Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outfox.tv, Computer choppy

Started by WhyOhWireless , Dec 27 2013 04:02 PM

  • Please log in to reply

#1
WhyOhWireless
Posted 27 December 2013 - 04:02 PM

WhyOhWireless

    Member

  • Member
  • PipPip
  • 12 posts
Recently I (stupidly) installed something called 'Outfox.tv' along with some other software. I have uninstalled it, but I would like to know it's really gone. The computer doesn't seem as fast, either.

Adwcleaner didn't detect outfox.

Here is my log.
yOTL logfile created on: 27/12/2013 21:48:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arie\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.80% Memory free
7.96 Gb Paging File | 4.77 Gb Available in Paging File | 59.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.75 Gb Total Space | 244.74 Gb Free Space | 82.19% Space Free | Partition Type: NTFS

Computer Name: ARIE-PC | User Name: Arie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/27 21:47:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arie\Downloads\OTL.exe
PRC - [2013/12/10 00:35:53 | 001,074,480 | ---- | M] (Flexera Software LLC) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
PRC - [2013/12/06 16:23:18 | 000,023,552 | ---- | M] (Fork Ltd.) -- C:\old\Prey\platform\windows\cronsvc.exe
PRC - [2013/10/19 13:54:24 | 001,515,008 | ---- | M] () -- C:\Program Files (x86)\PenWes\PenWesService.exe
PRC - [2013/10/18 16:36:16 | 000,208,688 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
PRC - [2013/10/18 16:34:46 | 001,937,200 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2013/10/18 16:34:00 | 000,539,952 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
PRC - [2013/10/17 09:35:52 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2013/09/30 15:19:00 | 000,054,576 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
PRC - [2013/09/30 15:18:40 | 000,032,560 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
PRC - [2013/09/30 15:17:40 | 000,147,248 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
PRC - [2013/08/22 22:26:22 | 000,039,216 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
PRC - [2013/08/22 22:24:42 | 000,020,272 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
PRC - [2013/08/22 22:19:22 | 005,755,904 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\SMART Technologies\Education Software\ResponseConnectorService.exe
PRC - [2013/08/22 22:18:52 | 019,241,776 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe
PRC - [2013/08/22 22:08:02 | 000,153,392 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Education Software\Notebook Web Helper.exe
PRC - [2013/07/18 14:56:06 | 005,756,416 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
PRC - [2013/06/27 11:35:36 | 000,109,360 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotebookMathHelper.exe
PRC - [2013/04/22 10:46:42 | 001,054,320 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2011/08/08 13:43:58 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011/08/08 13:36:58 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2011/05/09 16:06:02 | 002,750,376 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011/01/16 05:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/06 16:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/07/21 22:46:00 | 000,091,464 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe
PRC - [2009/04/03 18:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/11 03:07:28 | 000,708,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\45d89ae2fb58f7803a6abf7c1e3e896c\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
MOD - [2013/12/11 03:07:27 | 000,738,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\38d862eadfbb5b73d83f8929d00c196b\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
MOD - [2013/12/11 03:07:26 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a9be590e2ec4b558a30794d66ecab180\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
MOD - [2013/12/11 03:07:26 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\89810d29df14584560235fe643bd1240\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
MOD - [2013/12/11 03:07:24 | 001,117,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\151298460fd18062ac7e227a32702899\Microsoft.Office.Tools.Word.Implementation.ni.dll
MOD - [2013/12/11 03:07:23 | 000,676,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\d75145231f3260e91309f803b29d8568\Microsoft.Office.Tools.Word.ni.dll
MOD - [2013/12/11 03:07:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\ba8307a58f05ab7e9d7aac02c9fa2164\Microsoft.Office.Tools.v4.0.Framework.ni.dll
MOD - [2013/12/11 03:07:19 | 000,864,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\bc821e812644287aeac16ca239532dbb\Microsoft.Office.Tools.Common.Implementation.ni.dll
MOD - [2013/12/11 03:07:17 | 000,336,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\2c4529a4afc5b3f02e2f9d97a944277a\Microsoft.Office.Tools.Common.ni.dll
MOD - [2013/12/11 03:07:17 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\45df0a8ffd1e42d78558105f584219da\Microsoft.Office.Tools.ni.dll
MOD - [2013/12/10 01:27:04 | 002,364,840 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.xqilla.vc100.1.1_9ca15c999435ee05_1.0.1.0_none_1bed397492abdaf4\xqilla-vc100-1_0.dll
MOD - [2013/12/10 01:26:51 | 000,033,192 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.xalan.vc100.1.10b_9ca15c999435ee05_1.0.1.0_none_9ad4d479f61e41e3\xalanmsg-vc100-1_10.dll
MOD - [2013/12/10 01:26:47 | 001,030,048 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.js.vc70.1.8_37a8c5fef6a21868_1.0.2.1_none_e909cd048128eadf\js32.dll
MOD - [2013/12/10 01:26:18 | 000,710,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\libAdaptiveUIWPF\cb59bbd7eb444f5242c7951881bbccdc\libAdaptiveUIWPF.ni.dll
MOD - [2013/12/10 01:22:21 | 000,066,976 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_none_a9eddec61c291613\zlib1-vc100-mt-1.2.dll
MOD - [2013/12/10 01:22:04 | 002,310,056 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_none_abdcef110f80cf28\redland-vc100-1_0_9.dll
MOD - [2013/12/10 01:21:26 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2013/12/10 01:21:22 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2013/12/10 01:21:18 | 000,022,440 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
MOD - [2013/12/10 01:21:15 | 000,053,680 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_signals.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_8ce60f5e6bc42419\boost_signals-vc100-mt-1_44.dll
MOD - [2013/12/10 01:21:13 | 000,524,712 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_regex.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_cae4ebd2526cf46f\boost_regex-vc100-mt-1_44.dll
MOD - [2013/12/10 01:21:10 | 000,145,328 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
MOD - [2013/12/10 01:21:07 | 001,488,264 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.activation2.vc100.1.0_37a8c5fef6a21868_1.0.5.0_none_00c39a87f368724c\activation2-vc100-mt-s-x86.dll
MOD - [2013/12/10 01:20:45 | 000,559,488 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.qt.vc100.4.8_37a8c5fef6a21868_1.0.2.0_none_fc4a69fd708c7cb3\QtMultimediaKit1.dll
MOD - [2013/12/10 01:20:45 | 000,124,288 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.qt.vc100.4.8_37a8c5fef6a21868_1.0.2.0_none_fc4a69fd708c7cb3\QtSensors1.dll
MOD - [2013/12/01 22:24:50 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c62769bad8f57b1071071d80fdc5f0cf\System.IdentityModel.ni.dll
MOD - [2013/12/01 22:24:48 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\da2aba8446e56504cc2f6ee5dc357384\System.ServiceModel.ni.dll
MOD - [2013/12/01 22:23:33 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\0ed8d51e6d3b198ec76dd92f63afc04d\System.Data.DataSetExtensions.ni.dll
MOD - [2013/12/01 22:23:18 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\e5a56a4a38559e6e8de77648d2d4f594\UIAutomationProvider.ni.dll
MOD - [2013/12/01 22:23:04 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\30212ac4ab2e8f165a31128a61f678eb\System.EnterpriseServices.ni.dll
MOD - [2013/12/01 22:23:04 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\30212ac4ab2e8f165a31128a61f678eb\System.EnterpriseServices.Wrapper.dll
MOD - [2013/12/01 22:23:03 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\1e2d8f94ba04e5262f8814ce22af6bdb\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/12/01 22:23:03 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9f37a2a23772a8e9dcbef5c6b6ebe0ad\System.Transactions.ni.dll
MOD - [2013/12/01 22:23:02 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fc36679c453643647e96c591827c88ee\System.Runtime.Serialization.ni.dll
MOD - [2013/12/01 22:23:02 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\12d171dd78ad02e8561a46bf266c5394\SMDiagnostics.ni.dll
MOD - [2013/12/01 22:23:00 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4bdadb9a45577af9fc61011b0bba39c3\System.Xml.Linq.ni.dll
MOD - [2013/12/01 22:22:56 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7cc0afe8cb3e759ecb1af93e2d966e9f\Microsoft.VisualC.ni.dll
MOD - [2013/12/01 22:22:50 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\4f3ec31f9377aea8db3d1e325e7e23a8\System.Deployment.ni.dll
MOD - [2013/12/01 22:22:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2013/12/01 22:22:30 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\906825def698b2831547de1c5b8cbbe0\Accessibility.ni.dll
MOD - [2013/12/01 22:18:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/12/01 17:01:12 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2a21510532f520930dba2d111b4ebb5\PresentationFramework.ni.dll
MOD - [2013/12/01 17:00:58 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll
MOD - [2013/12/01 17:00:58 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\01b13b4f315138d1a766091e55affd58\System.Data.ni.dll
MOD - [2013/12/01 17:00:57 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aeb0f87b0bc25143473c460d018a96f7\PresentationCore.ni.dll
MOD - [2013/12/01 17:00:47 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll
MOD - [2013/12/01 17:00:43 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/12/01 17:00:43 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fe3923469740732d7c0c2f35bd1f167e\WindowsBase.ni.dll
MOD - [2013/12/01 17:00:42 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/12/01 17:00:40 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/12/01 17:00:38 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll
MOD - [2013/12/01 17:00:38 | 000,751,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8aa82f86d6290eb261dcfa5b14c3fb37\System.Security.ni.dll
MOD - [2013/12/01 17:00:37 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/12/01 17:00:31 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/12/01 17:00:31 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\91bc7f6fd5295405b227cecc0e232ce8\System.Numerics.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/22 22:20:24 | 000,077,616 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\ClickerAddon.node
MOD - [2013/08/22 22:20:18 | 000,068,400 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\ResponseAddon.node
MOD - [2013/08/22 19:44:18 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
MOD - [2013/08/22 19:44:16 | 000,039,216 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
MOD - [2013/08/22 19:44:10 | 000,053,040 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
MOD - [2013/08/22 19:44:06 | 000,057,648 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
MOD - [2013/08/22 19:43:26 | 000,272,688 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
MOD - [2013/08/19 09:27:22 | 000,460,800 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\ziparchive-vc100-3_1_1a.dll
MOD - [2013/08/06 18:03:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sqlite3.dll
MOD - [2013/07/18 14:25:20 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\Data\lvanlys.dll
MOD - [2013/04/22 10:46:42 | 001,054,320 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2003/05/01 09:35:32 | 005,709,824 | ---- | M] () -- C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\7.0\lvrt.dll
MOD - [2003/04/23 10:49:06 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\7.0\DNCompInfo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/22 13:25:08 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2013/07/19 12:21:14 | 002,179,056 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/11 17:02:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/10 00:35:53 | 001,074,480 | ---- | M] (Flexera Software LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service)
SRV - [2013/12/06 16:23:18 | 000,023,552 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\old\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2013/10/19 13:54:24 | 001,515,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PenWes\PenWesService.exe -- (PenWesController)
SRV - [2013/10/18 16:34:00 | 000,539,952 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService)
SRV - [2013/10/17 09:35:52 | 000,022,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2013/08/22 22:24:42 | 000,020,272 | ---- | M] (SMART Technologies ULC) [Auto | Running] -- C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe -- (Response Hardware)
SRV - [2011/04/01 17:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/01/16 05:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/26 17:00:08 | 000,381,440 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/10/18 16:23:04 | 000,009,216 | ---- | M] (SMART Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2013/10/18 16:22:40 | 000,010,240 | ---- | M] (SMART Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2013/10/18 16:22:34 | 000,022,184 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2013/08/22 12:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/08/13 09:34:50 | 000,120,408 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2013/03/07 09:49:18 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2013/03/07 09:49:18 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/08/05 10:24:26 | 000,292,024 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2011/08/03 20:57:04 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/07/12 20:08:02 | 000,019,904 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 15:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/29 11:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/21 03:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 10:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/11/08 12:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 14:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/08/30 10:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/04/26 11:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/11/14 00:05:36 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/24 11:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 00:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/17 12:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2013/03/07 09:49:20 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A FB 74 D0 B4 EA CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.0.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0a1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 29.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 29.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS

[2013/11/26 16:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arie\AppData\Roaming\Mozilla\Extensions
[2013/12/16 18:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arie\AppData\Roaming\Mozilla\Firefox\Profiles\7mv83k1s.default\extensions
[2013/12/08 12:16:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Arie\AppData\Roaming\Mozilla\Firefox\Profiles\7mv83k1s.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/11/26 16:45:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arie\AppData\Roaming\Mozilla\Firefox\Profiles\7mv83k1s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/12/14 11:41:23 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Arie\AppData\Roaming\Mozilla\Firefox\Profiles\7mv83k1s.default\extensions\[email protected]
[2013/12/16 18:12:07 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Arie\AppData\Roaming\Mozilla\Firefox\Profiles\7mv83k1s.default\extensions\[email protected]
[2013/11/26 16:44:35 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Arie\AppData\Roaming\Mozilla\Firefox\Profiles\7mv83k1s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/26 16:38:16 | 000,010,345 | ---- | M] () -- C:\Users\Arie\AppData\Roaming\Mozilla\Firefox\Profiles\7mv83k1s.default\searchplugins\duckduckgo.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ResponseConnectorService] C:\Program Files (x86)\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe (SMART Technologies)
O4 - HKLM..\Run: [sbsdk-server] C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Ink] C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
O4 - HKLM..\Run: [SMARTNotification] C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe (SMART Technologies)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized File not found
O4 - Startup: C:\Users\Arie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB824FC4-49D1-413F-8871-E0B2E9638AD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB824FC4-49D1-413F-8871-E0B2E9638AD2}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0710FB9-FC5D-4660-9C24-898AC8235DDC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{836ccc40-56bd-11e3-a244-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{836ccc40-56bd-11e3-a244-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{836ccc40-56bd-11e3-a244-806e6f6e6963}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{836ccc40-56bd-11e3-a244-806e6f6e6963}\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/27 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Arie\Documents\evaluations
[2013/12/27 21:37:19 | 000,000,000 | ---D | C] -- C:\Users\Arie\Documents\plans
[2013/12/27 21:37:00 | 000,000,000 | ---D | C] -- C:\Users\Arie\Documents\resources
[2013/12/26 18:11:58 | 000,000,000 | ---D | C] -- C:\Users\Arie\Documents\SMART Response
[2013/12/26 12:17:33 | 000,000,000 | ---D | C] -- C:\Users\Arie\Documents\proformas
[2013/12/23 17:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/12/23 17:16:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/23 17:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0
[2013/12/23 17:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 7.0
[2013/12/23 17:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2013/12/23 16:37:49 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\ElevatedDiagnostics
[2013/12/18 14:00:17 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
[2013/12/18 14:00:07 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\Chromium
[2013/12/18 13:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/18 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\Google
[2013/12/18 00:58:17 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/12/18 00:58:17 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/12/15 23:48:09 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\WinRAR
[2013/12/15 23:47:55 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/12/15 23:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/12/15 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/12/15 23:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiTwin
[2013/12/15 23:34:43 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\XYplorer
[2013/12/15 23:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XYplorer
[2013/12/15 23:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XYplorer
[2013/12/13 16:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[2013/12/13 16:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2013/12/13 16:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2013/12/13 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2013/12/13 16:38:48 | 000,000,000 | ---D | C] -- C:\Users\Arie\Desktop\keys
[2013/12/12 19:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
[2013/12/12 19:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PuTTY
[2013/12/12 19:12:07 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 19:12:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 19:12:06 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 19:12:04 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 17:43:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 17:43:04 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 17:43:04 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 17:43:04 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 17:43:04 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 17:43:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 17:43:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 17:43:03 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 17:43:03 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 17:43:03 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 17:43:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 17:43:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 17:43:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 17:43:01 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 17:43:01 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 17:42:59 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 22:44:55 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\Macromedia
[2013/12/11 18:22:39 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\SumatraPDF
[2013/12/11 18:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SumatraPDF
[2013/12/11 13:03:01 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 13:03:01 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 13:02:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 13:02:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 13:02:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 13:02:57 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 13:02:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 13:02:57 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 13:02:57 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 13:02:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 13:02:57 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 13:02:56 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 13:02:56 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 03:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/12/10 02:29:11 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\assembly
[2013/12/10 02:29:06 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\Deployment
[2013/12/10 02:29:06 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\Apps
[2013/12/10 02:24:14 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\SMART Technologies
[2013/12/10 02:23:18 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\SMART Technologies
[2013/12/10 02:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/12/10 01:27:10 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\SMART Technologies Inc
[2013/12/10 01:27:10 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\SMART Technologies Inc
[2013/12/10 01:25:50 | 000,037,776 | ---- | C] (SMART Technologies ULC) -- C:\Windows\SysNative\smrtlocalmon.dll
[2013/12/10 01:25:50 | 000,022,312 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\SysNative\smrtlocalui.dll
[2013/12/10 01:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Instruments
[2013/12/10 01:24:58 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/12/10 01:22:37 | 000,110,592 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2013/12/10 01:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SMART Technologies
[2013/12/10 01:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2013/12/10 01:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
[2013/12/10 01:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SMART Technologies
[2013/12/10 00:57:23 | 000,000,000 | ---D | C] -- C:\old
[2013/12/10 00:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
[2013/12/10 00:55:40 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\SysWow64\ImageEnXLibrary.ocx
[2013/12/10 00:55:38 | 000,000,000 | ---D | C] -- C:\FreeOCR
[2013/12/10 00:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp
[2013/12/10 00:43:02 | 000,000,000 | ---D | C] -- C:\Users\Arie\Misc
[2013/12/10 00:43:02 | 000,000,000 | ---D | C] -- C:\Users\Arie\Audio
[2013/12/10 00:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/10 00:39:59 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/12/10 00:39:53 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/12/10 00:39:53 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/12/10 00:39:53 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/12/10 00:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/10 00:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/12/10 00:38:26 | 000,000,000 | ---D | C] -- C:\Users\Arie\Desktop\LazyFileSorter
[2013/12/10 00:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013/12/09 13:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013/12/09 13:46:15 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\HP
[2013/12/09 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\HP
[2013/12/09 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/12/09 13:41:24 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l101.dll
[2013/12/09 13:41:20 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/12/09 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/12/09 13:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/12/09 13:35:01 | 001,408,000 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p04b.dll
[2013/12/09 13:35:01 | 001,175,552 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p04b.dll
[2013/12/09 13:35:01 | 000,643,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2013/12/09 13:35:00 | 000,521,216 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p04a.dll
[2013/12/08 21:32:55 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\3909
[2013/12/08 21:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013/12/08 21:32:45 | 000,000,000 | ---D | C] -- C:\GOG Games
[2013/12/08 21:29:33 | 013,024,768 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2013/12/08 21:29:23 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2013/12/08 21:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2013/12/08 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LastPass
[2013/12/08 17:40:55 | 000,000,000 | ---D | C] -- C:\share
[2013/12/08 17:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013/12/03 13:53:15 | 000,000,000 | ---D | C] -- C:\Users\Arie\Desktop\Year Three Curriculum
[2013/12/03 13:39:31 | 000,000,000 | ---D | C] -- C:\Users\Arie\Desktop\Year 3
[2013/12/02 22:50:22 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Roaming\TightVNC
[2013/12/02 22:39:49 | 000,000,000 | ---D | C] -- C:\Users\Arie\AppData\Local\Programs
[2013/12/02 22:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2013/12/02 22:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TightVNC
[2013/12/02 22:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2013/12/02 00:26:23 | 000,000,000 | ---D | C] -- C:\[PHOTOS
[2013/12/01 23:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/12/01 23:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/12/01 23:50:58 | 000,000,000 | ---D | C] -- C:\Users\Arie\Documents\My Scans
[2013/12/01 23:45:33 | 000,000,000 | ---D | C] -- C:\!olddocs
[2013/12/01 16:43:39 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013/11/30 02:24:29 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/11/30 02:24:29 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/11/30 02:24:19 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/11/30 02:24:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2013/11/30 02:24:19 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013/11/30 02:24:18 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/11/30 02:24:18 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/11/30 02:24:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013/11/30 02:24:17 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013/11/30 02:24:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013/11/28 23:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2013/11/28 23:35:31 | 000,000,000 | ---D | C] -- C:\Users\Arie\D-Fend Reloaded
[2013/11/28 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\D-Fend Reloaded
[2013/11/28 19:20:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/11/28 19:20:48 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/11/28 19:20:48 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/11/28 19:20:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/11/28 19:17:00 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

========== Files - Modified Within 30 Days ==========

[2013/12/27 21:21:23 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013/12/27 21:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/27 20:15:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/27 18:21:57 | 001,059,403 | ---- | M] () -- C:\Users\Arie\Documents\celts1.notebook
[2013/12/23 17:36:28 | 000,171,858 | ---- | M] () -- C:\Windows\hpoins47.dat
[2013/12/23 17:34:52 | 000,026,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 17:34:52 | 000,026,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 17:34:39 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/23 17:34:39 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/23 17:34:39 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/23 17:26:53 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/23 17:23:23 | 000,171,380 | ---- | M] () -- C:\Windows\hpoins47.dat.temp
[2013/12/21 11:37:52 | 000,007,609 | ---- | M] () -- C:\Users\Arie\AppData\Local\Resmon.ResmonCfg
[2013/12/18 14:00:17 | 000,002,224 | ---- | M] () -- C:\Users\Arie\Application Data\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk
[2013/12/18 14:00:17 | 000,002,222 | ---- | M] () -- C:\Users\Arie\Desktop\Chromium.lnk
[2013/12/17 17:15:23 | 000,929,104 | ---- | M] () -- C:\Users\Arie\Documents\student loan application.pdf
[2013/12/17 01:58:34 | 000,000,600 | ---- | M] () -- C:\Users\Arie\AppData\Local\PUTTY.RND
[2013/12/15 23:42:29 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2013/12/15 17:02:51 | 000,357,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/14 11:41:24 | 013,024,768 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2013/12/14 11:41:24 | 000,002,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2013/12/13 16:52:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2013/12/12 19:32:50 | 000,000,462 | ---- | M] () -- C:\Users\Arie\Desktop\Papers, Please - Shortcut.lnk
[2013/12/12 19:32:45 | 000,000,981 | ---- | M] () -- C:\Users\Arie\Desktop\PuTTY.lnk
[2013/12/12 19:32:40 | 000,002,481 | ---- | M] () -- C:\Users\Arie\Desktop\TightVNC Viewer.lnk
[2013/12/11 17:02:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/11 17:02:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/11 16:20:18 | 000,001,292 | ---- | M] () -- C:\Users\Arie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/12/10 23:08:23 | 000,000,355 | ---- | M] () -- C:\Users\Arie\Desktop\Computer - Shortcut.lnk
[2013/12/10 00:39:39 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/12/10 00:39:38 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/12/10 00:39:38 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/12/10 00:39:38 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/12/08 21:32:49 | 000,001,678 | ---- | M] () -- C:\Users\Public\Desktop\Papers, Please.lnk
[2013/12/02 00:09:07 | 409,845,225 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/01 17:02:18 | 000,764,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/12/27 18:21:57 | 001,059,403 | ---- | C] () -- C:\Users\Arie\Documents\celts1.notebook
[2013/12/26 18:11:10 | 005,743,746 | ---- | C] () -- C:\Users\Arie\Documents\Tutorial for SMART Notebook 11.3.notebook
[2013/12/23 17:23:21 | 000,171,380 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2013/12/23 17:23:21 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2013/12/23 17:05:52 | 003,381,832 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2013/12/23 17:05:52 | 002,499,656 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013/12/23 17:05:52 | 000,100,936 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2013/12/23 17:05:52 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013/12/23 17:05:52 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013/12/23 17:05:52 | 000,017,480 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2013/12/23 17:05:52 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2013/12/23 17:05:52 | 000,013,896 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013/12/23 17:05:52 | 000,009,800 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2013/12/23 17:05:52 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013/12/21 11:37:52 | 000,007,609 | ---- | C] () -- C:\Users\Arie\AppData\Local\Resmon.ResmonCfg
[2013/12/18 14:00:17 | 000,002,224 | ---- | C] () -- C:\Users\Arie\Application Data\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk
[2013/12/18 14:00:17 | 000,002,222 | ---- | C] () -- C:\Users\Arie\Desktop\Chromium.lnk
[2013/12/17 17:15:23 | 000,929,104 | ---- | C] () -- C:\Users\Arie\Documents\student loan application.pdf
[2013/12/15 23:42:29 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk
[2013/12/15 23:42:29 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2013/12/14 11:41:24 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2013/12/13 16:52:50 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2013/12/12 19:32:50 | 000,000,462 | ---- | C] () -- C:\Users\Arie\Desktop\Papers, Please - Shortcut.lnk
[2013/12/12 19:32:45 | 000,000,981 | ---- | C] () -- C:\Users\Arie\Desktop\PuTTY.lnk
[2013/12/12 19:32:40 | 000,002,481 | ---- | C] () -- C:\Users\Arie\Desktop\TightVNC Viewer.lnk
[2013/12/12 19:25:12 | 000,000,600 | ---- | C] () -- C:\Users\Arie\AppData\Local\PUTTY.RND
[2013/12/11 18:22:37 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2013/12/11 16:20:18 | 000,001,292 | ---- | C] () -- C:\Users\Arie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/12/10 23:18:13 | 000,151,161 | ---- | C] () -- C:\Belarc.htm
[2013/12/10 23:08:23 | 000,000,355 | ---- | C] () -- C:\Users\Arie\Desktop\Computer - Shortcut.lnk
[2013/12/10 00:58:46 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013/12/09 13:35:26 | 000,171,858 | ---- | C] () -- C:\Windows\hpoins47.dat
[2013/12/09 13:35:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2013/12/08 21:32:49 | 000,001,678 | ---- | C] () -- C:\Users\Public\Desktop\Papers, Please.lnk
[2013/11/28 19:20:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/27 21:31:29 | 000,764,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/13 09:34:50 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 27 December 2013 - 07:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Do you remember what day you installed it?

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized File not found

:files
C:\Program Files\OutfoxTV

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\12272013-some number.log so look there if you don't see it.
  • 0

#3
WhyOhWireless
Posted 28 December 2013 - 11:41 AM

WhyOhWireless

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Yes, it was the 23rd of December. Why?

Thanks for the solution, am using comp right now but will do this this eve.
  • 0

#4
RKinner
Posted 28 December 2013 - 12:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Yes, it was the 23rd of December. Why?


If I know the date malware was installed then I can look in the OTL/FRST logs for files added on that day and see if there are any files left that need to be removed. I don't see much on the 23rd except an install of EASEUS Partition Master so I think we got it all. There was just a remnant in the registry calling a file that no longer exists.
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP