my video converter can you help me restore it back.

AdwCleaner removed the registry key for Freemaker Video and JRT removed the Torch entries. They did this because those programs were flagged as malicious.
If you want them back they will need to be re-installed. I don't recommend that. I would recommend that you go to the list of installed programs in the Control Panel and if they are still listed there, uninstall them. You are looking for:

Freemake Video Converter version 4.0.2
Torch

If you need help doing that just let me know.
If you want them back you will need to see if they are still in the list of installed programs and then uninstall them and then re-install them.
Let me know what you want to do.

I just unstall MBAM application and get this this file my desktop "desktop.ini". Can you tell me what that is?

I wish you hadn't uninstalled MBAM. You didn't have it remove any of the things it found:

Files Detected: 4
F:\Users\Mars\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> No action taken.
F:\Users\Mars\Mars\GOMPLAYERENSETUP.EXE (PUP.Optional.AskToolbar) -> No action taken.
F:\Users\Mars\Mars 5\windows.7.codec.pack.v4.0.4.setup.exe (PUP.Dealio.TB) -> No action taken.
F:\Users\Mars\Mars Extra\Marsha\GOMPLAYERENSETUP.EXE (PUP.Optional.AskToolbar) -> No action taken.

We will take care of those another way.

The desktop.ini file on the desktop is normal. You have never seen it before because it is a hidden system file and some of the tools used unhides all files so we can get an accurate view of them. We will re-hide the files when we clean up. DON'T do anything to it.

Next we are going to run an on line scan, check the hard drive for errors and see if any programs need to be updated. Please let me know how the computer is behaving after this run.

NOTE: Please disable any screen saver you might have running before running the ESET scan.

Step-1.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application and screen saver after running the above scan!


Step-2.

Check Hard Disk For Errors:

Please copy everything in the quote box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0


  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
    • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
    • At the bottom in the File Name: box type testhd.bat
    • In the Save as type: box, click the down arrow and click All Files(*.*)<---Very Important
    • Click Save
    This will put a new file on the Desktop named testhd.bat
    The file icon will look like this:
    Posted Image

    Close all open windows and any open Browsers.
  • Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
  • When the command window has closed there will be a new file on the desktop named checkhd.txt
  • Copy and paste the contents of the checkhd.txt file in your next reply.

Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions about the Torch browser and Freemake Video converter programs.
2. The ESET on line scan log (IF it found anything). If it didn't just tell me.
3. The checkhd.txt log
4. The checkup.txt log
5. How is the computer running now?
  • 0

#12
Ayame12
Posted 14 August 2013 - 04:59 AM

Ayame12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Checkhd.txt


The type of the file system is NTFS.
Volume label is Acer.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
157 large file records processed.

0 bad file records processed.

0 EA records processed.

45 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
22730 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

469407743 KB total disk space.
52470376 KB in 94130 files.
56956 KB in 22731 indexes.
0 KB in bad sectors.
258395 KB in use by the system.
65536 KB occupied by the log file.
416622016 KB available on disk.

4096 bytes in each allocation unit.
117351935 total allocation units on disk.
104155504 allocation units available on disk.


2. I do want torch browser and the free video converter back.

3. I will post the rest of the log later on the day.
  • 0

#13
godawgs
Posted 14 August 2013 - 09:28 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I do want torch browser and the free video converter back.

Acknowledged, but don't reinstall them until we are finished.
  • 0

#14
godawgs
Posted 18 August 2013 - 11:02 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP