Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Error code 19 possible malware [Solved]

Started by Blulioness , Feb 01 2014 01:03 PM

  • This topic is locked This topic is locked

#1
Blulioness
Posted 01 February 2014 - 01:03 PM

Blulioness

    Member

  • Member
  • PipPip
  • 18 posts
my son accidentally downloaded malware onto laptop yesterday. After a restore, the keyboard is no longer working and in hareware it is saying that it is a error code 19.
Would it be possible for someone to take a look, thank you.

OTL logfile created on: 01/02/2014 18:30:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zac\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.71 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 45.27% Memory free
10.46 Gb Paging File | 7.85 Gb Available in Paging File | 75.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.13 Gb Total Space | 312.64 Gb Free Space | 70.87% Space Free | Partition Type: NTFS
Drive D: | 1.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 732.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ZAC_JJ | User Name: Zac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/01 18:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Downloads\OTL.exe
PRC - [2014/02/01 17:18:11 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/01/31 19:54:01 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/31 19:54:01 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/31 19:46:03 | 003,598,680 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2014/01/27 19:02:50 | 001,815,976 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/01/27 19:02:50 | 000,571,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/01/23 05:57:02 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/31 12:47:28 | 026,164,032 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/11/27 14:31:10 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/10/21 21:07:32 | 008,863,792 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\sManager.exe
PRC - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
PRC - [2013/08/27 19:55:44 | 000,427,344 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.1.0.14\ARA.exe
PRC - [2013/08/23 16:24:10 | 129,481,592 | ---- | M] (Macrovision Corporation) -- C:\Users\Zac\AppData\Local\Temp\SWM2Temp\Packages\1f9eabcf-c7cf-4710-955d-904510c8c53c\Recovery\setup.exe
PRC - [2013/01/26 20:12:12 | 000,172,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/11/30 07:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/11/30 07:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/11/30 07:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/10/31 11:03:00 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/08/15 11:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/14 03:05:16 | 000,648,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 17:39:28 | 001,153,024 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\_ssl.pyd
MOD - [2014/02/01 17:39:28 | 000,811,008 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\wx._windows_.pyd
MOD - [2014/02/01 17:39:28 | 000,805,888 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\wx._gdi_.pyd
MOD - [2014/02/01 17:39:28 | 000,711,680 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\_hashlib.pyd
MOD - [2014/02/01 17:39:28 | 000,110,080 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\pywintypes27.dll
MOD - [2014/02/01 17:39:28 | 000,070,656 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\wx._html2.pyd
MOD - [2014/02/01 17:39:28 | 000,026,624 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\_multiprocessing.pyd
MOD - [2014/02/01 17:39:28 | 000,024,064 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32pipe.pyd
MOD - [2014/02/01 17:39:27 | 001,062,400 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\wx._controls_.pyd
MOD - [2014/02/01 17:39:27 | 000,686,080 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\unicodedata.pyd
MOD - [2014/02/01 17:39:27 | 000,521,680 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\windows._lib_cacheinvalidation.pyd
MOD - [2014/02/01 17:39:27 | 000,128,512 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\_elementtree.pyd
MOD - [2014/02/01 17:39:27 | 000,127,488 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\pyexpat.pyd
MOD - [2014/02/01 17:39:27 | 000,119,808 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32file.pyd
MOD - [2014/02/01 17:39:27 | 000,108,544 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32security.pyd
MOD - [2014/02/01 17:39:27 | 000,098,816 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32api.pyd
MOD - [2014/02/01 17:39:27 | 000,087,040 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\_ctypes.pyd
MOD - [2014/02/01 17:39:27 | 000,044,032 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\_socket.pyd
MOD - [2014/02/01 17:39:27 | 000,038,912 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32inet.pyd
MOD - [2014/02/01 17:39:27 | 000,035,840 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32process.pyd
MOD - [2014/02/01 17:39:27 | 000,025,600 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32pdh.pyd
MOD - [2014/02/01 17:39:27 | 000,018,432 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32event.pyd
MOD - [2014/02/01 17:39:27 | 000,017,408 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32profile.pyd
MOD - [2014/02/01 17:39:27 | 000,010,240 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\select.pyd
MOD - [2014/02/01 17:39:26 | 001,175,040 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\wx._core_.pyd
MOD - [2014/02/01 17:39:26 | 000,735,232 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\wx._misc_.pyd
MOD - [2014/02/01 17:39:26 | 000,557,056 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\pysqlite2._sqlite.pyd
MOD - [2014/02/01 17:39:26 | 000,364,544 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\pythoncom27.dll
MOD - [2014/02/01 17:39:26 | 000,320,512 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32com.shell.shell.pyd
MOD - [2014/02/01 17:39:26 | 000,122,368 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\wx._wizard.pyd
MOD - [2014/02/01 17:39:26 | 000,022,528 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32ts.pyd
MOD - [2014/02/01 17:39:26 | 000,011,264 | ---- | M] () -- C:\Users\Zac\AppData\Local\Temp\_MEI37642\win32crypt.pyd
MOD - [2014/01/31 19:54:09 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/31 19:45:47 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2014/01/31 19:45:43 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2014/01/31 19:45:43 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2014/01/31 19:45:43 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2014/01/31 19:45:43 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2014/01/31 19:45:43 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2014/01/31 19:45:43 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2014/01/31 19:45:43 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014/01/27 19:02:52 | 001,138,088 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/01/23 05:57:00 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll
MOD - [2014/01/23 05:56:59 | 013,615,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
MOD - [2014/01/23 05:56:56 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
MOD - [2014/01/23 05:56:02 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
MOD - [2014/01/23 05:56:01 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
MOD - [2014/01/23 05:55:58 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
MOD - [2014/01/10 23:33:44 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/01/10 23:33:42 | 000,717,312 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/12/12 22:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2013/11/05 01:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll
MOD - [2013/06/14 23:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 23:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 23:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/11/30 07:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/11/30 07:26:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/11/30 07:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/11/30 07:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/11/30 07:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/06/14 03:06:20 | 000,500,064 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2012/06/14 02:57:22 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2012/06/14 02:56:52 | 000,481,792 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2012/06/14 02:55:22 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/08 02:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2011/08/17 07:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 07:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 07:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 11:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 11:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 11:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 10:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/01 17:18:11 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/01/31 19:54:01 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/12/31 12:47:28 | 000,232,256 | ---- | M] (SlimWare Utilities, Inc.) [Auto | Running] -- C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe -- (SlimService)
SRV:64bit: - [2013/11/27 15:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/08 03:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/22 01:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/19 05:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/04 08:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/30 04:11:10 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/30 04:11:10 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/30 04:11:09 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/30 04:11:09 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 12:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 12:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 12:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 10:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 09:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 09:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 09:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 09:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/04/20 05:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/01/28 17:11:24 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 19:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/21 16:05:54 | 000,088,400 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)
SRV - [2013/09/30 04:11:08 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 12:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/01/26 20:12:12 | 000,172,104 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/11/30 07:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/10/31 11:57:44 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/10/31 11:03:00 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/08/15 02:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/31 19:54:20 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/31 19:54:20 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/31 19:54:20 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/01/31 19:54:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/31 19:54:19 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/31 19:54:19 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/31 19:54:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/31 19:52:52 | 000,440,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/11 02:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/09 11:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/01 11:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/31 00:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/26 01:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/13 02:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 15:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/30 04:11:07 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/30 04:11:07 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/30 04:11:07 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/30 03:58:56 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/30 03:58:53 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 12:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 12:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 12:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 12:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 12:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 11:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 11:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 14:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/06/18 14:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/10/31 11:37:42 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/10/31 11:37:36 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/10/31 11:37:34 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/10/16 10:02:04 | 000,457,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/09 18:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/31 02:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/27 12:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012/07/02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 01:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/18 22:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/05/26 00:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)
DRV:64bit: - [2010/02/04 22:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=932429818&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS
IE:64bit: - HKLM\..\SearchScopes\{9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C}: "URL" = http://start.mysearc...r=932429818&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=932429818&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=932429818&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.holasearc...121962&tsp=4982
IE - HKCU\..\SearchScopes\{9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C}: "URL" = http://start.mysearc...r=932429818&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Zac\AppData\Local\Roblox\Versions\version-2c68f7c30e1b4888\\NPRobloxProxy.dll ()


[2013/08/22 19:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Search = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 13:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DDOwnLoaD keeeper) - {F4D37834-13FC-7450-AEAA-9BA179920EA4} - C:\ProgramData\DDOwnLoaD keeeper\D9xO_RMaP.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\wrapper_inst\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Arc] C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe (Perfect World Entertainment)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SlimCleaner Plus] C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (SlimWare Utilities, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB8C51DB-41DF-4B5D-8656-5E58382564F7}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/19 06:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2013/01/31 23:51:38 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2013/01/19 06:59:08 | 000,163,254 | R--- | M] () - D:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2013/01/31 23:51:34 | 000,000,096 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{038bb5e3-42fb-11e3-824f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{038bb5e3-42fb-11e3-824f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2013/01/19 06:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 18:21:46 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Local\SlimWare Utilities Inc
[2014/02/01 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SlimWare Utilities Inc
[2014/02/01 18:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
[2014/02/01 18:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner Plus
[2014/02/01 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/02/01 17:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/02/01 17:43:50 | 000,000,000 | R--D | C] -- C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/02/01 17:18:55 | 000,028,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswKbd.sys
[2014/02/01 00:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2014/02/01 00:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/02/01 00:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/02/01 00:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2014/02/01 00:36:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2014/02/01 00:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2014/02/01 00:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2014/02/01 00:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/01/31 19:57:59 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\AVAST Software
[2014/01/31 19:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/31 19:55:02 | 001,038,072 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2014/01/31 19:55:02 | 000,421,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys
[2014/01/31 19:55:02 | 000,092,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014/01/31 19:55:02 | 000,080,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2014/01/31 19:55:02 | 000,078,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014/01/31 19:54:50 | 000,334,136 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014/01/31 19:54:13 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/01/31 19:52:52 | 000,440,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswNdisFlt.sys
[2014/01/31 19:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/31 19:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/01/31 18:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\log
[2014/01/31 18:35:37 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\iSafe
[2014/01/31 18:34:46 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\Iminent
[2014/01/31 18:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2014/01/31 18:30:51 | 000,000,000 | ---D | C] -- C:\Users\Zac\.android
[2014/01/31 18:30:49 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\newnext.me
[2014/01/31 18:30:49 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Local\cache
[2014/01/31 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Zac\Documents\Mobogenie
[2014/01/31 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Local\Mobogenie
[2014/01/31 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\Nosibay
[2014/01/31 18:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerialTrunc
[2014/01/31 18:29:07 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Local\SaveSenseLive
[2014/01/31 18:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveSenseLive
[2014/01/31 18:28:58 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\SaveSense
[2014/01/31 18:28:34 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Local\SwvUpdater
[2014/01/31 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\ExpressFiles
[2014/01/21 23:43:00 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\Fallout2
[2014/01/21 23:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2014/01/21 23:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Fallout 2
[2014/01/19 22:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Tactics [GOG.com]
[2014/01/19 17:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout [GOG.com]
[2014/01/19 16:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/02/27 05:57:43 | 002,064,264 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[9 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/01 18:36:21 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/01 18:21:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - Zac).job
[2014/02/01 18:21:37 | 000,002,481 | ---- | M] () -- C:\Users\Public\Desktop\SlimCleaner Plus.lnk
[2014/02/01 18:13:21 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/01 17:44:20 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/02/01 17:44:20 | 000,735,932 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/02/01 17:44:20 | 000,139,816 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/02/01 17:41:27 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/01 17:41:14 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/01 17:39:29 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/01 17:37:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/02/01 17:37:21 | 3183,919,104 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/01 17:35:37 | 003,488,832 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/02/01 17:19:37 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/02/01 17:19:37 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/02/01 17:18:30 | 000,028,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswKbd.sys
[2014/01/31 19:54:20 | 001,038,072 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2014/01/31 19:54:20 | 000,207,904 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014/01/31 19:54:20 | 000,080,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2014/01/31 19:54:20 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014/01/31 19:54:19 | 000,421,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys
[2014/01/31 19:54:19 | 000,334,136 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014/01/31 19:54:19 | 000,078,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014/01/31 19:54:17 | 000,092,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014/01/31 19:54:13 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/01/31 19:52:52 | 000,440,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswNdisFlt.sys
[2014/01/31 00:41:47 | 000,085,550 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
[2014/01/30 22:57:34 | 000,000,222 | ---- | M] () -- C:\Users\Zac\Desktop\Fallen Earth.url
[2014/01/29 23:02:42 | 000,017,058 | ---- | M] () -- C:\WINDOWS\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | M] ( ) -- C:\WINDOWS\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | M] () -- C:\WINDOWS\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | M] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/29 23:02:14 | 000,223,664 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.th-TH.resources
[2014/01/29 23:02:14 | 000,144,645 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.tr-TR.resources
[2014/01/29 23:02:14 | 000,126,300 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.zh-TW.resources
[2014/01/29 23:02:14 | 000,124,650 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.zh-CN.resources
[2014/01/29 23:02:12 | 000,210,106 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.el-GR.resources
[2014/01/29 23:02:12 | 000,194,245 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ru-RU.resources
[2014/01/29 23:02:12 | 000,166,170 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ar-SA.resources
[2014/01/29 23:02:12 | 000,163,421 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ja-JP.resources
[2014/01/29 23:02:12 | 000,159,008 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.he-IL.resources
[2014/01/29 23:02:12 | 000,149,682 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.it-IT.resources
[2014/01/29 23:02:12 | 000,148,042 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ko-KR.resources
[2014/01/29 23:02:12 | 000,147,393 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.de-DE.resources
[2014/01/29 23:02:12 | 000,147,288 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.es-ES.resources
[2014/01/29 23:02:12 | 000,146,004 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ro-RO.resources
[2014/01/29 23:02:12 | 000,145,491 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.fr-FR.resources
[2014/01/29 23:02:12 | 000,144,260 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pt-BR.resources
[2014/01/29 23:02:12 | 000,144,020 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.nl-NL.resources
[2014/01/29 23:02:12 | 000,143,932 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.hu-HU.resources
[2014/01/29 23:02:12 | 000,142,882 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sv-SE.resources
[2014/01/29 23:02:12 | 000,142,877 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pt-PT.resources
[2014/01/29 23:02:12 | 000,142,717 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pl-PL.resources
[2014/01/29 23:02:12 | 000,142,289 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.cs-CZ.resources
[2014/01/29 23:02:12 | 000,142,008 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.fi-FI.resources
[2014/01/29 23:02:12 | 000,141,838 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sk-SK.resources
[2014/01/29 23:02:12 | 000,141,049 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.hr-HR.resources
[2014/01/29 23:02:12 | 000,137,889 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sl-SI.resources
[2014/01/29 23:02:12 | 000,137,784 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.nb-NO.resources
[2014/01/29 23:02:12 | 000,137,141 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.da-DK.resources
[2014/01/27 23:27:34 | 005,834,223 | ---- | M] () -- C:\Users\Zac\Desktop\potatoes.zip
[2014/01/26 15:53:16 | 000,000,220 | ---- | M] () -- C:\Users\Zac\Desktop\DEFCON.url
[2014/01/24 22:15:01 | 000,001,414 | ---- | M] () -- C:\Users\Zac\Desktop\ROBLOX Studio 2013.lnk
[2014/01/23 16:13:45 | 000,001,402 | ---- | M] () -- C:\Users\Zac\Desktop\ROBLOX Player.lnk
[2014/01/22 15:19:32 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/01/21 23:35:17 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\Fallout 2.lnk
[2014/01/19 22:59:33 | 000,001,648 | ---- | M] () -- C:\Users\Public\Desktop\Fallout Tactics.lnk
[2014/01/19 17:49:40 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\Fallout.lnk
[2014/01/13 19:39:48 | 000,233,725 | ---- | M] () -- C:\Users\Zac\Desktop\ggggggg2.jpg
[9 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/01 18:21:56 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - Zac).job
[2014/02/01 18:21:37 | 000,002,481 | ---- | C] () -- C:\Users\Public\Desktop\SlimCleaner Plus.lnk
[2014/02/01 17:19:37 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/02/01 17:19:37 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/31 19:55:02 | 000,207,904 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014/01/31 19:55:02 | 000,065,776 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014/01/31 00:41:47 | 000,085,550 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
[2014/01/30 22:57:33 | 000,000,222 | ---- | C] () -- C:\Users\Zac\Desktop\Fallen Earth.url
[2014/01/29 23:02:42 | 000,017,058 | ---- | C] () -- C:\WINDOWS\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | C] ( ) -- C:\WINDOWS\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/29 23:02:14 | 000,223,664 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.th-TH.resources
[2014/01/29 23:02:14 | 000,144,645 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.tr-TR.resources
[2014/01/29 23:02:14 | 000,126,300 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.zh-TW.resources
[2014/01/29 23:02:14 | 000,124,650 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.zh-CN.resources
[2014/01/29 23:02:12 | 000,210,106 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.el-GR.resources
[2014/01/29 23:02:12 | 000,194,245 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ru-RU.resources
[2014/01/29 23:02:12 | 000,166,170 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ar-SA.resources
[2014/01/29 23:02:12 | 000,163,421 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ja-JP.resources
[2014/01/29 23:02:12 | 000,159,008 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.he-IL.resources
[2014/01/29 23:02:12 | 000,149,682 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.it-IT.resources
[2014/01/29 23:02:12 | 000,148,042 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ko-KR.resources
[2014/01/29 23:02:12 | 000,147,393 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.de-DE.resources
[2014/01/29 23:02:12 | 000,147,288 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.es-ES.resources
[2014/01/29 23:02:12 | 000,146,004 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ro-RO.resources
[2014/01/29 23:02:12 | 000,145,491 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.fr-FR.resources
[2014/01/29 23:02:12 | 000,144,260 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pt-BR.resources
[2014/01/29 23:02:12 | 000,144,020 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.nl-NL.resources
[2014/01/29 23:02:12 | 000,143,932 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.hu-HU.resources
[2014/01/29 23:02:12 | 000,142,882 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sv-SE.resources
[2014/01/29 23:02:12 | 000,142,877 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pt-PT.resources
[2014/01/29 23:02:12 | 000,142,717 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pl-PL.resources
[2014/01/29 23:02:12 | 000,142,289 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.cs-CZ.resources
[2014/01/29 23:02:12 | 000,142,008 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.fi-FI.resources
[2014/01/29 23:02:12 | 000,141,838 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sk-SK.resources
[2014/01/29 23:02:12 | 000,141,049 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.hr-HR.resources
[2014/01/29 23:02:12 | 000,137,889 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sl-SI.resources
[2014/01/29 23:02:12 | 000,137,784 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.nb-NO.resources
[2014/01/29 23:02:12 | 000,137,141 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.da-DK.resources
[2014/01/27 23:27:33 | 005,834,223 | ---- | C] () -- C:\Users\Zac\Desktop\potatoes.zip
[2014/01/26 15:53:16 | 000,000,220 | ---- | C] () -- C:\Users\Zac\Desktop\DEFCON.url
[2014/01/21 23:35:17 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Fallout 2.lnk
[2014/01/19 22:59:33 | 000,001,648 | ---- | C] () -- C:\Users\Public\Desktop\Fallout Tactics.lnk
[2014/01/19 17:49:40 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\Fallout.lnk
[2014/01/15 15:22:36 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/01/15 15:22:36 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/13 19:39:48 | 000,233,725 | ---- | C] () -- C:\Users\Zac\Desktop\ggggggg2.jpg
[2013/12/27 11:46:56 | 000,351,124 | ---- | C] () -- C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/02/27 06:19:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2013/02/27 05:57:43 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012/04/20 04:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/12/05 23:01:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 20:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 18:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/31 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\.minecraft
[2013/08/25 02:26:54 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\.StarMade
[2013/12/31 21:19:06 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\.technic
[2013/11/01 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\3909
[2014/01/23 20:28:33 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Arc
[2014/01/31 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\AVAST Software
[2013/08/22 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Babylon
[2014/01/31 18:28:29 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\ExpressFiles
[2014/01/21 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Fallout2
[2013/11/07 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Friends in War
[2013/12/24 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\FTB
[2013/12/24 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\ftblauncher
[2013/08/22 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Full Control
[2014/01/31 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Iminent
[2014/01/31 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\iSafe
[2013/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Modinstaller
[2013/09/28 15:05:17 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\MotioninJoy
[2014/01/31 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\newnext.me
[2013/08/22 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Nico Mak Computing
[2013/11/29 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Origin
[2013/08/22 19:51:32 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\PerformerSoft
[2014/01/31 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\SaveSense
[2013/11/06 23:21:08 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\SpaceEngineers
[2013/08/22 17:20:30 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Synaptics
[2013/12/27 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\UpdaterEX
[2014/02/01 01:46:27 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\uTorrent
[2013/10/06 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\WebApp

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Users\Zac\SkyDrive:ms-properties

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 01 February 2014 - 05:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

After a restore


I take it this was a System Restore?

Assuming it was, then the best approach might be for you to reverse the Restore then for us to proceed with removal of the infection.

After reversing the restore do this:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
Blulioness
Posted 02 February 2014 - 07:35 AM

Blulioness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello there, thank you for responding so quickly :)and yes it was a system restore......

Okay, I have reversed the restore and run Farbar. The results are as follows:

FRST.txt -

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Zac (administrator) on ZAC_JJ on 02-02-2014 13:24:39
Running from C:\Users\Zac\Desktop
Windows 8.1 (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
() C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Perfect World Entertainment Inc) C:\Program Files (x86)\Perfect World Entertainment\Arc\Arc.exe
() C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcOSBrowser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16470_none_fa2491fd9b3cfcb2\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [pcreg] - C:\Program Files\wrapper_inst\service.exe [346720 2013-08-22] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Arc] - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [129360 2014-01-21] (Perfect World Entertainment)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2014-01-07] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2014-01-07] (Iminent)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3598680 2014-02-02] (Electronic Arts)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [NextLive] - C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Zac\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\MountPoints2: {038bb5e3-42fb-11e3-824f-806e6f6e6963} - "D:\Autorun.exe"
Startup: C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent...63-7A5BBABCEE5C
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=932429818&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=932429818&ir=
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL =
SearchScopes: HKLM - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://start.mysearc...r=932429818&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...E10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://www.bing.com/...E10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://www.bing.com/...E10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://start.iminent...q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.holasearc...121962&tsp=4982
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://start.mysearc...r=932429818&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://start.iminent...q={searchTerms}
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Re-markit - {8f1eeb06-6317-4472-a024-b97ca0b3a5d0} - C:\Program Files (x86)\Re-markit\150.dll ()
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SerialTrunc - {e76b4f24-4a2f-4e65-ad36-e2aa934e547c} - C:\Program Files (x86)\SerialTrunc\SerialTruncbho.dll (SerialTrunc)
BHO-x32: DDOwnLoaD keeeper - {F4D37834-13FC-7450-AEAA-9BA179920EA4} - C:\ProgramData\DDOwnLoaD keeeper\D9xO_RMaP.dll ()
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]
CHR Extension: (Google Drive) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (YouTube) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Adblock Plus) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-31]
CHR Extension: (Google Search) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx [2013-12-27]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zac\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27]
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-07-27]
CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Zac\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-12-19]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zac\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [dcpfhaghaadpjpgocojgnlhjcieeooel] - C:\Program Files (x86)\Re-markit\150.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Zac\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminent.crx [2013-12-27]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-21] (Perfect World Entertainment Inc)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [389800 2013-11-28] (Elex do Brasil Participaçơes Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-31] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-31] (SaveSense)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2916672 2014-01-07] (Iminent)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-25] (Samsung Electronics CO., LTD.)
R2 Update SerialTrunc; C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe [102176 2014-01-31] ()
R2 Util SerialTrunc; C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe [103200 2014-02-02] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-02] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [201216 2013-11-28] (Elex do Brasil Participaçơes Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [44032 2013-11-28] (Elex do Brasil Participaçơes Ltda)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131021.001\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131021.001\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-23] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 13:24 - 2014-02-02 13:26 - 00022510 _____ () C:\Users\Zac\Desktop\FRST.txt
2014-02-02 13:24 - 2014-02-02 13:24 - 00000000 ____D () C:\FRST
2014-02-02 13:20 - 2014-02-02 13:20 - 02080256 _____ (Farbar) C:\Users\Zac\Desktop\FRST64.exe
2014-02-02 13:18 - 2014-02-02 13:18 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-01 18:48 - 2014-02-01 18:48 - 00091140 _____ () C:\Users\Zac\Downloads\Extras.Txt
2014-02-01 18:46 - 2014-02-01 18:46 - 00161368 _____ () C:\Users\Zac\Downloads\OTL.Txt
2014-02-01 18:21 - 2014-02-02 13:11 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Local\SlimWare Utilities Inc
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-02-01 17:56 - 2014-02-02 13:07 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-02-01 00:30 - 2014-02-02 13:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-01 00:29 - 2014-02-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-01-31 23:03 - 2014-01-31 23:15 - 767623168 ____R () C:\Users\Zac\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2014-01-31 19:57 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\AVAST Software
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-31 19:48 - 2014-01-31 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-31 18:39 - 2014-01-31 18:46 - 00001119 _____ () C:\Users\Zac\Desktop\Continue VuuPC Installation.lnk
2014-01-31 18:38 - 2014-01-31 18:48 - 00003380 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-01-31 18:35 - 2014-02-02 13:20 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-01-31 18:35 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\iSafe
2014-01-31 18:35 - 2014-02-02 13:08 - 00000000 ____D () C:\Program Files (x86)\PricePeep
2014-01-31 18:35 - 2014-01-31 18:35 - 00001922 _____ () C:\Users\Zac\Desktop\Configure VO Package.lnk
2014-01-31 18:35 - 2014-01-31 18:35 - 00001796 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-01-31 18:35 - 2014-01-31 18:35 - 00000000 ____D () C:\WINDOWS\system32\log
2014-01-31 18:34 - 2014-02-02 13:11 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-01-31 18:34 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\IminentToolbar
2014-01-31 18:34 - 2014-02-02 13:08 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-01-31 18:34 - 2014-01-31 18:34 - 00000620 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-31 18:34 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Iminent
2014-01-31 18:34 - 2014-01-31 18:34 - 00000000 ____D () C:\ProgramData\Iminent
2014-01-31 18:30 - 2014-02-02 13:16 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\newnext.me
2014-01-31 18:30 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Local\genienext
2014-01-31 18:30 - 2014-02-02 12:50 - 00000000 ____D () C:\Users\Zac\AppData\Local\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:33 - 00000000 ____D () C:\Users\Zac\AppData\Local\cache
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\Documents\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\.android
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 _____ () C:\Users\Zac\daemonprocess.txt
2014-01-31 18:29 - 2014-02-02 13:15 - 00000936 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-01-31 18:29 - 2014-02-02 13:15 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-01-31 18:29 - 2014-02-02 13:14 - 00000000 ____D () C:\Program Files (x86)\SerialTrunc
2014-01-31 18:29 - 2014-01-31 18:38 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Nosibay
2014-01-31 18:29 - 2014-01-31 18:34 - 00000940 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-01-31 18:29 - 2014-01-31 18:29 - 00003912 _____ () C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-01-31 18:29 - 2014-01-31 18:29 - 00003676 _____ () C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\Users\Zac\AppData\Local\SaveSenseLive
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-01-31 18:28 - 2014-02-02 13:16 - 00000348 _____ () C:\WINDOWS\Tasks\AmiUpdXp.job
2014-01-31 18:28 - 2014-02-02 13:15 - 00000394 _____ () C:\WINDOWS\Tasks\Re-markit Update.job
2014-01-31 18:28 - 2014-02-02 13:12 - 00000298 _____ () C:\WINDOWS\Tasks\SaveSense.job
2014-01-31 18:28 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\VOPackage
2014-01-31 18:28 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Local\SwvUpdater
2014-01-31 18:28 - 2014-02-02 13:08 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-01-31 18:28 - 2014-02-02 12:51 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\SaveSense
2014-01-31 18:28 - 2014-01-31 18:30 - 00013049 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.installation.log
2014-01-31 18:28 - 2014-01-31 18:30 - 00001256 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.boostrap.log
2014-01-31 18:28 - 2014-01-31 18:28 - 00003336 _____ () C:\WINDOWS\System32\Tasks\AmiUpdXp
2014-01-31 18:28 - 2014-01-31 18:28 - 00003074 _____ () C:\WINDOWS\System32\Tasks\Express FilesUpdate
2014-01-31 18:28 - 2014-01-31 18:28 - 00003030 _____ () C:\WINDOWS\System32\Tasks\Re-markit Update
2014-01-31 18:28 - 2014-01-31 18:28 - 00002636 _____ () C:\WINDOWS\System32\Tasks\SaveSense
2014-01-31 18:28 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\ExpressFiles
2014-01-31 18:27 - 2014-01-31 18:27 - 09086392 _____ (http://www.express-files.com/) C:\Users\Zac\Downloads\Download_Fallout_New_Vegas_Ultimate_Edition_v.1.4.0.525_9_DLC_[Lossless_Repack]-_R.G_Catalyst_Torrent_-_KickassTorrents_downloader.exe
2014-01-31 00:41 - 2014-01-31 00:41 - 00085550 _____ () C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
2014-01-30 22:57 - 2014-01-30 22:57 - 00000222 _____ () C:\Users\Zac\Desktop\Fallen Earth.url
2014-01-29 23:02 - 2012-12-14 02:42 - 00277616 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-27 23:27 - 2014-01-27 23:27 - 05834223 _____ () C:\Users\Zac\Desktop\potatoes.zip
2014-01-26 15:53 - 2014-01-26 15:53 - 00000220 _____ () C:\Users\Zac\Desktop\DEFCON.url
2014-01-21 23:43 - 2014-01-21 23:43 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Fallout2
2014-01-21 23:35 - 2014-01-21 23:35 - 00001643 _____ () C:\Users\Public\Desktop\Fallout 2.lnk
2014-01-21 23:27 - 2014-02-02 13:09 - 00000000 ____D () C:\ProgramData\Fallout 2
2014-01-21 23:07 - 2014-01-21 23:20 - 205590198 _____ (killap ) C:\Users\Zac\Downloads\F2_Restoration_Project_2.3.2.exe
2014-01-20 19:33 - 2014-01-20 19:39 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 2 (GOG.COM)
2014-01-19 23:26 - 2014-01-19 23:26 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-01-19 22:59 - 2014-01-19 22:59 - 00001648 _____ () C:\Users\Public\Desktop\Fallout Tactics.lnk
2014-01-19 17:49 - 2014-01-19 17:49 - 00001605 _____ () C:\Users\Public\Desktop\Fallout.lnk
2014-01-19 16:55 - 2014-01-19 16:56 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 1+2+FalloutTactics
2014-01-19 16:50 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 16:50 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-19 16:50 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-19 16:50 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-19 16:49 - 2014-01-19 16:50 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 15:22 - 2013-12-09 00:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 15:22 - 2013-11-27 15:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 15:22 - 2013-11-27 11:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 15:22 - 2013-11-27 10:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 15:22 - 2013-11-27 09:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 15:22 - 2013-11-27 08:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:22 - 2013-11-27 08:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 15:22 - 2013-11-27 08:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:22 - 2013-11-27 08:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 15:22 - 2013-11-27 08:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 15:22 - 2013-11-27 08:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-08 22:34 - 2014-01-08 22:34 - 00707840 _____ () C:\Users\Zac\Downloads\BuildCraft_Setup.exe

==================== One Month Modified Files and Folders =======

2014-02-02 13:26 - 2014-02-02 13:24 - 00022510 _____ () C:\Users\Zac\Desktop\FRST.txt
2014-02-02 13:24 - 2014-02-02 13:24 - 00000000 ____D () C:\FRST
2014-02-02 13:22 - 2013-02-27 06:06 - 00000000 ____D () C:\ProgramData\WinClon
2014-02-02 13:21 - 2013-08-22 17:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2696929737-3488624312-2355127184-1001
2014-02-02 13:20 - 2014-02-02 13:20 - 02080256 _____ (Farbar) C:\Users\Zac\Desktop\FRST64.exe
2014-02-02 13:20 - 2014-01-31 18:35 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-02-02 13:20 - 2013-11-01 14:21 - 00000000 __RDO () C:\Users\Zac\SkyDrive
2014-02-02 13:19 - 2013-11-29 10:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-02 13:19 - 2013-09-30 04:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-02 13:18 - 2014-02-02 13:18 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-02 13:18 - 2013-12-07 10:19 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 13:18 - 2013-08-22 17:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-02 13:17 - 2013-11-24 19:19 - 00000000 ___RD () C:\Users\Zac\Google Drive
2014-02-02 13:17 - 2013-10-20 18:21 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 13:16 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\newnext.me
2014-02-02 13:16 - 2014-01-31 18:28 - 00000348 _____ () C:\WINDOWS\Tasks\AmiUpdXp.job
2014-02-02 13:15 - 2014-01-31 18:29 - 00000936 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-02-02 13:15 - 2014-01-31 18:29 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-02-02 13:15 - 2014-01-31 18:28 - 00000394 _____ () C:\WINDOWS\Tasks\Re-markit Update.job
2014-02-02 13:14 - 2014-01-31 18:29 - 00000000 ____D () C:\Program Files (x86)\SerialTrunc
2014-02-02 13:14 - 2013-11-01 13:48 - 00000000 ____D () C:\Users\Zac
2014-02-02 13:12 - 2014-01-31 18:28 - 00000298 _____ () C:\WINDOWS\Tasks\SaveSense.job
2014-02-02 13:12 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-02 13:12 - 2013-08-22 14:44 - 03384160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-02 13:11 - 2014-02-01 18:21 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-02-02 13:11 - 2014-01-31 18:34 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-02-02 13:09 - 2014-01-31 18:35 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\iSafe
2014-02-02 13:09 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\IminentToolbar
2014-02-02 13:09 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\genienext
2014-02-02 13:09 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\VOPackage
2014-02-02 13:09 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Local\SwvUpdater
2014-02-02 13:09 - 2014-01-21 23:27 - 00000000 ____D () C:\ProgramData\Fallout 2
2014-02-02 13:09 - 2013-12-19 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\.minecraft
2014-02-02 13:09 - 2013-11-30 15:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-02 13:09 - 2013-11-30 15:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-02 13:09 - 2013-11-29 10:25 - 00000000 ____D () C:\ProgramData\Origin
2014-02-02 13:09 - 2013-11-01 14:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-02-02 13:09 - 2013-09-30 03:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-02-02 13:09 - 2013-08-28 18:20 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Arc
2014-02-02 13:09 - 2013-08-22 19:06 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\uTorrent
2014-02-02 13:09 - 2013-08-22 17:24 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 13:09 - 2013-08-22 17:18 - 00000000 ____D () C:\Users\Zac\AppData\Local\Packages
2014-02-02 13:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-02 13:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-02 13:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-02 13:09 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-02 13:09 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-02-02 13:09 - 2013-02-27 06:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-02 13:09 - 2013-02-27 06:04 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-02-02 13:09 - 2013-02-27 06:04 - 00000000 ____D () C:\ProgramData\Norton
2014-02-02 13:09 - 2013-02-27 04:52 - 00000000 ____D () C:\Program Files\Samsung
2014-02-02 13:09 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-02-02 13:08 - 2014-02-01 00:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-02 13:08 - 2014-01-31 18:35 - 00000000 ____D () C:\Program Files (x86)\PricePeep
2014-02-02 13:08 - 2014-01-31 18:34 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-02-02 13:08 - 2014-01-31 18:28 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-02-02 13:08 - 2013-11-30 15:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-02 13:08 - 2013-02-27 07:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-02 13:08 - 2013-02-27 06:04 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-02 13:07 - 2014-02-01 17:56 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-02 12:58 - 2013-11-01 14:08 - 01105586 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-02 12:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-02 12:51 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\SaveSense
2014-02-02 12:50 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\Mobogenie
2014-02-02 12:47 - 2013-11-30 15:50 - 00000000 __RHD () C:\MSOCache
2014-02-01 20:42 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-01 20:28 - 2013-10-16 16:53 - 00022016 ___SH () C:\Users\Zac\Desktop\Thumbs.db
2014-02-01 18:48 - 2014-02-01 18:48 - 00091140 _____ () C:\Users\Zac\Downloads\Extras.Txt
2014-02-01 18:46 - 2014-02-01 18:46 - 00161368 _____ () C:\Users\Zac\Downloads\OTL.Txt
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Local\SlimWare Utilities Inc
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-02-01 17:35 - 2013-09-29 20:03 - 00534278 _____ () C:\WINDOWS\PFRO.log
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-02-01 00:29 - 2014-02-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-01-31 23:15 - 2014-01-31 23:03 - 767623168 ____R () C:\Users\Zac\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2014-01-31 20:02 - 2013-09-27 22:30 - 00063488 ___SH () C:\Users\Zac\Downloads\Thumbs.db
2014-01-31 19:57 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\AVAST Software
2014-01-31 19:52 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-31 19:48 - 2014-01-31 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-31 18:48 - 2014-01-31 18:38 - 00003380 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-01-31 18:46 - 2014-01-31 18:39 - 00001119 _____ () C:\Users\Zac\Desktop\Continue VuuPC Installation.lnk
2014-01-31 18:38 - 2014-01-31 18:29 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Nosibay
2014-01-31 18:36 - 2013-10-20 18:21 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 18:35 - 2014-01-31 18:35 - 00001922 _____ () C:\Users\Zac\Desktop\Configure VO Package.lnk
2014-01-31 18:35 - 2014-01-31 18:35 - 00001796 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-01-31 18:35 - 2014-01-31 18:35 - 00000000 ____D () C:\WINDOWS\system32\log
2014-01-31 18:34 - 2014-01-31 18:34 - 00000620 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-31 18:34 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Iminent
2014-01-31 18:34 - 2014-01-31 18:34 - 00000000 ____D () C:\ProgramData\Iminent
2014-01-31 18:34 - 2014-01-31 18:29 - 00000940 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-01-31 18:33 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\cache
2014-01-31 18:31 - 2013-09-24 20:18 - 00000000 ____D () C:\Users\Zac\AppData\Local\CrashDumps
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\Documents\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\.android
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 _____ () C:\Users\Zac\daemonprocess.txt
2014-01-31 18:30 - 2014-01-31 18:28 - 00013049 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.installation.log
2014-01-31 18:30 - 2014-01-31 18:28 - 00001256 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.boostrap.log
2014-01-31 18:29 - 2014-01-31 18:29 - 00003912 _____ () C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-01-31 18:29 - 2014-01-31 18:29 - 00003676 _____ () C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\Users\Zac\AppData\Local\SaveSenseLive
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-01-31 18:28 - 2014-01-31 18:28 - 00003336 _____ () C:\WINDOWS\System32\Tasks\AmiUpdXp
2014-01-31 18:28 - 2014-01-31 18:28 - 00003074 _____ () C:\WINDOWS\System32\Tasks\Express FilesUpdate
2014-01-31 18:28 - 2014-01-31 18:28 - 00003030 _____ () C:\WINDOWS\System32\Tasks\Re-markit Update
2014-01-31 18:28 - 2014-01-31 18:28 - 00002636 _____ () C:\WINDOWS\System32\Tasks\SaveSense
2014-01-31 18:28 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\ExpressFiles
2014-01-31 18:27 - 2014-01-31 18:27 - 09086392 _____ (http://www.express-files.com/) C:\Users\Zac\Downloads\Download_Fallout_New_Vegas_Ultimate_Edition_v.1.4.0.525_9_DLC_[Lossless_Repack]-_R.G_Catalyst_Torrent_-_KickassTorrents_downloader.exe
2014-01-31 18:12 - 2013-11-03 19:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-31 00:41 - 2014-01-31 00:41 - 00085550 _____ () C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
2014-01-31 00:41 - 2013-08-22 14:46 - 00288557 _____ () C:\WINDOWS\setupact.log
2014-01-30 22:57 - 2014-01-30 22:57 - 00000222 _____ () C:\Users\Zac\Desktop\Fallen Earth.url
2014-01-30 22:57 - 2013-09-23 18:51 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-28 17:11 - 2013-11-03 19:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-28 17:11 - 2013-08-22 17:24 - 00000000 ____D () C:\Users\Zac\AppData\Local\Adobe
2014-01-27 23:27 - 2014-01-27 23:27 - 05834223 _____ () C:\Users\Zac\Desktop\potatoes.zip
2014-01-27 19:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-26 15:53 - 2014-01-26 15:53 - 00000220 _____ () C:\Users\Zac\Desktop\DEFCON.url
2014-01-26 01:28 - 2013-12-05 23:02 - 00034244 _____ () C:\WINDOWS\DirectX.log
2014-01-24 22:15 - 2013-11-01 14:33 - 00001414 _____ () C:\Users\Zac\Desktop\ROBLOX Studio 2013.lnk
2014-01-24 22:14 - 2013-11-01 14:33 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-01-23 16:13 - 2013-11-01 14:34 - 00001402 _____ () C:\Users\Zac\Desktop\ROBLOX Player.lnk
2014-01-22 15:19 - 2013-10-15 15:22 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-21 23:43 - 2014-01-21 23:43 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Fallout2
2014-01-21 23:35 - 2014-01-21 23:35 - 00001643 _____ () C:\Users\Public\Desktop\Fallout 2.lnk
2014-01-21 23:20 - 2014-01-21 23:07 - 205590198 _____ (killap ) C:\Users\Zac\Downloads\F2_Restoration_Project_2.3.2.exe
2014-01-20 19:39 - 2014-01-20 19:33 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 2 (GOG.COM)
2014-01-20 19:34 - 2013-12-05 22:59 - 00000000 ____D () C:\GOG Games
2014-01-19 23:26 - 2014-01-19 23:26 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-01-19 22:59 - 2014-01-19 22:59 - 00001648 _____ () C:\Users\Public\Desktop\Fallout Tactics.lnk
2014-01-19 17:49 - 2014-01-19 17:49 - 00001605 _____ () C:\Users\Public\Desktop\Fallout.lnk
2014-01-19 16:56 - 2014-01-19 16:55 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 1+2+FalloutTactics
2014-01-19 16:50 - 2014-01-19 16:49 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 16:50 - 2013-10-08 14:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-19 16:50 - 2013-10-08 14:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-19 16:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-19 16:39 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-01-18 12:59 - 2013-09-07 11:41 - 00000000 ____D () C:\Users\Zac\AppData\Local\Game Dev Tycoon
2014-01-16 22:56 - 2013-08-24 14:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-16 22:53 - 2013-08-24 14:54 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 15:15 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-08 22:34 - 2014-01-08 22:34 - 00707840 _____ () C:\Users\Zac\Downloads\BuildCraft_Setup.exe
2014-01-06 22:31 - 2013-08-22 15:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 22:31 - 2013-08-22 15:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Zac\AppData\Local\Temp\81086uninstall.exe
C:\Users\Zac\AppData\Local\Temp\DownloadManager.exe
C:\Users\Zac\AppData\Local\Temp\htmlayout.dll
C:\Users\Zac\AppData\Local\Temp\ICReinstall_Setup.exe
C:\Users\Zac\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Zac\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Zac\AppData\Local\Temp\setup__1995.exe
C:\Users\Zac\AppData\Local\Temp\Sqlite3.dll
C:\Users\Zac\AppData\Local\Temp\toolbar262629703.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262629718.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262644468.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262648109.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262648921.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262793671.exe
C:\Users\Zac\AppData\Local\Temp\uninstall262760625.exe
C:\Users\Zac\AppData\Local\Temp\uninstall262771765.exe
C:\Users\Zac\AppData\Local\Temp\uninstall262771781.exe
C:\Users\Zac\AppData\Local\Temp\VuuPC.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-01 21:02

==================== End Of Log ============================

Addition txt -
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Zac at 2014-02-02 13:27:45
Running from C:\Users\Zac\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (x32 Version: - )
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Arc (x32 Version: 1.0.0.5510 - Perfect World Entertainment)
CCleaner (Version: 4.04 - Piriform)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDOwnLoaD keeeper (x32 Version: 3.0.0.1391 - Downlload keeper)
DEFCON (x32 Version: - Introversion Software)
Easy File Share (x32 Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (x32 Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fallen Earth (x32 Version: - Reloaded Productions)
Fallout (x32 Version: 2.0.0.14 - GOG.com)
Fallout 2 (x32 Version: - GOG.com)
Fallout Tactics (x32 Version: 2.0.0.8 - GOG.com)
FO2 Restoration Project 2.3.2 (x32 Version: - killap)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Game Dev Tycoon v1.3.9 (x32 Version: 1.3.9 - Friends in War)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Help Desk (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Iminent (x32 Version: 6.46.1.0 - Iminent) <==== ATTENTION
Iminent (x32 Version: 6.46.1.0 - Iminent) Hidden <==== ATTENTION
Iminent Toolbar on IE and Chrome (x32 Version: 1.8.28.3 - IminentToolbar) <==== ATTENTION
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Origin (x32 Version: 9.1.10.2728 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Portal (x32 Version: - Valve)
Portal 2 (x32 Version: - Valve)
Portal 2 Publishing Tool (x32 Version: - )
PricePeep (x32 Version: 2.2.0.8 - betwikx LLC) <==== ATTENTION
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (x32 Version: 6.0.9.4 - Samsung Electronics CO., LTD.)
Re-markit (x32 Version: - Re-markit Software)
ROBLOX Player for Zac (HKCU Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Zac (HKCU Version: - ROBLOX Corporation)
Robocraft version 0.2.161 (x32 Version: 0.2.161 - Freejam)
S Agent (Version: 1.1.30 - Samsung Electronics CO., LTD.) Hidden
SerialTrunc (Version: 2014.01.31.020533 - SerialTrunc)
Settings (x32 Version: 2.0.1 - Samsung Electronics CO., LTD.)
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Software Version Updater (x32 Version: 1.1.3.8 - ) <==== ATTENTION
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Support Center (Version: 2.1.70 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (x32 Version: 2.1.7 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (Version: 16.2.14.2 - Synaptics Incorporated)
The Games Factory 2 (x32 Version: - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
User Guide (x32 Version: 1.2.00 - Samsung Electronics CO., LTD.)
VO Package (x32 Version: 1.0.0.0 - )
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
YAC (x32 Version: - ELEX DO BRASIL PARTICIPAÇƠES LTDA)

==================== Restore Points =========================

16-01-2014 22:51:28 Windows Update
19-01-2014 16:48:01 Installed Java 7 Update 51
26-01-2014 01:26:33 Installed DirectX
30-01-2014 18:10:39 Windows Update
31-01-2014 18:53:45 Restore Operation

==================== Hosts content: ==========================

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {26011876-06A5-4AF6-B106-0CB649AEAD8D} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-01-14] (SEC)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F098F8C-4914-4937-8647-6D7F15DE6ABE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3CE0A26E-D2F8-4BC9-841F-3624B180A326} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {43AD14AB-F8FB-43FB-9CD2-2932A4518491} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B328FC5-8C6C-4633-A0A2-DE79C2DFE802} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {649AD861-609F-4E0A-B7A3-8773685828E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-20] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C82CD8B-0FBA-4B47-9800-258C555D87FF} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-31] (SaveSense) <==== ATTENTION
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E1906EC-8813-4F40-B286-E5B2DF335B94} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {90EF5A2B-BC52-4397-BADF-0A2520439B85} - System32\Tasks\SaveSense => C:\Users\Zac\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {948E0F4A-ACEB-4CD8-A542-3D02E28E6C15} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe [2014-01-31] () <==== ATTENTION
Task: {9809DDE5-253A-49DB-A681-4A5D4EEE604A} - System32\Tasks\AmiUpdXp => C:\Users\Zac\AppData\Local\SwvUpdater\Updater.exe [2014-01-31] () <==== ATTENTION
Task: {993B59A2-2C1B-4F10-B129-DDB31215199D} - System32\Tasks\PcRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ACDC53C5-848B-463C-B752-7F9623670338} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-16] (Microsoft Corporation)
Task: {B03A1296-F5B8-4901-8DBF-86492D65048A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {C5283E21-F829-4EE1-842E-A4C0FD41262F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28] (Adobe Systems Incorporated)
Task: {C775FE71-27AF-4229-9AB3-8955D467BD3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {C7A11F94-C53D-4A7E-B9AE-C31D351D53B8} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-31] (SaveSense) <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {CFE3C8AD-C4EF-464D-B7F1-DED7ACF15228} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-20] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCE495E7-DF76-4BCF-BA05-7B50701FAECF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E213F813-2043-4EF2-B516-1634BB4DFCC7} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Zac\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\Zac\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 11:57 - 2012-10-31 11:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 11:55 - 2012-10-31 11:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-01-09 17:56 - 2013-12-12 22:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-09 17:56 - 2013-11-05 01:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-07-01 07:20 - 2014-01-10 23:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-07-26 13:46 - 2014-01-27 19:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 13:32 - 2014-01-10 23:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 14:49 - 2013-06-14 23:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 14:49 - 2013-06-14 23:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 14:49 - 2013-06-14 23:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-02-27 06:01 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 02:34 - 2012-06-08 02:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-02 13:16 - 2014-02-02 13:16 - 00098816 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32api.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00110080 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\pywintypes27.dll
2014-02-02 13:16 - 2014-02-02 13:16 - 00364544 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\pythoncom27.dll
2014-02-02 13:16 - 2014-02-02 13:16 - 00044032 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\_socket.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 01153024 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\_ssl.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00320512 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32com.shell.shell.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00711680 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\_hashlib.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 01175040 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\wx._core_.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00805888 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\wx._gdi_.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00811008 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\wx._windows_.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 01062400 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\wx._controls_.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00735232 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\wx._misc_.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00128512 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\_elementtree.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00127488 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\pyexpat.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00557056 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\pysqlite2._sqlite.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00087040 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\_ctypes.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00119808 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32file.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00108544 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32security.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00018432 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32event.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00038912 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32inet.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00122368 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\wx._wizard.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00026624 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\_multiprocessing.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00070656 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\wx._html2.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00010240 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\select.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00686080 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\unicodedata.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00025600 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32pdh.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00521680 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\windows._lib_cacheinvalidation.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00011264 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32crypt.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00024064 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32pipe.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00035840 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32process.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00017408 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32profile.pyd
2014-02-02 13:16 - 2014-02-02 13:16 - 00022528 _____ () C:\Users\Zac\AppData\Local\Temp\_MEI34722\win32ts.pyd
2014-01-21 16:06 - 2014-01-21 16:06 - 01272144 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\CoreUI.dll
2014-01-21 16:07 - 2014-01-21 16:07 - 00174416 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\ZUnZip.dll
2014-01-21 16:07 - 2014-01-21 16:07 - 00568552 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\sqlite3.dll
2014-01-21 16:06 - 2014-01-21 16:06 - 24984912 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\libcef.dll
2014-01-21 16:06 - 2014-01-21 16:06 - 00742736 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\libglesv2.dll
2014-01-21 16:06 - 2014-01-21 16:06 - 00136528 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\libegl.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-02 13:18 - 2014-02-02 13:18 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2013-02-27 05:51 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Zac\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3795.53 MB
Available physical RAM: 2272.74 MB
Total Pagefile: 10963.54 MB
Available Pagefile: 8894.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.13 GB) (Free:310.96 GB) NTFS
Drive d: (SIMCITY) (CDROM) (Total:1.85 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 97B7B13F)

Partition: GPT Partition Type
==================== End Of Log ============================
  • 0

#4
emeraldnzl
Posted 02 February 2014 - 02:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Blulioness,

Please uninstall the following programs if they are there:

Iminent
Iminent Toolbar on IE and Chrome
PricePeep
Software Version Updater

They are adware, malicious programs or harmful for your computer.

Next

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download and run TFC.exe (Vista and above users right click and run as Administrator).

You may be asked to reboot when it is finished. Please do so.

Finally in this post

Please run FRST again with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

So when you return please post
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • 0

#5
Blulioness
Posted 02 February 2014 - 03:41 PM

Blulioness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello again, I hope I've done this section right.....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Zac at 2014-02-02 21:36:02 Run:1
Running from C:\Users\Zac\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [pcreg] - C:\Program Files\wrapper_inst\service.exe [346720 2013-08-22] ()
C:\Program Files\wrapper_inst
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2014-01-07] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2014-01-07] (Iminent)
C:\Program Files (x86)\Iminent
Startup: C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe ()
C:\Program Files (x86)\PricePeep
C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [NextLive] - C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Zac\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
C:\Users\Zac\AppData\Roaming\newnext.me
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent...63-7A5BBABCEE5C
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=932429818&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=932429818&ir=
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL =
SearchScopes: HKLM - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://start.mysearc...r=932429818&ir=
SearchScopes: HKCU - DefaultScope {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://start.iminent...q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.holasearc...121962&tsp=4982
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://start.mysearc...r=932429818&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://start.iminent...q={searchTerms}
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll (Iminent)
BHO-x32: Re-markit - {8f1eeb06-6317-4472-a024-b97ca0b3a5d0} - C:\Program Files (x86)\Re-markit\150.dll ()
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
C:\Program Files (x86)\Re-markit
BHO-x32: SerialTrunc - {e76b4f24-4a2f-4e65-ad36-e2aa934e547c} - C:\Program Files (x86)\SerialTrunc\SerialTruncbho.dll (SerialTrunc)
C:\Program Files (x86)\SerialTrunc
BHO-x32: DDOwnLoaD keeeper - {F4D37834-13FC-7450-AEAA-9BA179920EA4} - C:\ProgramData\DDOwnLoaD keeeper\D9xO_RMaP.dll ()
C:\ProgramData\DDOwnLoaD keeeper
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll (Iminent)
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx [2013-12-27]
C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [dcpfhaghaadpjpgocojgnlhjcieeooel] - C:\Program Files (x86)\Re-markit\150.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-07-27]
C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx
CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Zac\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminent.crx [2013-12-27]
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-31] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-31] (SaveSense)
C:\Program Files (x86)\SaveSenseLive
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2916672 2014-01-07] (Iminent)
C:\Program Files (x86)\Common Files\Umbrella
R2 Update SerialTrunc; C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe [102176 2014-01-31] ()
R2 Util SerialTrunc; C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe [103200 2014-02-02] ()
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\EasySurvey
C:\Users\Zac\AppData\Local\Temp\81086uninstall.exe
C:\Users\Zac\AppData\Local\Temp\DownloadManager.exe
C:\Users\Zac\AppData\Local\Temp\htmlayout.dll
C:\Users\Zac\AppData\Local\Temp\ICReinstall_Setup.exe
C:\Users\Zac\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Zac\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Zac\AppData\Local\Temp\setup__1995.exe
C:\Users\Zac\AppData\Local\Temp\Sqlite3.dll
C:\Users\Zac\AppData\Local\Temp\toolbar262629703.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262629718.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262644468.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262648109.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262648921.exe
C:\Users\Zac\AppData\Local\Temp\toolbar262793671.exe
C:\Users\Zac\AppData\Local\Temp\uninstall262760625.exe
C:\Users\Zac\AppData\Local\Temp\uninstall262771765.exe
C:\Users\Zac\AppData\Local\Temp\uninstall262771781.exe
C:\Users\Zac\AppData\Local\Temp\VuuPC.exe
Task: {3CE0A26E-D2F8-4BC9-841F-3624B180A326} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
C:\Program Files (x86)\ExpressFiles
Task: {8C82CD8B-0FBA-4B47-9800-258C555D87FF} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-31] (SaveSense) <==== ATTENTION
Task: {90EF5A2B-BC52-4397-BADF-0A2520439B85} - System32\Tasks\SaveSense => C:\Users\Zac\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {948E0F4A-ACEB-4CD8-A542-3D02E28E6C15} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe [2014-01-31] () <==== ATTENTION
Task: {9809DDE5-253A-49DB-A681-4A5D4EEE604A} - System32\Tasks\AmiUpdXp => C:\Users\Zac\AppData\Local\SwvUpdater\Updater.exe [2014-01-31] () <==== ATTENTION
C:\Users\Zac\AppData\Local\SwvUpdater
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Zac\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\Zac\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION





















*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
C:\Program Files\wrapper_inst => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Iminent => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger => Value not found.
C:\Program Files (x86)\Iminent => Moved successfully.
C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk not found.
C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe not found.
"C:\Program Files (x86)\PricePeep" => File/Directory not found.
"C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk" => File/Directory not found.
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully.
C:\Users\Zac\AppData\Roaming\newnext.me => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found.
HKCR\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found.
HKCR\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} => Key deleted successfully.
HKCR\CLSID\{9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} => Key not found.
HKCR\Wow6432Node\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f1eeb06-6317-4472-a024-b97ca0b3a5d0} => Key not found.
HKCR\Wow6432Node\CLSID\{8f1eeb06-6317-4472-a024-b97ca0b3a5d0} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
HKCR\Wow6432Node\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key not found.
"C:\Program Files (x86)\Re-markit" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e76b4f24-4a2f-4e65-ad36-e2aa934e547c} => Key not found.
HKCR\Wow6432Node\CLSID\{e76b4f24-4a2f-4e65-ad36-e2aa934e547c} => Key not found.
"C:\Program Files (x86)\SerialTrunc" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D37834-13FC-7450-AEAA-9BA179920EA4} => Key not found.
HKCR\Wow6432Node\CLSID\{F4D37834-13FC-7450-AEAA-9BA179920EA4} => Key deleted successfully.
C:\ProgramData\DDOwnLoaD keeeper => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} => Key not found.
HKCR\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1FAFD711-ABF9-4F6A-8130-5166C7371427} => Value not found.
HKCR\Wow6432Node\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx => Moved successfully.
"C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel => Key not found.
"C:\Program Files (x86)\Re-markit\150.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon => Key deleted successfully.
"C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx" => File/Directory not found.
"C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oopdmcnionefjjnmchkiimificckpkif => Key deleted successfully.
C:\Users\Zac\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
"C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb => Key not found.
"C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminent.crx" => File/Directory not found.
savesenselive => Service not found.
savesenselivem => Service not found.
C:\Program Files (x86)\SaveSenseLive => Moved successfully.
SProtection => Service not found.
"C:\Program Files (x86)\Common Files\Umbrella" => File/Directory not found.
Update SerialTrunc => Service not found.
Util SerialTrunc => Service not found.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.
C:\Users\EasySurvey => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\81086uninstall.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\DownloadManager.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\ICReinstall_Setup.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\pricepeep_1.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\setup__1995.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\toolbar262629703.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\toolbar262629718.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\toolbar262644468.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\toolbar262648109.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\toolbar262648921.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\toolbar262793671.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\uninstall262760625.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\uninstall262771765.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\uninstall262771781.exe => Moved successfully.
C:\Users\Zac\AppData\Local\Temp\VuuPC.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CE0A26E-D2F8-4BC9-841F-3624B180A326} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CE0A26E-D2F8-4BC9-841F-3624B180A326} => Key deleted successfully.
C:\Windows\System32\Tasks\Express FilesUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => Key deleted successfully.
"C:\Program Files (x86)\ExpressFiles" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C82CD8B-0FBA-4B47-9800-258C555D87FF} => Key not found.
C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineUA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90EF5A2B-BC52-4397-BADF-0A2520439B85} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90EF5A2B-BC52-4397-BADF-0A2520439B85} => Key deleted successfully.
C:\Windows\System32\Tasks\SaveSense => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{948E0F4A-ACEB-4CD8-A542-3D02E28E6C15} => Key not found.
C:\Windows\System32\Tasks\Re-markit Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9809DDE5-253A-49DB-A681-4A5D4EEE604A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9809DDE5-253A-49DB-A681-4A5D4EEE604A} => Key deleted successfully.
C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
C:\Users\Zac\AppData\Local\SwvUpdater => Moved successfully.
C:\WINDOWS\Tasks\AmiUpdXp.job => Moved successfully.
C:\WINDOWS\Tasks\Re-markit Update.job not found.
C:\WINDOWS\Tasks\SaveSense.job => Moved successfully.
C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job not found.

==== End of Fixlog ====
  • 0

#6
emeraldnzl
Posted 02 February 2014 - 03:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
That looks like it worked. :thumbsup:

Time to move on to the other actions in my post. :)
  • 0

#7
Blulioness
Posted 02 February 2014 - 03:57 PM

Blulioness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Zac (administrator) on ZAC_JJ on 02-02-2014 21:49:20
Running from C:\Users\Zac\Desktop
Windows 8.1 (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Arc] - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [129360 2014-01-21] (Perfect World Entertainment)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3598680 2014-02-02] (Electronic Arts)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\MountPoints2: {038bb5e3-42fb-11e3-824f-806e6f6e6963} - "D:\Autorun.exe"

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...E10TR&pc=MASMJS
SearchScopes: HKLM - {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://start.mysearc...r=932429818&ir=
SearchScopes: HKLM-x32 - DefaultScope {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://www.bing.com/...E10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://www.bing.com/...E10TR&pc=MASMJS
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "sync": {
"app_settings": true,
"apps": true,
"autofill": true,
"autofill_profile": true,
"bookmarks": true,
"dictionary": true,
"encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAACtgzD5XBNkW2XUzG37ulMgAAAAACAAAAAAAQZgAAAAEAACAAAAC5tlsN9XLciAmqqtHD9jHOh9qG+nCiNcjGxeX5DZ7oigAAAAAOgAAAAAIAACAAAABZO7SYihDOJikTWZHM8wPxLXKlMCT6vr2C3ZllUs9LYUAAAADOgAJWBZik8F+/dQLPQVNZ8KE5EYKgJBzPF49oemzHq/gEiSIwnBCmeugSZZh/2IXoJIEb7ODuNsZqHRUDJKQzQAAAAL2Uy+Wv5KoI7ka8qbOzqN2Qx9VV8nt5UygxY2adC+xQuss9M58h6y+LMh28axNoGic05hnYX/xtMOEJ8of/1eM=",
"extension_settings": true,
"extensions": true,
"favicon_images": true,
"favicon_tracking": true,
"has_setup_completed": true,
"history_delete_directives": true,
"keystore_encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAACtgzD5XBNkW2XUzG37ulMgAAAAACAAAAAAAQZgAAAAEAACAAAACO3R1wTUPgDF5r+eOe9fRA4VbF1qtWlSCcZG9+goWJSgAAAAAOgAAAAAIAACAAAADaX9TFHdcy56mBT4LDGQsFBo4eiAuFitoWT8yQcbpoK1AAAABOeqdmvnEQNJh44h9UQY7tiBLjKAgEH4dS0V+hprqmbOfn6boL7c2F8uwWQtK2qaKxm3ic6Sm4q5zUvO22bliHmKa1jAG7C2KUc4XqYeYX40AAAADGuS8qQulqcUWG05yz4CWvaEQT2u25TkoMr1D4rZR7D4KOIVNAu7S+pB+RkXFnLXdvCQheoy/6hyVbB5xU4V5p",
"last_synced_time": "13035851316531520",
"managed_users": true,
"passwords": true,
"preferences": true,
"priority_preferences": true,
"search_engines": true,
"session_sync_guid": "session_syncaajzAEFGzGaEZfG4cAi66Q==",
"sessions": true,
"suppress_start": false,
"synced_notifications": true,
"tabs": true,
"themes": true,
"typed_urls"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Drive) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (YouTube) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Adblock Plus) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-31]
CHR Extension: (Google Search) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zac\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27]
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-07-27]
CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Zac\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-07-27]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Zac\AppData\Local\mysearchdial-speeddial.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zac\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-27]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-21] (Perfect World Entertainment Inc)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-25] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-02] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131021.001\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131021.001\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-23] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 21:41 - 2014-02-02 21:41 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC (1).exe
2014-02-02 21:39 - 2014-02-02 21:39 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC.exe
2014-02-02 21:36 - 2014-02-02 21:36 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\newnext.me
2014-02-02 19:11 - 2014-02-02 19:11 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-02 19:06 - 2014-02-02 19:06 - 00000088 _____ () C:\WINDOWS\SysWOW64\14187180285599926415.log
2014-02-02 19:02 - 2014-02-02 19:02 - 00003074 _____ () C:\WINDOWS\System32\Tasks\{8B405FB5-C995-4955-9AEC-9AB5C4FF3228}
2014-02-02 13:29 - 2014-02-02 13:29 - 02080256 _____ (Farbar) C:\Users\Zac\Downloads\FRST64.exe
2014-02-02 13:28 - 2014-02-02 13:28 - 00000045 _____ () C:\Users\Zac\AppData\Roaming\WB.CFG
2014-02-02 13:27 - 2014-02-02 13:28 - 00028624 _____ () C:\Users\Zac\Desktop\Addition.txt
2014-02-02 13:24 - 2014-02-02 21:49 - 00017591 _____ () C:\Users\Zac\Desktop\FRST.txt
2014-02-02 13:24 - 2014-02-02 21:36 - 00000000 ____D () C:\FRST
2014-02-02 13:20 - 2014-02-02 13:20 - 02080256 _____ (Farbar) C:\Users\Zac\Desktop\FRST64.exe
2014-02-01 18:48 - 2014-02-01 18:48 - 00091140 _____ () C:\Users\Zac\Downloads\Extras.Txt
2014-02-01 18:46 - 2014-02-01 18:46 - 00161368 _____ () C:\Users\Zac\Downloads\OTL.Txt
2014-02-01 18:21 - 2014-02-02 13:11 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Local\SlimWare Utilities Inc
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-02-01 00:30 - 2014-02-02 13:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-01 00:29 - 2014-02-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-01-31 23:03 - 2014-01-31 23:15 - 767623168 ____R () C:\Users\Zac\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2014-01-31 19:57 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\AVAST Software
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-31 19:48 - 2014-01-31 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-31 18:38 - 2014-01-31 18:48 - 00003380 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-01-31 18:35 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\iSafe
2014-01-31 18:35 - 2014-01-31 18:35 - 00000000 ____D () C:\WINDOWS\system32\log
2014-01-31 18:34 - 2014-02-02 19:06 - 00000866 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-31 18:34 - 2014-02-02 19:06 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-01-31 18:34 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\IminentToolbar
2014-01-31 18:34 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Iminent
2014-01-31 18:30 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Local\genienext
2014-01-31 18:30 - 2014-02-02 12:50 - 00000000 ____D () C:\Users\Zac\AppData\Local\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:33 - 00000000 ____D () C:\Users\Zac\AppData\Local\cache
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\Documents\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\.android
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 _____ () C:\Users\Zac\daemonprocess.txt
2014-01-31 18:29 - 2014-01-31 18:38 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Nosibay
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\Users\Zac\AppData\Local\SaveSenseLive
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-01-31 18:28 - 2014-02-02 12:51 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\SaveSense
2014-01-31 18:28 - 2014-01-31 18:30 - 00013049 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.installation.log
2014-01-31 18:28 - 2014-01-31 18:30 - 00001256 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.boostrap.log
2014-01-31 18:28 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\ExpressFiles
2014-01-31 00:41 - 2014-01-31 00:41 - 00085550 _____ () C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
2014-01-30 22:57 - 2014-01-30 22:57 - 00000222 _____ () C:\Users\Zac\Desktop\Fallen Earth.url
2014-01-29 23:02 - 2012-12-14 02:42 - 00277616 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-27 23:27 - 2014-01-27 23:27 - 05834223 _____ () C:\Users\Zac\Desktop\potatoes.zip
2014-01-26 15:53 - 2014-01-26 15:53 - 00000220 _____ () C:\Users\Zac\Desktop\DEFCON.url
2014-01-21 23:43 - 2014-01-21 23:43 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Fallout2
2014-01-21 23:35 - 2014-01-21 23:35 - 00001643 _____ () C:\Users\Public\Desktop\Fallout 2.lnk
2014-01-21 23:27 - 2014-02-02 13:09 - 00000000 ____D () C:\ProgramData\Fallout 2
2014-01-21 23:07 - 2014-01-21 23:20 - 205590198 _____ (killap ) C:\Users\Zac\Downloads\F2_Restoration_Project_2.3.2.exe
2014-01-20 19:33 - 2014-01-20 19:39 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 2 (GOG.COM)
2014-01-19 23:26 - 2014-01-19 23:26 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-01-19 22:59 - 2014-01-19 22:59 - 00001648 _____ () C:\Users\Public\Desktop\Fallout Tactics.lnk
2014-01-19 17:49 - 2014-01-19 17:49 - 00001605 _____ () C:\Users\Public\Desktop\Fallout.lnk
2014-01-19 16:55 - 2014-01-19 16:56 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 1+2+FalloutTactics
2014-01-19 16:50 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 16:50 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-19 16:50 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-19 16:50 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-19 16:49 - 2014-01-19 16:50 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 15:22 - 2013-12-09 00:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 15:22 - 2013-11-27 15:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 15:22 - 2013-11-27 11:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 15:22 - 2013-11-27 10:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 15:22 - 2013-11-27 09:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 15:22 - 2013-11-27 08:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:22 - 2013-11-27 08:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 15:22 - 2013-11-27 08:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:22 - 2013-11-27 08:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 15:22 - 2013-11-27 08:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 15:22 - 2013-11-27 08:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-08 22:34 - 2014-01-08 22:34 - 00707840 _____ () C:\Users\Zac\Downloads\BuildCraft_Setup.exe

==================== One Month Modified Files and Folders =======

2014-02-02 21:51 - 2014-02-02 13:24 - 00017591 _____ () C:\Users\Zac\Desktop\FRST.txt
2014-02-02 21:49 - 2014-02-02 13:24 - 00000000 ____D () C:\FRST
2014-02-02 21:41 - 2014-02-02 21:41 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC (1).exe
2014-02-02 21:39 - 2014-02-02 21:39 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC.exe
2014-02-02 21:36 - 2014-02-02 21:36 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\newnext.me
2014-02-02 21:36 - 2013-10-20 18:21 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 21:36 - 2013-08-22 19:22 - 00000000 ____D () C:\Users\Zac\AppData\Local\CRE
2014-02-02 21:12 - 2013-11-03 19:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-02 21:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-02 20:25 - 2013-11-01 14:08 - 01152069 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-02 19:47 - 2013-12-19 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\.minecraft
2014-02-02 19:15 - 2013-09-30 04:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-02 19:14 - 2013-08-22 17:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2696929737-3488624312-2355127184-1001
2014-02-02 19:14 - 2013-02-27 06:06 - 00000000 ____D () C:\ProgramData\WinClon
2014-02-02 19:12 - 2013-12-07 10:19 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 19:12 - 2013-11-01 14:21 - 00000000 __RDO () C:\Users\Zac\SkyDrive
2014-02-02 19:11 - 2014-02-02 19:11 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-02 19:11 - 2013-11-24 19:19 - 00000000 ___RD () C:\Users\Zac\Google Drive
2014-02-02 19:11 - 2013-10-20 18:21 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 19:11 - 2013-08-22 17:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-02 19:10 - 2013-11-29 10:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-02 19:09 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-02 19:08 - 2013-09-29 20:03 - 00536840 _____ () C:\WINDOWS\PFRO.log
2014-02-02 19:08 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-02 19:06 - 2014-02-02 19:06 - 00000088 _____ () C:\WINDOWS\SysWOW64\14187180285599926415.log
2014-02-02 19:06 - 2014-01-31 18:34 - 00000866 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-02-02 19:06 - 2014-01-31 18:34 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-02-02 19:05 - 2013-12-17 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-02 19:05 - 2013-12-17 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-02 19:04 - 2013-08-22 17:24 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 19:02 - 2014-02-02 19:02 - 00003074 _____ () C:\WINDOWS\System32\Tasks\{8B405FB5-C995-4955-9AEC-9AB5C4FF3228}
2014-02-02 13:29 - 2014-02-02 13:29 - 02080256 _____ (Farbar) C:\Users\Zac\Downloads\FRST64.exe
2014-02-02 13:28 - 2014-02-02 13:28 - 00000045 _____ () C:\Users\Zac\AppData\Roaming\WB.CFG
2014-02-02 13:28 - 2014-02-02 13:27 - 00028624 _____ () C:\Users\Zac\Desktop\Addition.txt
2014-02-02 13:20 - 2014-02-02 13:20 - 02080256 _____ (Farbar) C:\Users\Zac\Desktop\FRST64.exe
2014-02-02 13:14 - 2013-11-01 13:48 - 00000000 ____D () C:\Users\Zac
2014-02-02 13:12 - 2013-08-22 14:44 - 03384160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-02 13:11 - 2014-02-01 18:21 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-02-02 13:09 - 2014-01-31 18:35 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\iSafe
2014-02-02 13:09 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\IminentToolbar
2014-02-02 13:09 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\genienext
2014-02-02 13:09 - 2014-01-21 23:27 - 00000000 ____D () C:\ProgramData\Fallout 2
2014-02-02 13:09 - 2013-11-30 15:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-02 13:09 - 2013-11-30 15:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-02 13:09 - 2013-11-29 10:25 - 00000000 ____D () C:\ProgramData\Origin
2014-02-02 13:09 - 2013-11-01 14:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-02-02 13:09 - 2013-09-30 03:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-02-02 13:09 - 2013-08-28 18:20 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Arc
2014-02-02 13:09 - 2013-08-22 19:06 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\uTorrent
2014-02-02 13:09 - 2013-08-22 17:18 - 00000000 ____D () C:\Users\Zac\AppData\Local\Packages
2014-02-02 13:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-02 13:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-02 13:09 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-02 13:09 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-02-02 13:09 - 2013-02-27 06:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-02 13:09 - 2013-02-27 06:04 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-02-02 13:09 - 2013-02-27 06:04 - 00000000 ____D () C:\ProgramData\Norton
2014-02-02 13:09 - 2013-02-27 04:52 - 00000000 ____D () C:\Program Files\Samsung
2014-02-02 13:09 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-02-02 13:08 - 2014-02-01 00:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-02 13:08 - 2013-11-30 15:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-02 13:08 - 2013-02-27 07:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-02 13:08 - 2013-02-27 06:04 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-02 12:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-02 12:51 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\SaveSense
2014-02-02 12:50 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\Mobogenie
2014-02-02 12:47 - 2013-11-30 15:50 - 00000000 __RHD () C:\MSOCache
2014-02-01 20:42 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-01 20:28 - 2013-10-16 16:53 - 00022016 ___SH () C:\Users\Zac\Desktop\Thumbs.db
2014-02-01 18:48 - 2014-02-01 18:48 - 00091140 _____ () C:\Users\Zac\Downloads\Extras.Txt
2014-02-01 18:46 - 2014-02-01 18:46 - 00161368 _____ () C:\Users\Zac\Downloads\OTL.Txt
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Local\SlimWare Utilities Inc
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-02-01 00:29 - 2014-02-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-01-31 23:15 - 2014-01-31 23:03 - 767623168 ____R () C:\Users\Zac\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2014-01-31 20:02 - 2013-09-27 22:30 - 00063488 ___SH () C:\Users\Zac\Downloads\Thumbs.db
2014-01-31 19:57 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\AVAST Software
2014-01-31 19:52 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-31 19:48 - 2014-01-31 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-31 18:48 - 2014-01-31 18:38 - 00003380 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-01-31 18:38 - 2014-01-31 18:29 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Nosibay
2014-01-31 18:35 - 2014-01-31 18:35 - 00000000 ____D () C:\WINDOWS\system32\log
2014-01-31 18:34 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Iminent
2014-01-31 18:33 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\cache
2014-01-31 18:31 - 2013-09-24 20:18 - 00000000 ____D () C:\Users\Zac\AppData\Local\CrashDumps
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\Documents\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\.android
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 _____ () C:\Users\Zac\daemonprocess.txt
2014-01-31 18:30 - 2014-01-31 18:28 - 00013049 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.installation.log
2014-01-31 18:30 - 2014-01-31 18:28 - 00001256 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.boostrap.log
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\Users\Zac\AppData\Local\SaveSenseLive
2014-01-31 18:29 - 2014-01-31 18:29 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-01-31 18:28 - 2014-01-31 18:28 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\ExpressFiles
2014-01-31 00:41 - 2014-01-31 00:41 - 00085550 _____ () C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
2014-01-31 00:41 - 2013-08-22 14:46 - 00288557 _____ () C:\WINDOWS\setupact.log
2014-01-30 22:57 - 2014-01-30 22:57 - 00000222 _____ () C:\Users\Zac\Desktop\Fallen Earth.url
2014-01-30 22:57 - 2013-09-23 18:51 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-28 17:11 - 2013-11-03 19:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-28 17:11 - 2013-08-22 17:24 - 00000000 ____D () C:\Users\Zac\AppData\Local\Adobe
2014-01-27 23:27 - 2014-01-27 23:27 - 05834223 _____ () C:\Users\Zac\Desktop\potatoes.zip
2014-01-27 19:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-26 15:53 - 2014-01-26 15:53 - 00000220 _____ () C:\Users\Zac\Desktop\DEFCON.url
2014-01-26 01:28 - 2013-12-05 23:02 - 00034244 _____ () C:\WINDOWS\DirectX.log
2014-01-24 22:15 - 2013-11-01 14:33 - 00001414 _____ () C:\Users\Zac\Desktop\ROBLOX Studio 2013.lnk
2014-01-24 22:14 - 2013-11-01 14:33 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-01-23 16:13 - 2013-11-01 14:34 - 00001402 _____ () C:\Users\Zac\Desktop\ROBLOX Player.lnk
2014-01-22 15:19 - 2013-10-15 15:22 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-21 23:43 - 2014-01-21 23:43 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Fallout2
2014-01-21 23:35 - 2014-01-21 23:35 - 00001643 _____ () C:\Users\Public\Desktop\Fallout 2.lnk
2014-01-21 23:20 - 2014-01-21 23:07 - 205590198 _____ (killap ) C:\Users\Zac\Downloads\F2_Restoration_Project_2.3.2.exe
2014-01-20 19:39 - 2014-01-20 19:33 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 2 (GOG.COM)
2014-01-20 19:34 - 2013-12-05 22:59 - 00000000 ____D () C:\GOG Games
2014-01-19 23:26 - 2014-01-19 23:26 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-01-19 22:59 - 2014-01-19 22:59 - 00001648 _____ () C:\Users\Public\Desktop\Fallout Tactics.lnk
2014-01-19 17:49 - 2014-01-19 17:49 - 00001605 _____ () C:\Users\Public\Desktop\Fallout.lnk
2014-01-19 16:56 - 2014-01-19 16:55 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 1+2+FalloutTactics
2014-01-19 16:50 - 2014-01-19 16:49 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 16:50 - 2013-10-08 14:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-19 16:50 - 2013-10-08 14:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-19 16:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-18 12:59 - 2013-09-07 11:41 - 00000000 ____D () C:\Users\Zac\AppData\Local\Game Dev Tycoon
2014-01-16 22:56 - 2013-08-24 14:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-16 22:53 - 2013-08-24 14:54 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 15:15 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-08 22:34 - 2014-01-08 22:34 - 00707840 _____ () C:\Users\Zac\Downloads\BuildCraft_Setup.exe
2014-01-06 22:31 - 2013-08-22 15:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 22:31 - 2013-08-22 15:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-01 21:02

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Zac at 2014-02-02 21:56:12
Running from C:\Users\Zac\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (x32 Version: - )
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Arc (x32 Version: 1.0.0.5510 - Perfect World Entertainment)
CCleaner (Version: 4.04 - Piriform)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DEFCON (x32 Version: - Introversion Software)
Easy File Share (x32 Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (x32 Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fallen Earth (x32 Version: - Reloaded Productions)
Fallout (x32 Version: 2.0.0.14 - GOG.com)
Fallout 2 (x32 Version: - GOG.com)
Fallout Tactics (x32 Version: 2.0.0.8 - GOG.com)
FO2 Restoration Project 2.3.2 (x32 Version: - killap)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Game Dev Tycoon v1.3.9 (x32 Version: 1.3.9 - Friends in War)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Help Desk (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Origin (x32 Version: 9.1.10.2728 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Portal (x32 Version: - Valve)
Portal 2 (x32 Version: - Valve)
Portal 2 Publishing Tool (x32 Version: - )
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (x32 Version: 6.0.9.4 - Samsung Electronics CO., LTD.)
ROBLOX Player for Zac (HKCU Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Zac (HKCU Version: - ROBLOX Corporation)
Robocraft version 0.2.161 (x32 Version: 0.2.161 - Freejam)
S Agent (Version: 1.1.30 - Samsung Electronics CO., LTD.) Hidden
Settings (x32 Version: 2.0.1 - Samsung Electronics CO., LTD.)
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Software Version Updater (x32 Version: 1.1.3.8 - ) <==== ATTENTION
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Support Center (Version: 2.1.70 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (x32 Version: 2.1.7 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (Version: 16.2.14.2 - Synaptics Incorporated)
The Games Factory 2 (x32 Version: - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
User Guide (x32 Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points =========================

16-01-2014 22:51:28 Windows Update
19-01-2014 16:48:01 Installed Java 7 Update 51
26-01-2014 01:26:33 Installed DirectX
30-01-2014 18:10:39 Windows Update
31-01-2014 18:53:45 Restore Operation

==================== Hosts content: ==========================

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {26011876-06A5-4AF6-B106-0CB649AEAD8D} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-01-14] (SEC)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F098F8C-4914-4937-8647-6D7F15DE6ABE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {43AD14AB-F8FB-43FB-9CD2-2932A4518491} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B328FC5-8C6C-4633-A0A2-DE79C2DFE802} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {649AD861-609F-4E0A-B7A3-8773685828E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-20] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E1906EC-8813-4F40-B286-E5B2DF335B94} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {993B59A2-2C1B-4F10-B129-DDB31215199D} - System32\Tasks\PcRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ACDC53C5-848B-463C-B752-7F9623670338} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-16] (Microsoft Corporation)
Task: {B03A1296-F5B8-4901-8DBF-86492D65048A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {C5283E21-F829-4EE1-842E-A4C0FD41262F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28] (Adobe Systems Incorporated)
Task: {C775FE71-27AF-4229-9AB3-8955D467BD3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {CFE3C8AD-C4EF-464D-B7F1-DED7ACF15228} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-20] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCE495E7-DF76-4BCF-BA05-7B50701FAECF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E213F813-2043-4EF2-B516-1634BB4DFCC7} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 11:57 - 2012-10-31 11:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 11:55 - 2012-10-31 11:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 07:26 - 2012-11-30 07:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-02-27 05:51 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-01-28 18:00 - 2014-01-23 05:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 18:00 - 2014-01-23 05:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 18:00 - 2014-01-23 05:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 18:00 - 2014-01-23 05:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 18:00 - 2014-01-23 05:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Zac\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3795.53 MB
Available physical RAM: 2586.47 MB
Total Pagefile: 10963.54 MB
Available Pagefile: 9620.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.13 GB) (Free:312.26 GB) NTFS
Drive d: (SIMCITY) (CDROM) (Total:1.85 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 97B7B13F)

Partition: GPT Partition Type
==================== End Of Log ============================
  • 0

#8
emeraldnzl
Posted 02 February 2014 - 04:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Blulioness,

Making progress I think. :)

Now

Please go to the link below and follow the instructions on how to reset Google Chrome browser settings:

https://support.goog...r/3296214?hl=en

If you run into problems tell me.

After that

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button).

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.
  • 0

#9
Blulioness
Posted 02 February 2014 - 04:39 PM

Blulioness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi again, I think I've done this right, here goes..... (oh and thank you again for helping)

# AdwCleaner v3.018 - Report created 02/02/2014 at 22:31:15
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Zac - ZAC_JJ
# Running from : C:\Users\Zac\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Users\Zac\AppData\Local\Conduit
Folder Deleted : C:\Users\Zac\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Zac\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Zac\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Zac\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Zac\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Zac\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\Zac\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Zac\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Zac\AppData\Roaming\UpdaterEX
File Deleted : C:\END
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Iminent

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13142 octets] - [02/02/2014 22:27:44]
AdwCleaner[S0].txt - [12825 octets] - [02/02/2014 22:31:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12886 octets] ##########
  • 0

#10
emeraldnzl
Posted 02 February 2014 - 04:45 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Blulioness,

Hi again, I think I've done this right, here goes.....


Yep, looking good. :thumbsup:

Moving on now

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

After that

  • Please run Farbars Recovery Scan Tool again
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
When you return please post
MBAM report
FRST.txt
  • 0

Advertisements

#11
Blulioness
Posted 03 February 2014 - 11:54 AM

Blulioness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks once again for helping :) Right, here are the two logs you asked for:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.03.04

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Zac :: ZAC_JJ [administrator]

Protection: Enabled

03/02/2014 17:14:01
mbam-log-2014-02-03 (17-14-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213391
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\ProgramData\SaveSenseLive (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\ProgramData\SaveSenseLive\Update (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\ProgramData\SaveSenseLive\Update\Log (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\SaveSense (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\SaveSense\UpdateProc (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Local\SaveSenseLive (PUP.Optional.SaveSense.A) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Local\SaveSenseLive\CrashReports (PUP.Optional.SaveSense.A) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Users\Zac\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe (PUP.Optional.SaveSense.A) -> Quarantined and deleted successfully.
C:\Users\Zac\Downloads\BuildCraft_Setup.exe (PUP.Optional.Direction) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\Bubble Dock.boostrap.log (PUP.Optional.Bubbledock.A) -> Quarantined and deleted successfully.
C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\SaveSense\UpdateProc\config.dat (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT (PUP.Optional.SaveSense) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)

----------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Zac (administrator) on ZAC_JJ on 03-02-2014 17:46:52
Running from C:\Users\Zac\Desktop
Windows 8.1 (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Perfect World Entertainment Inc) C:\Program Files (x86)\Perfect World Entertainment\Arc\Arc.exe
() C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcOSBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Arc] - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [129360 2014-01-21] (Perfect World Entertainment)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3598680 2014-02-02] (Electronic Arts)
HKU\S-1-5-21-2696929737-3488624312-2355127184-1001\...\MountPoints2: {038bb5e3-42fb-11e3-824f-806e6f6e6963} - "D:\Autorun.exe"

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://start.mysearc...r=932429818&ir=
SearchScopes: HKLM-x32 - {9624FE04-1FC1-4A08-B8DE-DB8B8C7FC38C} URL = http://www.bing.com/...E10TR&pc=MASMJS
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "sync": {
"app_settings": true,
"apps": true,
"autofill": true,
"autofill_profile": true,
"bookmarks": true,
"dictionary": true,
"encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAACtgzD5XBNkW2XUzG37ulMgAAAAACAAAAAAAQZgAAAAEAACAAAAC5tlsN9XLciAmqqtHD9jHOh9qG+nCiNcjGxeX5DZ7oigAAAAAOgAAAAAIAACAAAABZO7SYihDOJikTWZHM8wPxLXKlMCT6vr2C3ZllUs9LYUAAAADOgAJWBZik8F+/dQLPQVNZ8KE5EYKgJBzPF49oemzHq/gEiSIwnBCmeugSZZh/2IXoJIEb7ODuNsZqHRUDJKQzQAAAAL2Uy+Wv5KoI7ka8qbOzqN2Qx9VV8nt5UygxY2adC+xQuss9M58h6y+LMh28axNoGic05hnYX/xtMOEJ8of/1eM=",
"extension_settings": true,
"extensions": true,
"favicon_images": true,
"favicon_tracking": true,
"has_setup_completed": true,
"history_delete_directives": true,
"keystore_encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAACtgzD5XBNkW2XUzG37ulMgAAAAACAAAAAAAQZgAAAAEAACAAAACO3R1wTUPgDF5r+eOe9fRA4VbF1qtWlSCcZG9+goWJSgAAAAAOgAAAAAIAACAAAADaX9TFHdcy56mBT4LDGQsFBo4eiAuFitoWT8yQcbpoK1AAAABOeqdmvnEQNJh44h9UQY7tiBLjKAgEH4dS0V+hprqmbOfn6boL7c2F8uwWQtK2qaKxm3ic6Sm4q5zUvO22bliHmKa1jAG7C2KUc4XqYeYX40AAAADGuS8qQulqcUWG05yz4CWvaEQT2u25TkoMr1D4rZR7D4KOIVNAu7S+pB+RkXFnLXdvCQheoy/6hyVbB5xU4V5p",
"last_synced_time": "13035923107859864",
"managed_users": true,
"passwords": true,
"preferences": true,
"priority_preferences": true,
"search_engines": true,
"session_sync_guid": "session_syncaajzAEFGzGaEZfG4cAi66Q==",
"sessions": true,
"suppress_start": false,
"synced_notifications": true,
"tabs": true,
"themes": true,
"typed_urls"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Drive) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (YouTube) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Adblock Plus) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-31]
CHR Extension: (Google Search) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zac\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27]
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-07-27]
CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Zac\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Zac\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-27]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-21] (Perfect World Entertainment Inc)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-25] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-02] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131021.001\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131021.001\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-23] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 17:44 - 2014-02-03 17:44 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-03 17:26 - 2014-02-03 17:27 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-03 17:12 - 2014-02-03 17:12 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 17:12 - 2014-02-03 17:12 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Malwarebytes
2014-02-03 17:12 - 2014-02-03 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 17:12 - 2014-02-03 17:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-03 17:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-03 17:11 - 2014-02-03 17:11 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Zac\Downloads\mbam-setup.exe
2014-02-02 22:33 - 2014-02-02 22:33 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-02 22:27 - 2014-02-02 22:31 - 00000000 ____D () C:\AdwCleaner
2014-02-02 22:25 - 2014-02-02 22:25 - 01166132 _____ () C:\Users\Zac\Desktop\AdwCleaner.exe
2014-02-02 21:41 - 2014-02-02 21:41 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC (1).exe
2014-02-02 21:39 - 2014-02-02 21:39 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC.exe
2014-02-02 19:06 - 2014-02-02 19:06 - 00000088 _____ () C:\WINDOWS\SysWOW64\14187180285599926415.log
2014-02-02 19:02 - 2014-02-02 19:02 - 00003074 _____ () C:\WINDOWS\System32\Tasks\{8B405FB5-C995-4955-9AEC-9AB5C4FF3228}
2014-02-02 13:29 - 2014-02-02 13:29 - 02080256 _____ (Farbar) C:\Users\Zac\Downloads\FRST64.exe
2014-02-02 13:28 - 2014-02-02 13:28 - 00000045 _____ () C:\Users\Zac\AppData\Roaming\WB.CFG
2014-02-02 13:27 - 2014-02-02 21:56 - 00020257 _____ () C:\Users\Zac\Desktop\Addition.txt
2014-02-02 13:24 - 2014-02-03 17:46 - 00018849 _____ () C:\Users\Zac\Desktop\FRST.txt
2014-02-02 13:24 - 2014-02-03 17:46 - 00000000 ____D () C:\FRST
2014-02-02 13:20 - 2014-02-02 13:20 - 02080256 _____ (Farbar) C:\Users\Zac\Desktop\FRST64.exe
2014-02-01 18:48 - 2014-02-01 18:48 - 00091140 _____ () C:\Users\Zac\Downloads\Extras.Txt
2014-02-01 18:46 - 2014-02-01 18:46 - 00161368 _____ () C:\Users\Zac\Downloads\OTL.Txt
2014-02-01 18:21 - 2014-02-02 13:11 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Local\SlimWare Utilities Inc
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-02-01 00:30 - 2014-02-02 13:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-01 00:29 - 2014-02-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-01-31 23:03 - 2014-01-31 23:15 - 767623168 ____R () C:\Users\Zac\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2014-01-31 19:57 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\AVAST Software
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-31 19:48 - 2014-01-31 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-31 18:38 - 2014-01-31 18:48 - 00003380 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-01-31 18:35 - 2014-02-02 13:09 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\iSafe
2014-01-31 18:35 - 2014-01-31 18:35 - 00000000 ____D () C:\WINDOWS\system32\log
2014-01-31 18:34 - 2014-02-02 19:06 - 00000866 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-31 18:30 - 2014-02-03 17:32 - 00000000 ____D () C:\Users\Zac\AppData\Local\genienext
2014-01-31 18:30 - 2014-02-02 12:50 - 00000000 ____D () C:\Users\Zac\AppData\Local\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:33 - 00000000 ____D () C:\Users\Zac\AppData\Local\cache
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\Documents\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\.android
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 _____ () C:\Users\Zac\daemonprocess.txt
2014-01-31 18:28 - 2014-01-31 18:30 - 00013049 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.installation.log
2014-01-31 00:41 - 2014-01-31 00:41 - 00085550 _____ () C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
2014-01-30 22:57 - 2014-01-30 22:57 - 00000222 _____ () C:\Users\Zac\Desktop\Fallen Earth.url
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11176448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11049472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 09007616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\WINDOWS\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\WINDOWS\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\WINDOWS\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\WINDOWS\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\WINDOWS\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\WINDOWS\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\WINDOWS\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\WINDOWS\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\WINDOWS\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\WINDOWS\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\WINDOWS\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\WINDOWS\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\WINDOWS\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\WINDOWS\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\WINDOWS\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\WINDOWS\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\WINDOWS\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\WINDOWS\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\WINDOWS\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\WINDOWS\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\WINDOWS\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\WINDOWS\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\WINDOWS\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\WINDOWS\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\WINDOWS\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\WINDOWS\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\WINDOWS\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\WINDOWS\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\WINDOWS\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\WINDOWS\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2014-01-27 23:27 - 2014-01-27 23:27 - 05834223 _____ () C:\Users\Zac\Desktop\potatoes.zip
2014-01-26 15:53 - 2014-01-26 15:53 - 00000220 _____ () C:\Users\Zac\Desktop\DEFCON.url
2014-01-21 23:43 - 2014-01-21 23:43 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Fallout2
2014-01-21 23:35 - 2014-01-21 23:35 - 00001643 _____ () C:\Users\Public\Desktop\Fallout 2.lnk
2014-01-21 23:27 - 2014-02-02 13:09 - 00000000 ____D () C:\ProgramData\Fallout 2
2014-01-21 23:07 - 2014-01-21 23:20 - 205590198 _____ (killap ) C:\Users\Zac\Downloads\F2_Restoration_Project_2.3.2.exe
2014-01-20 19:33 - 2014-01-20 19:39 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 2 (GOG.COM)
2014-01-19 23:26 - 2014-01-19 23:26 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-01-19 22:59 - 2014-01-19 22:59 - 00001648 _____ () C:\Users\Public\Desktop\Fallout Tactics.lnk
2014-01-19 17:49 - 2014-01-19 17:49 - 00001605 _____ () C:\Users\Public\Desktop\Fallout.lnk
2014-01-19 16:55 - 2014-01-19 16:56 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 1+2+FalloutTactics
2014-01-19 16:50 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 16:50 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-19 16:50 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-19 16:50 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-19 16:49 - 2014-01-19 16:50 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 15:22 - 2013-12-09 00:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 15:22 - 2013-11-27 15:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 15:22 - 2013-11-27 11:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 15:22 - 2013-11-27 10:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 15:22 - 2013-11-27 09:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 15:22 - 2013-11-27 08:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:22 - 2013-11-27 08:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 15:22 - 2013-11-27 08:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:22 - 2013-11-27 08:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 15:22 - 2013-11-27 08:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 15:22 - 2013-11-27 08:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

==================== One Month Modified Files and Folders =======

2014-02-03 17:47 - 2014-02-02 13:24 - 00018849 _____ () C:\Users\Zac\Desktop\FRST.txt
2014-02-03 17:46 - 2014-02-02 13:24 - 00000000 ____D () C:\FRST
2014-02-03 17:46 - 2013-08-22 17:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2696929737-3488624312-2355127184-1001
2014-02-03 17:44 - 2014-02-03 17:44 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-03 17:41 - 2013-11-24 19:19 - 00000000 ___RD () C:\Users\Zac\Google Drive
2014-02-03 17:41 - 2013-08-22 17:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-03 17:40 - 2013-12-07 10:19 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 17:40 - 2013-11-29 10:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-03 17:40 - 2013-11-01 14:21 - 00000000 __RDO () C:\Users\Zac\SkyDrive
2014-02-03 17:40 - 2013-10-20 18:21 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 17:39 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-03 17:38 - 2013-09-30 04:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-03 17:36 - 2013-10-20 18:21 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 17:34 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-03 17:33 - 2013-11-01 14:08 - 01258984 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-03 17:33 - 2013-09-29 20:03 - 00543280 _____ () C:\WINDOWS\PFRO.log
2014-02-03 17:33 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-03 17:32 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\genienext
2014-02-03 17:27 - 2014-02-03 17:26 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-03 17:13 - 2013-02-27 06:06 - 00000000 ____D () C:\ProgramData\WinClon
2014-02-03 17:12 - 2014-02-03 17:12 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 17:12 - 2014-02-03 17:12 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Malwarebytes
2014-02-03 17:12 - 2014-02-03 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 17:12 - 2014-02-03 17:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-03 17:12 - 2013-11-03 19:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-03 17:11 - 2014-02-03 17:11 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Zac\Downloads\mbam-setup.exe
2014-02-02 22:33 - 2014-02-02 22:33 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-02 22:31 - 2014-02-02 22:27 - 00000000 ____D () C:\AdwCleaner
2014-02-02 22:25 - 2014-02-02 22:25 - 01166132 _____ () C:\Users\Zac\Desktop\AdwCleaner.exe
2014-02-02 21:56 - 2014-02-02 13:27 - 00020257 _____ () C:\Users\Zac\Desktop\Addition.txt
2014-02-02 21:41 - 2014-02-02 21:41 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC (1).exe
2014-02-02 21:39 - 2014-02-02 21:39 - 00448512 _____ (OldTimer Tools) C:\Users\Zac\Downloads\TFC.exe
2014-02-02 21:36 - 2013-08-22 19:22 - 00000000 ____D () C:\Users\Zac\AppData\Local\CRE
2014-02-02 19:47 - 2013-12-19 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\.minecraft
2014-02-02 19:06 - 2014-02-02 19:06 - 00000088 _____ () C:\WINDOWS\SysWOW64\14187180285599926415.log
2014-02-02 19:06 - 2014-01-31 18:34 - 00000866 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-02-02 19:05 - 2013-12-17 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-02 19:05 - 2013-12-17 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-02 19:04 - 2013-08-22 17:24 - 00000000 ___RD () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 19:02 - 2014-02-02 19:02 - 00003074 _____ () C:\WINDOWS\System32\Tasks\{8B405FB5-C995-4955-9AEC-9AB5C4FF3228}
2014-02-02 13:29 - 2014-02-02 13:29 - 02080256 _____ (Farbar) C:\Users\Zac\Downloads\FRST64.exe
2014-02-02 13:28 - 2014-02-02 13:28 - 00000045 _____ () C:\Users\Zac\AppData\Roaming\WB.CFG
2014-02-02 13:20 - 2014-02-02 13:20 - 02080256 _____ (Farbar) C:\Users\Zac\Desktop\FRST64.exe
2014-02-02 13:14 - 2013-11-01 13:48 - 00000000 ____D () C:\Users\Zac
2014-02-02 13:12 - 2013-08-22 14:44 - 03384160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-02 13:11 - 2014-02-01 18:21 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-02-02 13:09 - 2014-01-31 18:35 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\iSafe
2014-02-02 13:09 - 2014-01-21 23:27 - 00000000 ____D () C:\ProgramData\Fallout 2
2014-02-02 13:09 - 2013-11-30 15:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-02 13:09 - 2013-11-30 15:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-02 13:09 - 2013-11-29 10:25 - 00000000 ____D () C:\ProgramData\Origin
2014-02-02 13:09 - 2013-11-01 14:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-02-02 13:09 - 2013-09-30 03:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-02-02 13:09 - 2013-08-28 18:20 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Arc
2014-02-02 13:09 - 2013-08-22 19:06 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\uTorrent
2014-02-02 13:09 - 2013-08-22 17:18 - 00000000 ____D () C:\Users\Zac\AppData\Local\Packages
2014-02-02 13:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-02 13:09 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-02 13:09 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-02 13:09 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-02-02 13:09 - 2013-02-27 06:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-02 13:09 - 2013-02-27 06:04 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-02-02 13:09 - 2013-02-27 06:04 - 00000000 ____D () C:\ProgramData\Norton
2014-02-02 13:09 - 2013-02-27 04:52 - 00000000 ____D () C:\Program Files\Samsung
2014-02-02 13:09 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-02-02 13:08 - 2014-02-01 00:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-02 13:08 - 2013-11-30 15:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-02 13:08 - 2013-02-27 07:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-02 13:08 - 2013-02-27 06:04 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-02 12:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-02 12:50 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\Mobogenie
2014-02-02 12:47 - 2013-11-30 15:50 - 00000000 __RHD () C:\MSOCache
2014-02-01 20:42 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-01 20:28 - 2013-10-16 16:53 - 00022016 ___SH () C:\Users\Zac\Desktop\Thumbs.db
2014-02-01 18:48 - 2014-02-01 18:48 - 00091140 _____ () C:\Users\Zac\Downloads\Extras.Txt
2014-02-01 18:46 - 2014-02-01 18:46 - 00161368 _____ () C:\Users\Zac\Downloads\OTL.Txt
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\Users\Zac\AppData\Local\SlimWare Utilities Inc
2014-02-01 18:21 - 2014-02-01 18:21 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-02-01 00:36 - 2014-02-01 00:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-02-01 00:29 - 2014-02-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-01-31 23:15 - 2014-01-31 23:03 - 767623168 ____R () C:\Users\Zac\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2014-01-31 20:02 - 2013-09-27 22:30 - 00063488 ___SH () C:\Users\Zac\Downloads\Thumbs.db
2014-01-31 19:57 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\AVAST Software
2014-01-31 19:52 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-31 19:48 - 2014-01-31 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-31 18:48 - 2014-01-31 18:38 - 00003380 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-01-31 18:35 - 2014-01-31 18:35 - 00000000 ____D () C:\WINDOWS\system32\log
2014-01-31 18:33 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\AppData\Local\cache
2014-01-31 18:31 - 2013-09-24 20:18 - 00000000 ____D () C:\Users\Zac\AppData\Local\CrashDumps
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\Documents\Mobogenie
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Zac\.android
2014-01-31 18:30 - 2014-01-31 18:30 - 00000000 _____ () C:\Users\Zac\daemonprocess.txt
2014-01-31 18:30 - 2014-01-31 18:28 - 00013049 _____ () C:\Users\Zac\AppData\Roaming\Bubble Dock.installation.log
2014-01-31 00:41 - 2014-01-31 00:41 - 00085550 _____ () C:\Users\Zac\AppData\Roaming\icarus-dxdiag.xml
2014-01-31 00:41 - 2013-08-22 14:46 - 00288557 _____ () C:\WINDOWS\setupact.log
2014-01-30 22:57 - 2014-01-30 22:57 - 00000222 _____ () C:\Users\Zac\Desktop\Fallen Earth.url
2014-01-30 22:57 - 2013-09-23 18:51 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11176448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11049472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 09007616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\WINDOWS\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\WINDOWS\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\WINDOWS\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\WINDOWS\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\WINDOWS\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\WINDOWS\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\WINDOWS\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\WINDOWS\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\WINDOWS\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\WINDOWS\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\WINDOWS\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\WINDOWS\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\WINDOWS\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\WINDOWS\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\WINDOWS\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\WINDOWS\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\WINDOWS\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\WINDOWS\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\WINDOWS\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\WINDOWS\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\WINDOWS\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\WINDOWS\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\WINDOWS\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\WINDOWS\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\WINDOWS\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\WINDOWS\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\WINDOWS\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\WINDOWS\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\WINDOWS\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\WINDOWS\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 12859392 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 12617216 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00110592 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00064000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00028672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00025088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2014-01-28 17:11 - 2013-11-03 19:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-28 17:11 - 2013-08-22 17:24 - 00000000 ____D () C:\Users\Zac\AppData\Local\Adobe
2014-01-27 23:27 - 2014-01-27 23:27 - 05834223 _____ () C:\Users\Zac\Desktop\potatoes.zip
2014-01-27 19:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-26 15:53 - 2014-01-26 15:53 - 00000220 _____ () C:\Users\Zac\Desktop\DEFCON.url
2014-01-26 01:28 - 2013-12-05 23:02 - 00034244 _____ () C:\WINDOWS\DirectX.log
2014-01-24 22:15 - 2013-11-01 14:33 - 00001414 _____ () C:\Users\Zac\Desktop\ROBLOX Studio 2013.lnk
2014-01-24 22:14 - 2013-11-01 14:33 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-01-23 16:13 - 2013-11-01 14:34 - 00001402 _____ () C:\Users\Zac\Desktop\ROBLOX Player.lnk
2014-01-22 15:19 - 2013-10-15 15:22 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-21 23:43 - 2014-01-21 23:43 - 00000000 ____D () C:\Users\Zac\AppData\Roaming\Fallout2
2014-01-21 23:35 - 2014-01-21 23:35 - 00001643 _____ () C:\Users\Public\Desktop\Fallout 2.lnk
2014-01-21 23:20 - 2014-01-21 23:07 - 205590198 _____ (killap ) C:\Users\Zac\Downloads\F2_Restoration_Project_2.3.2.exe
2014-01-20 19:39 - 2014-01-20 19:33 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 2 (GOG.COM)
2014-01-20 19:34 - 2013-12-05 22:59 - 00000000 ____D () C:\GOG Games
2014-01-19 23:26 - 2014-01-19 23:26 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-01-19 23:26 - 2014-01-19 23:26 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-01-19 23:26 - 2014-01-19 23:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-01-19 22:59 - 2014-01-19 22:59 - 00001648 _____ () C:\Users\Public\Desktop\Fallout Tactics.lnk
2014-01-19 17:49 - 2014-01-19 17:49 - 00001605 _____ () C:\Users\Public\Desktop\Fallout.lnk
2014-01-19 16:56 - 2014-01-19 16:55 - 00000000 ____D () C:\Users\Zac\Downloads\Fallout 1+2+FalloutTactics
2014-01-19 16:50 - 2014-01-19 16:49 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 16:50 - 2013-10-08 14:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-19 16:50 - 2013-10-08 14:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-19 16:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-18 12:59 - 2013-09-07 11:41 - 00000000 ____D () C:\Users\Zac\AppData\Local\Game Dev Tycoon
2014-01-16 22:56 - 2013-08-24 14:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-16 22:53 - 2013-08-24 14:54 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 15:15 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-06 22:31 - 2013-08-22 15:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 22:31 - 2013-08-22 15:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Zac\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-02 22:03

==================== End Of Log ============================
  • 0

#12
emeraldnzl
Posted 03 February 2014 - 02:17 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Blulioness,

Looking very good now. Just one action and a search to check on a file. Once that is cleared up we can run an online scan, and all going well, after that we can go to clearing away the tools we have been using. :)

Now

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please run (FRST) Farbar Recovery Scan Tool

Type the following in the edit box after "Search:".

ValueApps.crx

Click Search button and post the log (Search.txt) it makes to your reply.

When you come back please post
  • Fixlog.txt
  • Search.txt
  • 0

#13
Blulioness
Posted 04 February 2014 - 09:51 AM

Blulioness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okay, here goes..... two short ones this time:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Zac at 2014-02-04 15:40:04 Run:2
Running from C:\Users\Zac\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-07-27]
C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx
C:\Users\Zac\AppData\Local\Temp\Quarantine.exe

*****************

HKCU\SOFTWARE\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon => Key deleted successfully.
"C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx" => File/Directory not found.
"C:\Users\Zac\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx" => File/Directory not found.
C:\Users\Zac\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Zac at 2014-02-04 15:44:15
Running from C:\Users\Zac\Desktop
Boot Mode: Normal

================== Search: "ValueApps.crx" ===================

====== End Of Search ======
  • 0

#14
emeraldnzl
Posted 04 February 2014 - 12:46 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Blulioness,

Almost there. :)

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#15
Blulioness
Posted 06 February 2014 - 10:11 AM

Blulioness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Emeraldnzl, my son did the last scan and he tells me the laptop is running 'fine' -whatever that means!

C:\Users\All Users\InstallMate\{51F02722-5F5A-4440-A6AB-17788A1305D4}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\FRST\Quarantine\DownloadManager.exe02-02-2014_21-36-04 a variant of Win32/OutBrowse.D potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\ICReinstall_Setup.exe02-02-2014_21-36-05 a variant of Win32/InstallCore.JA potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\pricepeep_1.exe02-02-2014_21-36-05 probably a variant of Win32/AdWare.PricePeep.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\setup__1995.exe02-02-2014_21-36-05 a variant of Win32/Amonetize.AD potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\toolbar262629703.exe02-02-2014_21-36-05 a variant of Win32/Amonetize.AE potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\toolbar262644468.exe02-02-2014_21-36-06 Win32/OutBrowse.C potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\toolbar262793671.exe02-02-2014_21-36-06 Win32/OutBrowse.G potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\uninstall262760625.exe02-02-2014_21-36-06 a variant of Win32/ExpressFiles.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\uninstall262771781.exe02-02-2014_21-36-06 a variant of Win32/YourFileDownloader.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\newnext.me02-02-2014_21-36-03\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\SwvUpdater02-02-2014_21-36-07\Updater.exe a variant of Win32/Amonetize.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\wrapper_inst02-02-2014_21-36-02\service.exe Win32/ChatZum.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\wrapper_inst\file_to_run.exe a variant of MSIL/Rebrand.LittleRegClean.A potentially unwanted application deleted - quarantined
C:\ProgramData\InstallMate\{51F02722-5F5A-4440-A6AB-17788A1305D4}\Custom.dll Win32/InstalleRex.L potentially unwanted application deleted - quarantined
C:\Users\Zac\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Zac\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Zac\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Zac\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Zac\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Zac\AppData\Roaming\iSafe\update\isafe_update_v3.8.20.exe a variant of Win32/ELEX.Q potentially unwanted application deleted - quarantined


Thanks again :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP