Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacking ? [Closed]

Started by FridayGirl72 , Feb 25 2014 07:25 PM

  • This topic is locked This topic is locked

#1
FridayGirl72
Posted 25 February 2014 - 07:25 PM

FridayGirl72

    New Member

  • Member
  • Pip
  • 1 posts
Issue: Apps are disappearing. Cannot access desktop except through control panel or xing out of a web page. Unable to restore to factory settings because the "PC settings" are gone. Mousepad is not working. Please help. Here are the results of my scan:

on: 2/25/2014 7:45:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Little Rhi\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 49.12% Memory free
11.92 Gb Paging File | 8.59 Gb Available in Paging File | 72.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.52 Gb Total Space | 650.31 Gb Free Space | 94.45% Space Free | Partition Type: NTFS

Computer Name: KYM | User Name: Little Rhi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/25 19:45:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Little Rhi\Downloads\OTL.exe
PRC - [2014/02/22 21:45:55 | 013,424,640 | ---- | M] () -- C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\EvernoteMetro.exe
PRC - [2014/02/20 14:16:20 | 000,134,144 | ---- | M] () -- C:\Program Files\WindowsApps\30065Kalt.Tumblrer_1.0.0.28_neutral__7hj219baknfzg\TumblrTouch.exe
PRC - [2014/02/20 04:45:41 | 004,677,632 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\ShowBiz.exe
PRC - [2014/02/19 17:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/06 06:07:30 | 000,213,824 | ---- | M] (KeyDownload) -- C:\Users\Little Rhi\AppData\Local\Temp\KDUpdSrv.exe
PRC - [2014/01/30 15:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/01/27 17:15:18 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013/10/11 11:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
PRC - [2013/10/08 03:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\nav.exe
PRC - [2013/09/11 16:05:24 | 000,296,520 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
PRC - [2013/09/03 15:53:48 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/09/03 15:53:44 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/09/03 15:53:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/12 19:06:20 | 005,545,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
PRC - [2013/08/08 18:08:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe
PRC - [2013/08/05 18:11:40 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2013/07/02 14:30:06 | 000,435,088 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/24 14:32:38 | 001,175,040 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\wx._core_.pyd
MOD - [2014/02/24 14:32:38 | 001,157,120 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\_ssl.pyd
MOD - [2014/02/24 14:32:38 | 001,062,400 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\wx._controls_.pyd
MOD - [2014/02/24 14:32:38 | 000,811,008 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\wx._windows_.pyd
MOD - [2014/02/24 14:32:38 | 000,805,888 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\wx._gdi_.pyd
MOD - [2014/02/24 14:32:38 | 000,735,232 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\wx._misc_.pyd
MOD - [2014/02/24 14:32:38 | 000,712,192 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\_hashlib.pyd
MOD - [2014/02/24 14:32:38 | 000,686,080 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\unicodedata.pyd
MOD - [2014/02/24 14:32:38 | 000,557,056 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\pysqlite2._sqlite.pyd
MOD - [2014/02/24 14:32:38 | 000,525,640 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\windows._lib_cacheinvalidation.pyd
MOD - [2014/02/24 14:32:38 | 000,364,544 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\pythoncom27.dll
MOD - [2014/02/24 14:32:38 | 000,320,512 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32com.shell.shell.pyd
MOD - [2014/02/24 14:32:38 | 000,128,512 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\_elementtree.pyd
MOD - [2014/02/24 14:32:38 | 000,127,488 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\pyexpat.pyd
MOD - [2014/02/24 14:32:38 | 000,122,368 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\wx._wizard.pyd
MOD - [2014/02/24 14:32:38 | 000,119,808 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32file.pyd
MOD - [2014/02/24 14:32:38 | 000,110,080 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\pywintypes27.dll
MOD - [2014/02/24 14:32:38 | 000,108,544 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32security.pyd
MOD - [2014/02/24 14:32:38 | 000,098,816 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32api.pyd
MOD - [2014/02/24 14:32:38 | 000,087,040 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\_ctypes.pyd
MOD - [2014/02/24 14:32:38 | 000,070,656 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\wx._html2.pyd
MOD - [2014/02/24 14:32:38 | 000,044,032 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\_socket.pyd
MOD - [2014/02/24 14:32:38 | 000,038,912 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32inet.pyd
MOD - [2014/02/24 14:32:38 | 000,035,840 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32process.pyd
MOD - [2014/02/24 14:32:38 | 000,026,624 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\_multiprocessing.pyd
MOD - [2014/02/24 14:32:38 | 000,025,600 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32pdh.pyd
MOD - [2014/02/24 14:32:38 | 000,024,064 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32pipe.pyd
MOD - [2014/02/24 14:32:38 | 000,022,528 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32ts.pyd
MOD - [2014/02/24 14:32:38 | 000,018,432 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32event.pyd
MOD - [2014/02/24 14:32:38 | 000,017,408 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32profile.pyd
MOD - [2014/02/24 14:32:38 | 000,011,264 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\win32crypt.pyd
MOD - [2014/02/24 14:32:38 | 000,010,240 | ---- | M] () -- C:\Users\LITTLE~1\AppData\Local\Temp\_MEI36762\select.pyd
MOD - [2014/02/23 18:59:37 | 000,492,032 | ---- | M] () -- C:\Users\Little Rhi\AppData\Local\Packages\30065kalt.tumblrer_7hj219baknfzg\AC\Microsoft\CLR_v4.0_32\NativeImages\TumblrTouch\ac4a476d41843db0ebe307d8fc2856d4\TumblrTouch.ni.exe
MOD - [2014/02/23 18:59:37 | 000,232,960 | ---- | M] () -- C:\Users\Little Rhi\AppData\Local\Packages\30065kalt.tumblrer_7hj219baknfzg\AC\Microsoft\CLR_v4.0_32\NativeImages\KaltToolkit\e56e72d5423dd434feb887c6a7344492\KaltToolkit.ni.dll
MOD - [2014/02/23 18:59:30 | 000,797,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\19a8d1fd6ba18245c4dde13875b6e1d3\Windows.Networking.ni.dll
MOD - [2014/02/23 18:59:29 | 000,238,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\d5b9aa521932d0e448fcec4c8a7668ee\Windows.Globalization.ni.dll
MOD - [2014/02/23 18:59:29 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Resoc6338000#\b089637020448b48cae8153ee4726ace\System.Resources.ResourceManager.ni.dll
MOD - [2014/02/23 18:59:21 | 000,337,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\f867cb52dc4fcc5ebaa80ffbd2976b3e\Windows.Data.ni.dll
MOD - [2014/02/23 18:59:21 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.caf7096d#\d85dfdb46d9f7264638c3beeaed30812\System.Net.Primitives.ni.dll
MOD - [2014/02/23 18:59:21 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IO\042586835cba6dc3b2850f9f5a9483e7\System.IO.ni.dll
MOD - [2014/02/23 18:59:20 | 000,402,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\21d8f08b1e2dec24daccbd7e4311ba45\Windows.Security.ni.dll
MOD - [2014/02/23 18:59:18 | 000,808,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\ae4e23764df4e166aae70ec4bfa75616\Windows.Storage.ni.dll
MOD - [2014/02/23 18:59:18 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\a89efd02ed532244af2618bd2258658d\Windows.System.ni.dll
MOD - [2014/02/23 18:59:13 | 001,282,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\79b45e937ef7fba97e1f8f7b3a19d4dd\Windows.Devices.ni.dll
MOD - [2014/02/23 18:59:13 | 000,304,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\2eff8e7c6866baa482762a7cf2efe1e1\Windows.Graphics.ni.dll
MOD - [2014/02/23 18:59:09 | 000,960,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\c9f5748b453ed1334d500ba0f8cd893b\Windows.UI.ni.dll
MOD - [2014/02/23 18:59:04 | 000,228,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\944bf33aded9f0e78c282767583019d9\Windows.Foundation.ni.dll
MOD - [2014/02/23 18:58:53 | 001,131,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\7afc662c6dd9522510958dd7b23baad7\Windows.ApplicationModel.ni.dll
MOD - [2014/02/23 18:58:52 | 003,536,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4946d643ed8c96ecda72bacf7b61430f\Windows.UI.Xaml.ni.dll
MOD - [2014/02/23 18:58:52 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\380573a8261d3347ae37503ddc854abf\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2014/02/23 18:58:47 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\cb94f731a1ebd6b9877cd110c0c6ed45\System.Runtime.ni.dll
MOD - [2014/02/22 21:45:56 | 000,385,536 | ---- | M] () -- C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\Sibbiheim.Cacsade.dll
MOD - [2014/02/22 21:45:56 | 000,299,520 | ---- | M] () -- C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\LibTidy.dll
MOD - [2014/02/22 21:45:55 | 013,424,640 | ---- | M] () -- C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\EvernoteMetro.exe
MOD - [2014/02/22 21:45:55 | 000,545,280 | ---- | M] () -- C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\LibSQLite.dll
MOD - [2014/02/22 21:45:55 | 000,204,800 | ---- | M] () -- C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\LibPCRE.dll
MOD - [2014/02/22 11:03:47 | 007,803,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fd6afdb3a9309e9af89222b778f5901c\System.Xml.ni.dll
MOD - [2014/02/22 11:03:47 | 000,392,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c0c0e8347d2f99c161b132ce8edb2446\System.Xml.Linq.ni.dll
MOD - [2014/02/22 11:03:10 | 000,573,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\e209e80a78aee1367c92f1dd884d8f58\System.Runtime.WindowsRuntime.ni.dll
MOD - [2014/02/22 11:03:10 | 000,098,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\00fd6b9fc7353b024079f65164bdc73f\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2014/02/22 11:03:05 | 000,522,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\becf66dbff1a8c85940d9efe3d33d625\System.Net.Http.ni.dll
MOD - [2014/02/22 11:02:57 | 000,968,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\9ab0202718d44c5bfe5120745304808a\System.Configuration.ni.dll
MOD - [2014/02/22 11:02:22 | 006,951,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ab8978239d891c4afffd6a6df3996a6e\System.Core.ni.dll
MOD - [2014/02/22 11:02:15 | 010,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8455c031f8ffe82a0109c563873260e8\System.ni.dll
MOD - [2014/02/20 14:16:20 | 000,134,144 | ---- | M] () -- C:\Program Files\WindowsApps\30065Kalt.Tumblrer_1.0.0.28_neutral__7hj219baknfzg\TumblrTouch.exe
MOD - [2014/02/20 04:46:12 | 006,278,144 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\VEDEngine.dll
MOD - [2014/02/20 04:46:08 | 000,185,344 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\VedCommonLib.dll
MOD - [2014/02/20 04:45:42 | 001,485,824 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\StoryboardDll.dll
MOD - [2014/02/20 04:45:41 | 004,677,632 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\ShowBiz.exe
MOD - [2014/02/20 04:45:41 | 000,207,872 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\SketchPad.dll
MOD - [2014/02/20 04:45:41 | 000,026,112 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\ShowbizEvent.dll
MOD - [2014/02/20 04:45:39 | 001,063,424 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\ResizeLib.dll
MOD - [2014/02/20 04:45:38 | 000,393,216 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\PreviewDll.dll
MOD - [2014/02/20 04:45:38 | 000,305,664 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\MediaInfo.dll
MOD - [2014/02/20 04:45:38 | 000,026,624 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\LocalizationResClassLibrary.dll
MOD - [2014/02/20 04:45:27 | 000,441,344 | ---- | M] () -- C:\Program Files\WindowsApps\A6B6C710.ArcSoftShowBiz_1.7.5.1104_x86__yf4gd00d4hswa\GoogleAnalytics.dll
MOD - [2014/02/19 17:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 17:03:04 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
MOD - [2014/02/19 17:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 17:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 17:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 17:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 17:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2013/12/02 16:37:02 | 017,376,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ebdd49343f711b2029293f8e621b28a2\mscorlib.ni.dll
MOD - [2013/08/08 18:08:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe
MOD - [2012/07/23 18:33:36 | 000,229,376 | ---- | M] () -- C:\Windows\SysWOW64\ustor.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/27 07:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 01:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/22 20:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/07 19:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/21 17:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/04 13:58:12 | 000,101,192 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2013/10/04 00:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/20 21:38:15 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/20 21:34:45 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/08/31 02:00:10 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/23 11:02:40 | 003,667,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/08/23 11:02:18 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/08/23 11:02:04 | 000,631,024 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/08/23 11:01:36 | 000,154,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/08/22 04:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 04:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 03:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 03:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 03:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 03:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 03:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 02:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 02:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 02:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 01:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 01:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 01:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 01:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 01:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 01:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 01:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/12 19:06:34 | 000,198,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2013/08/09 17:18:58 | 000,328,544 | ---- | M] (Toshiba Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2013/07/31 12:15:06 | 000,053,864 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/02/06 06:07:30 | 000,213,824 | ---- | M] (KeyDownload) [Auto | Running] -- C:\Users\Little Rhi\AppData\Local\Temp\KDUpdSrv.exe -- (KDUpdater)
SRV - [2014/01/27 17:15:18 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/11 11:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe -- (NAT)
SRV - [2013/10/08 03:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe -- (NAV)
SRV - [2013/09/10 12:54:38 | 000,019,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe -- (dts_apo_service)
SRV - [2013/09/03 15:53:48 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/03 15:53:44 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/09/03 15:53:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/31 10:03:42 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/31 01:25:30 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 19:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 18:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/07/02 14:30:06 | 000,435,088 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe -- (DACoreService)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/01/04 01:44:54 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/01/04 01:32:30 | 000,020,312 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2013/11/10 18:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/09 03:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/01 03:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/11/01 03:22:28 | 000,027,032 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2013/10/30 16:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/25 17:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/12 18:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 07:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/10/04 13:58:16 | 000,377,672 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013/09/26 19:18:30 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 18:26:03 | 000,858,200 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 22:52:42 | 003,589,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwbw02.sys -- (NETwNb64)
DRV:64bit: - [2013/09/25 19:28:00 | 000,590,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 18:50:25 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/09/21 04:10:51 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/17 01:18:30 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/14 06:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/03 15:53:44 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/29 12:37:48 | 000,117,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)
DRV:64bit: - [2013/08/28 14:13:36 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/27 04:41:16 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/08/27 04:37:34 | 004,166,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/22 14:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 14:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 11:12:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 11:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 04:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 04:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 04:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 04:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 04:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 04:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 04:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 03:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 03:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 03:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 03:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 03:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 03:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 03:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 03:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 03:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 03:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/19 12:32:10 | 000,032,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2013/08/15 01:13:32 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/08 18:06:40 | 000,021,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2013/08/08 18:06:40 | 000,021,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2013/08/07 18:01:32 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2013/08/07 18:01:24 | 000,029,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\INETMON.sys -- (INETMON)
DRV:64bit: - [2013/08/07 10:29:24 | 000,023,368 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETDSMBus.sys -- (ETDSMBus)
DRV:64bit: - [2013/08/01 14:34:10 | 000,035,672 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2013/07/31 19:20:01 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\symelam.sys -- (SymELAM)
DRV:64bit: - [2013/07/31 19:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\symds64.sys -- (SymDS)
DRV:64bit: - [2013/07/30 20:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/07/30 19:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/29 09:24:22 | 000,150,104 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NATx64\010A000.009\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2013/07/25 23:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 06:45:43 | 004,649,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64)
DRV:64bit: - [2012/07/25 00:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2014/02/19 17:35:52 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20140224.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/02/19 07:19:50 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20140225.002\ex64.sys -- (NAVEX15)
DRV - [2014/02/19 07:19:50 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/02/19 07:19:50 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/02/19 07:19:50 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20140225.002\eng64.sys -- (NAVENG)
DRV - [2014/02/14 22:20:24 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20140214.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0DBD30E1-51D1-495B-B7E6-421594D04FE8}
IE:64bit: - HKLM\..\SearchScopes\{0DBD30E1-51D1-495B-B7E6-421594D04FE8}: "URL" = http://www.bing.com/...=IE11TR&pc=TNJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
IE - HKLM\..\SearchScopes,DefaultScope = {0DBD30E1-51D1-495B-B7E6-421594D04FE8}
IE - HKLM\..\SearchScopes\{0DBD30E1-51D1-495B-B7E6-421594D04FE8}: "URL" = http://www.bing.com/...=IE11TR&pc=TNJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = 20B1141276CB4D218F51F6074F523033
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\20B1141276CB4D218F51F6074F523033: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BEE7841B-3C8B-46ea-AFE9-8461458BB2C1}: C:\PROGRAM FILES\KEYPLAYER CLASSIC\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BEE7841B-3C8B-46ea-AFE9-8461458BB2C1}: C:\Program Files\Keyplayer Classic\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.0.100\IPSFF [2014/02/19 21:00:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language},
CHR - homepage: http://www.bing.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Little Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Little Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Little Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Little Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Little Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Little Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 05:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSSSrv] C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [TSVU] c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe (TOSHIBA)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA52F8ED-DE28-496E-A21D-B1F14ADB7265}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/02/22 21:05:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/25 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\PlayFirst
[2014/02/24 18:55:20 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\Blackboard
[2014/02/24 18:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/24 18:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/24 18:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/23 18:25:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/02/22 21:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/02/22 21:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/02/21 23:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
[2014/02/21 19:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/02/20 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Diagnostics
[2014/02/20 15:15:55 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\SkyDrive
[2014/02/20 14:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/02/20 14:12:11 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\WildTangent
[2014/02/19 23:02:38 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\WeatherAlerts
[2014/02/19 15:47:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2014/02/19 15:47:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2014/02/19 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\CrashDumps
[2014/02/19 09:23:30 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\SkyDrive.old
[2014/02/19 09:10:44 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Adobe
[2014/02/19 09:08:53 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\vlc
[2014/02/19 08:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/19 08:35:01 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Deployment
[2014/02/19 08:35:01 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Apps
[2014/02/19 08:17:43 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Programs
[2014/02/19 08:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ZalmanInstaller_5343
[2014/02/19 08:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/02/19 08:05:25 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\Real
[2014/02/19 08:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
[2014/02/19 08:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhapsody
[2014/02/19 07:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/02/19 07:41:45 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\Nuance
[2014/02/19 07:25:28 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Google Drive
[2014/02/19 07:07:41 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\Macromedia
[2014/02/19 06:56:47 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Google
[2014/02/19 06:50:59 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\TOSHIBA
[2014/02/19 06:50:08 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/02/19 06:50:08 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Searches
[2014/02/19 06:50:08 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/02/19 06:50:07 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Contacts
[2014/02/19 06:50:07 | 000,000,000 | -H-D | C] -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/02/19 06:50:00 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Packages
[2014/02/19 06:50:00 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\Adobe
[2014/02/19 06:49:59 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\VirtualStore
[2014/02/19 06:49:49 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\WinBatch
[2014/02/19 06:49:28 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\Intel
[2014/02/19 06:49:24 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\AppData\Local\Temporary Internet Files
[2014/02/19 06:49:24 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Templates
[2014/02/19 06:49:24 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Start Menu
[2014/02/19 06:49:24 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Local Settings
[2014/02/19 06:49:24 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\AppData\Local\History
[2014/02/19 06:49:24 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Cookies
[2014/02/19 06:49:24 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\AppData\Local\Application Data
[2014/02/19 06:49:23 | 000,000,000 | --SD | C] -- C:\Users\Little Rhi\AppData\Roaming\Microsoft
[2014/02/19 06:49:23 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/02/19 06:49:23 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Favorites
[2014/02/19 06:49:23 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Downloads
[2014/02/19 06:49:23 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Documents
[2014/02/19 06:49:23 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Desktop
[2014/02/19 06:49:23 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/02/19 06:49:23 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\SendTo
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Recent
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\PrintHood
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\NetHood
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Documents\My Videos
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Documents\My Pictures
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Documents\My Music
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\My Documents
[2014/02/19 06:49:23 | 000,000,000 | -HSD | C] -- C:\Users\Little Rhi\Application Data
[2014/02/19 06:49:23 | 000,000,000 | -H-D | C] -- C:\Users\Little Rhi\AppData
[2014/02/19 06:49:23 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Temp
[2014/02/19 06:49:23 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Local\Microsoft
[2014/02/19 06:49:23 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/02/19 06:49:22 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Videos
[2014/02/19 06:49:22 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Saved Games
[2014/02/19 06:49:22 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Pictures
[2014/02/19 06:49:22 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Music
[2014/02/19 06:49:22 | 000,000,000 | R--D | C] -- C:\Users\Little Rhi\Links
[2014/02/19 06:49:22 | 000,000,000 | ---D | C] -- C:\Users\Little Rhi\Roaming
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/25 19:47:00 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\FF Watcher {A0DBE760-7180-4BCE-AC21-C9E90E26218F}.job
[2014/02/25 19:40:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/25 19:24:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/25 13:30:51 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2014/02/24 14:33:15 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/24 14:33:13 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/23 18:30:39 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/23 18:30:39 | 000,731,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/23 18:30:39 | 000,135,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/23 18:25:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/02/23 18:25:35 | 750,367,511 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/02/23 18:25:34 | 788,402,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/22 21:45:02 | 002,078,590 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\Cat.DB
[2014/02/22 21:40:41 | 000,000,123 | ---- | M] () -- C:\Users\Little Rhi\Desktop\Florida Virtual.url
[2014/02/22 21:05:23 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/02/22 20:41:23 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/02/22 11:04:54 | 000,001,106 | ---- | M] () -- C:\Users\Little Rhi\Desktop\Photography.lnk
[2014/02/21 23:57:13 | 000,335,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/19 23:03:24 | 000,000,000 | ---- | M] () -- C:\END
[2014/02/19 15:53:20 | 000,000,208 | ---- | M] () -- C:\Users\Little Rhi\Desktop\Soundcloud.url
[2014/02/19 09:25:35 | 000,002,314 | ---- | M] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 08:05:17 | 000,000,988 | ---- | M] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2014/02/19 08:05:17 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2014/02/19 08:03:20 | 000,000,013 | RHS- | M] () -- C:\Windows\SysNative\drivers\fbd.sys
[2014/02/19 07:25:29 | 000,001,711 | ---- | M] () -- C:\Users\Little Rhi\Desktop\Google Drive.lnk
[2014/02/19 07:07:34 | 000,001,451 | ---- | M] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/19 06:55:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/02/19 06:53:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/01/31 18:13:36 | 000,028,778 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\VT20140131.024
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/23 18:25:35 | 750,367,511 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/02/23 12:31:20 | 000,002,191 | R-S- | C] () -- C:\Users\Little Rhi\Desktop\Windows Store.lnk
[2014/02/22 21:40:05 | 000,000,123 | ---- | C] () -- C:\Users\Little Rhi\Desktop\Florida Virtual.url
[2014/02/22 21:05:23 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/02/22 20:41:23 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/02/21 18:48:37 | 000,138,240 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2014/02/21 18:48:37 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/02/21 18:47:04 | 000,009,701 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-results.searchconnector-ms
[2014/02/21 18:47:04 | 000,009,701 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-results.searchconnector-ms
[2014/02/21 18:31:43 | 000,385,614 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/02/20 14:12:19 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2014/02/19 23:02:07 | 000,000,000 | ---- | C] () -- C:\END
[2014/02/19 15:52:59 | 000,000,208 | ---- | C] () -- C:\Users\Little Rhi\Desktop\Soundcloud.url
[2014/02/19 08:36:50 | 000,002,314 | ---- | C] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 08:36:50 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/19 08:17:51 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\FF Watcher {A0DBE760-7180-4BCE-AC21-C9E90E26218F}.job
[2014/02/19 08:05:17 | 000,000,988 | ---- | C] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2014/02/19 08:05:17 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2014/02/19 08:03:20 | 000,000,013 | RHS- | C] () -- C:\Windows\SysNative\drivers\fbd.sys
[2014/02/19 07:25:29 | 000,001,711 | ---- | C] () -- C:\Users\Little Rhi\Desktop\Google Drive.lnk
[2014/02/19 07:23:56 | 000,001,106 | ---- | C] () -- C:\Users\Little Rhi\Desktop\Photography.lnk
[2014/02/19 07:07:33 | 000,001,451 | ---- | C] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/19 06:55:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/02/19 06:53:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/02/19 06:50:00 | 000,001,457 | ---- | C] () -- C:\Users\Little Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/02/19 06:49:23 | 000,000,352 | ---- | C] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/02/19 06:49:23 | 000,000,334 | ---- | C] () -- C:\Users\Little Rhi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/02/19 06:36:55 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2014/02/19 06:36:52 | 788,402,175 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/04 01:50:13 | 000,301,799 | ---- | C] () -- C:\Windows\ROnce.exe
[2014/01/04 01:31:51 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\ustor.dll
[2014/01/04 01:31:51 | 000,172,097 | ---- | C] () -- C:\Windows\SysWow64\NoMSGuninstall.exe
[2014/01/04 01:31:51 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\UMonit64.exe
[2014/01/04 01:31:51 | 000,001,519 | ---- | C] () -- C:\Windows\SysWow64\_IconCfg0.ini
[2014/01/04 01:31:51 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\ProductName.ini
[2014/01/04 01:31:51 | 000,000,213 | ---- | C] () -- C:\Windows\SysWow64\IconCfg0.ini
[2014/01/04 01:24:53 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/09/15 20:54:43 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/09/15 20:54:42 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/09/15 20:54:42 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/22 07:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 07:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 06:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 19:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/05/11 17:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014/02/19 08:14:13 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 03:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 00:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 01:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 18:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 01:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/24 18:56:51 | 000,000,000 | ---D | M] -- C:\Users\Little Rhi\AppData\Roaming\Blackboard
[2014/02/19 07:41:45 | 000,000,000 | ---D | M] -- C:\Users\Little Rhi\AppData\Roaming\Nuance
[2014/02/25 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\Little Rhi\AppData\Roaming\PlayFirst
[2014/02/24 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Little Rhi\AppData\Roaming\WildTangent
[2014/02/19 06:49:49 | 000,000,000 | ---D | M] -- C:\Users\Little Rhi\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Users\Little Rhi\SkyDrive:ms-properties
@Alternate Data Stream - 199 bytes -> C:\Users\Little Rhi\SkyDrive.old:ms-properties

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 26 February 2014 - 12:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello FridayGirl72 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Please note that we will make sure to clean every infection we can find but I can't guaranty that will solve your problem. Sometimes this kind of problems are system problems.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply



Step 2

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
maliprog
Posted 04 March 2014 - 11:59 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP