Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popup Malware on my computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popup Malware on my computer

Unread postby mwizz » June 8th, 2013, 4:35 am

Hi, I have popup malware on my computer and hoping that someone can help me.

DDS log followed by Attach log below

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Mark at 18:01:47 on 2013-06-08
Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.16324.14061 [GMT 9.5:30]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\ProgramData\eSafe\eGdpSvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/inde ... 51AC69F814
uDefault_Page_URL = hxxp://www.portaldosites.com/?utm_sourc ... 1369913946
mStart Page = hxxp://www.portaldosites.com/?utm_sourc ... 1369913946
mDefault_Page_URL = hxxp://www.portaldosites.com/?utm_sourc ... 1369913946
mWinlogon: Userinit = userinit.exe
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} -
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Lyrics Kid: {BA146CF5-1875-4EA8-AAEA-A90142FC2EC9} - C:\Program Files (x86)\LyricsKid\lkid.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Desk 365] "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4DAEF880-29E2-4B5A-AF4F-F345B1B8CFF6} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4DAEF880-29E2-4B5A-AF4F-F345B1B8CFF6}\24967605F6E646535383430303 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{D89C42DA-19E8-4186-AE96-88F8206B9154} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.portaldosites.com/?utm_sourc ... 1369913946
x64-mDefault_Page_URL = hxxp://www.portaldosites.com/?utm_sourc ... 1369913946
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bntj1sm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.adelaidenow.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-06-01 13:33; lyricskid@mpytsoft.net; C:\Program Files (x86)\LyricsKid\FF
FF - ExtSQL: 2013-06-01 13:34; c0a5ee61-5128-44f7-bb3c-75c72f490e65@e6 ... 24effe.com; C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bntj1sm8.default\extensions\c0a5ee61-5128-44f7-bb3c-75c72f490e65@e6843b55-5d21-4d81-af7f-d9570b24effe.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\windows\System32\Drivers\gfibto.sys [2013-6-3 14456]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-8-3 645952]
R1 avkmgr;avkmgr;C:\windows\System32\Drivers\avkmgr.sys [2013-5-31 28600]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-12 92536]
R1 ElRawDisk;ElRawDisk;C:\windows\System32\Drivers\ElRawDsk.sys [2013-6-2 30752]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-5-31 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-5-31 110816]
R2 avgntflt;avgntflt;C:\windows\System32\Drivers\avgntflt.sys [2013-5-31 100712]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2012-7-27 2252600]
R2 eSafeSvc;eSafe Service;C:\ProgramData\eSafe\eGdpSvc.exe [2013-5-30 360512]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-16 85504]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-8-30 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-12 128896]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-6-2 1070080]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-12 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-5 701512]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-5-29 1872568]
R2 PDFsFilter;PDFsFilter;C:\windows\System32\Drivers\PDFsFilter.sys [2013-6-2 82160]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-2 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-12 364416]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2012-7-27 164152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2012-9-12 156472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2012-9-12 40248]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-6-27 110744]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-6-5 25928]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/09/11 15:38:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-17 243728]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-06-05 11:38:46 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes
2013-06-05 11:38:33 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-06-05 11:38:33 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-05 11:38:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-05 11:38:17 -------- d-----w- C:\Users\Mark\AppData\Local\Programs
2013-06-05 11:25:17 222384 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10205.bin
2013-06-03 10:15:27 -------- d-----w- C:\Users\Mark\AppData\Roaming\LavasoftStatistics
2013-06-03 10:15:27 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-06-03 10:06:02 -------- d-----w- C:\Users\Mark\AppData\Local\adawarebp
2013-06-03 10:04:05 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-03 10:04:00 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-06-03 10:03:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-06-03 10:02:32 47496 ----a-w- C:\windows\System32\sbbd.exe
2013-06-03 10:02:32 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys
2013-06-03 10:02:31 -------- d-----w- C:\Users\Mark\AppData\Roaming\Ad-Aware Antivirus
2013-06-02 11:20:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-02 11:20:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-02 05:09:53 82160 ----a-w- C:\windows\System32\drivers\PDFsFilter.sys
2013-06-02 05:09:53 69000 ----a-w- C:\windows\System32\offreg.dll
2013-06-02 05:09:53 57584 ----a-w- C:\windows\System32\iolobtdfg.exe
2013-06-02 05:09:53 56200 ----a-w- C:\windows\SysWow64\offreg.dll
2013-06-02 05:09:53 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2013-06-02 05:09:53 26184 ----a-w- C:\windows\System32\smrgdf.exe
2013-06-02 05:09:53 2155688 ----a-w- C:\windows\System32\Incinerator64.dll
2013-06-02 05:09:53 2097472 ----a-w- C:\windows\SysWow64\Incinerator32.dll
2013-06-02 05:09:52 -------- d-----w- C:\Program Files (x86)\iolo
2013-06-02 04:37:26 30752 ----a-w- C:\windows\System32\drivers\ElRawDsk.sys
2013-06-02 04:36:52 74703 ----a-w- C:\windows\SysWow64\mfc45.dat
2013-06-02 04:36:52 -------- d-----w- C:\Users\Mark\AppData\Roaming\iolo
2013-06-02 04:36:52 -------- d-----w- C:\ProgramData\iolo
2013-06-01 04:14:48 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-06-01 04:14:01 -------- d-----w- C:\ProgramData\PC Optimizer Pro
2013-06-01 04:04:21 -------- d-----w- C:\Program Files (x86)\GVU Technologies
2013-06-01 04:04:00 -------- d-----w- C:\Program Files\PC Optimizer Pro
2013-06-01 04:03:57 -------- d-----w- C:\Program Files (x86)\LyricsKid
2013-05-31 12:53:57 -------- d-----w- C:\Users\Mark\AppData\Local\Macromedia
2013-05-31 12:21:20 87392 ----a-w- C:\windows\twain.dll
2013-05-31 12:19:52 306688 ----a-w- C:\windows\IsUninst.exe
2013-05-31 12:13:22 -------- d-----w- C:\Users\Mark\AppData\Local\Adobe
2013-05-31 11:25:21 -------- d-----w- C:\Users\Mark\AppData\Roaming\Avira
2013-05-31 11:23:30 83160 ----a-w- C:\windows\System32\drivers\avnetflt.sys
2013-05-31 11:20:04 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2013-05-31 11:20:04 100712 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2013-05-31 11:20:04 -------- d-----w- C:\ProgramData\Avira
2013-05-31 11:20:04 -------- d-----w- C:\Program Files (x86)\Avira
2013-05-31 08:29:57 929792 ----a-w- C:\windows\SysWow64\mfnetsrc.dll
2013-05-31 08:29:57 677888 ----a-w- C:\windows\System32\mfnetcore.dll
2013-05-31 08:29:57 673280 ----a-w- C:\windows\System32\mfmpeg2srcsnk.dll
2013-05-31 08:29:57 568832 ----a-w- C:\windows\SysWow64\mfnetcore.dll
2013-05-31 08:29:57 513024 ----a-w- C:\windows\SysWow64\mfmpeg2srcsnk.dll
2013-05-31 08:29:57 1172992 ----a-w- C:\windows\System32\mfnetsrc.dll
2013-05-31 08:29:48 82944 ----a-w- C:\windows\SysWow64\dskquota.dll
2013-05-31 08:29:48 109568 ----a-w- C:\windows\System32\dskquota.dll
2013-05-30 12:08:01 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-05-30 12:08:01 2206208 ----a-w- C:\windows\System32\dwmcore.dll
2013-05-30 12:08:00 2380944 ----a-w- C:\windows\explorer.exe
2013-05-30 12:08:00 2115952 ----a-w- C:\windows\SysWow64\explorer.exe
2013-05-30 12:08:00 1841152 ----a-w- C:\windows\SysWow64\dwmcore.dll
2013-05-30 12:08:00 1395712 ----a-w- C:\windows\System32\Windows.UI.Immersive.dll
2013-05-30 12:02:51 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
2013-05-30 12:01:27 11459584 ----a-w- C:\windows\System32\glcndFilter.dll
2013-05-30 12:00:56 68608 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-30 11:59:59 93696 ----a-w- C:\windows\System32\psmsrv.dll
2013-05-30 11:51:25 -------- d-----w- C:\Users\Mark\AppData\Local\Apple Computer
2013-05-30 11:51:21 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2013-05-30 11:51:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-30 11:51:14 -------- d-----w- C:\Program Files\iTunes
2013-05-30 11:51:14 -------- d-----w- C:\Program Files\iPod
2013-05-30 11:51:14 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-30 11:51:10 -------- d-----w- C:\Users\Mark\AppData\Local\Apple
2013-05-30 11:41:28 69632 ----a-r- C:\Users\Mark\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
2013-05-30 11:41:28 49152 ----a-r- C:\Users\Mark\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-05-30 11:41:27 -------- d-----w- C:\Users\Mark\AppData\Local\Downloaded Installations
2013-05-30 11:38:33 -------- d-----w- C:\Users\Mark\AppData\Roaming\eIntaller
2013-05-30 11:38:33 -------- d-----w- C:\ProgramData\Tarma Installer
2013-05-30 09:21:19 -------- d-----w- C:\Users\Mark\AppData\Local\Google
2013-05-30 09:21:09 -------- d-----w- C:\Users\Mark\AppData\Local\Deployment
2013-05-30 09:21:09 -------- d-----w- C:\Users\Mark\AppData\Local\Apps
2013-05-30 09:08:42 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-05-30 09:08:39 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-29 13:30:53 -------- d-----w- C:\Users\Mark\AppData\Local\Hewlett-Packard
2013-05-29 13:16:52 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-29 13:16:52 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-29 13:07:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-05-29 12:33:10 563920 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-29 12:32:11 -------- d-----w- C:\Program Files\Microsoft Office 15
2013-05-29 12:20:06 13648384 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-05-29 12:19:59 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe
2013-05-29 12:16:55 94208 ----a-w- C:\windows\System32\synceng.dll
2013-05-29 12:15:42 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-29 12:15:18 148480 ----a-w- C:\windows\System32\poqexec.exe
2013-05-29 12:15:18 144384 ----a-w- C:\windows\System32\tssdisai.dll
2013-05-29 12:15:18 135680 ----a-w- C:\windows\System32\appserverai.dll
2013-05-29 12:15:18 132608 ----a-w- C:\windows\SysWow64\poqexec.exe
2013-05-29 12:15:18 126976 ----a-w- C:\windows\System32\RDWebAI.dll
2013-05-29 12:15:18 122880 ----a-w- C:\windows\System32\VmHostAI.dll
2013-05-29 12:13:59 96256 ----a-w- C:\windows\System32\fontsub.dll
2013-05-29 12:08:46 -------- d-----w- C:\Users\Mark\AppData\Local\Broadcom
2013-05-29 12:08:43 -------- d-----w- C:\Users\Mark\AppData\Local\Power2Go8
2013-05-29 12:08:21 -------- d-----r- C:\Users\Mark\Searches
2013-05-29 12:08:21 -------- d-----r- C:\Users\Mark\Contacts
2013-05-29 12:07:36 -------- d-----w- C:\Users\Mark\AppData\Local\assembly
.
==================== Find3M ====================
.
2013-05-07 20:07:50 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-04-09 23:17:44 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe
2013-04-09 05:27:43 284424 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\windows\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe
2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\windows\System32\twinui.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll
2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll
2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45 281088 ----a-w- C:\windows\System32\mfreadwrite.dll
2013-04-09 04:49:36 817152 ----a-w- C:\windows\System32\kerberos.dll
2013-04-09 04:49:33 210432 ----a-w- C:\windows\System32\iuilp.dll
2013-04-09 04:49:16 50176 ----a-w- C:\windows\System32\fmifs.dll
2013-04-09 04:49:16 231936 ----a-w- C:\windows\System32\fhengine.dll
2013-04-09 04:49:09 172544 ----a-w- C:\windows\System32\dwmredir.dll
2013-04-09 04:49:06 196096 ----a-w- C:\windows\System32\dmvdsitf.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\windows\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\windows\System32\audiosrv.dll
2013-04-09 04:48:42 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34 419840 ----a-w- C:\windows\System32\intl.cpl
2013-04-09 02:35:13 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05 623104 ----a-w- C:\windows\System32\drivers\srv2.sys
2013-04-09 02:32:02 805376 ----a-w- C:\windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2013-04-09 02:31:01 83456 ----a-w- C:\windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25 123880 ----a-w- C:\windows\SysWow64\wscapi.dll
2013-04-08 23:39:14 1408896 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16 171008 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16 106496 ----a-w- C:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17 503080 ----a-w- C:\windows\System32\ci.dll
2013-03-30 18:16:05 1403784 ----a-w- C:\windows\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\windows\System32\winload.exe
2013-03-28 22:09:09 1093880 ----a-w- C:\windows\System32\winresume.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\windows\System32\winresume.efi
2013-03-22 03:49:55 2382336 ----a-w- C:\windows\SysWow64\esent.dll
2013-03-21 22:47:13 2851840 ----a-w- C:\windows\System32\esent.dll
2013-03-15 22:05:34 298456 ----a-w- C:\windows\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\windows\SysWow64\rsaenh.dll
2013-03-15 00:17:18 861184 ----a-w- C:\windows\System32\drivers\http.sys
.
============= FINISH: 18:02:00.58 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 29/05/2013 9:32:31 PM
System Uptime: 7/06/2013 5:35:19 PM (25 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AD5
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 2774 GiB total, 2680.604 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.425 GiB free.
E: is Removable
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 92.195 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 2/06/2013 2:04:36 PM - Removed Free YouTube Downloader Converter
.
==== Installed Programs ======================
.
4 Elements II
7 Wonders II
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Aloha TriPeaks
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bejeweled 3
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom Bluetooth Software
Build-a-lot 4 - Power Source
Chuzzle Deluxe
Cradle of Rome 2
Crazy Chicken Soccer
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
Energy Star
eSafe Security Control 1.0.0.2359
Farm Frenzy
Final Drive Fury
FlatOut 2
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
GVU Technologies
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Connected Remote
HP Customer Experience Enhancements
HP Games
HP Keyboard
HP Postscript Converter
HP Registration Service
HP Support Information
IDT Audio
Intel(R) Management Engine Components
Intel® Trusted Connect Service Client
iolo technologies' System Mechanic
iTunes
Jewel Match 3
John Deere Drive Green
Letters from Nowhere 2
Luxor Evolved
Lyrics Kid
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2013 - en-us
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NVIDIA Control Panel 305.29
NVIDIA Graphics Driver 305.29
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0613
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Qtrax Player
Recovery Manager
Roads of Rome 3
Spybot - Search & Destroy
The Treasures of Mystery Island: The Ghost Ship
Trinklit Supreme
Update Installer for WildTangent Games App
VLC media player 2.0.6
WebCake 3.00
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/06/2013 9:04:10 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
7/06/2013 5:35:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 126
3/06/2013 7:47:58 PM, Error: Service Control Manager [7034] - The WebCake Desktop Updater service terminated unexpectedly. It has done this 1 time(s).
3/06/2013 7:20:53 PM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).
2/06/2013 11:36:31 PM, Error: Service Control Manager [7034] - The Desk 365 service service terminated unexpectedly. It has done this 1 time(s).
1/06/2013 1:34:17 PM, Error: Service Control Manager [7030] - The YouTubeDownloaderConverter service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am
Advertisement
Register to Remove

Re: Popup Malware on my computer

Unread postby wannabeageek » June 9th, 2013, 12:41 pm

Hello mwizz, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby wannabeageek » June 9th, 2013, 11:52 pm

Hi mwizz,

Please let me know what this computer is used for and in particular what the following programs are used for:
eSafe Security Control 1.0.0.2359
GVU Technologies



codecheck
  • Please download codecheck from here and save it to your Desktop.
  • Right-click codecheck.exe > select " Run as administrator "
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.


Please include in your next reply:
  1. Answer to my question on programs and computer usage.
  2. Contents of codecheck.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby mwizz » June 10th, 2013, 2:23 am

Hi wbg, the computer is a home computer for personal use.

I am not sure about eSafe Security Control as I don't remember putting it on but may have when I was looking for some malware protection.

In respect to GVU Technologies - I recently looked for a Youtube converter and think that this is one that I used.

Contents of codecheck.txt below

Codecheck Version 1.0

06010

No problems with executing instructions.

mwizz
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby wannabeageek » June 12th, 2013, 12:53 am

Hi mwizz,

Please comply with the following:
Depending upon the length of the logs, you may have to make more than one post.

Step 1.
Multiple Antivirus Programs
You are running more than 1 Antivirus program!
Lavasoft Ad-Aware
Avira Desktop
Running - more than one - antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.
I strongly suggest you uninstall one of them. Which one, is your decision.
Please see the instructions in Step 2 for uninstalling.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}


Step 2.
Uninstall Programs
I need you to uninstall some program(s).
  1. From the start menu or the desktop drag the mouse cursor to the bottom right corner of your screen.
  2. When the side menu pops out, select Settings.
  3. From the settings menu select Control Panel
  4. Under the bottom left column programs select Uninstall a program.
    • Locate the following program(s):
      The AV program you do not want.
      Webcake 3.0
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.


Step 3.
Junkware Removal Tool Image
Instructions are written for Internet Explorer.
Please download jrt.exe ... by thisisu and save it to your desktop. Alternate download here.
When you click on the link a menu will appear at the bottom of the browser page.
  1. From the delta arrow next to the save button, select "Save as".
  2. From the "Save As" window select "Desktop" Then click on Save.
  3. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  4. Run the tool by right-mouse clicking it and select Run as Administrator. If prompted by UAC, please allow it.
  5. The tool will open and start scanning your system.
  6. Please be patient as this can take a while to complete depending on your system's specifications.
  7. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  8. Please post the contents of JRT.txt into your next reply.


Step 4.
OTL
Instructions are written for Internet Explorer.
Please download OTL ... by Old Timer.
When you click on the link a menu will appear at the bottom of the browser page.
  1. From the delta arrow next to the save button, select "Save as".
  2. From the "Save As" window select "Desktop" Then click on Save.
  3. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  4. Click the Scan All Users checkbox.
  5. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  6. Click on Run Scan at the top left hand corner.
  7. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  8. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Contents of JRT.txt log.
  2. Contents of OTL.txt log.
  3. Contents of Extras.txt.
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby mwizz » June 12th, 2013, 6:14 am

JRT.txt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Mark on Wed 12/06/2013 at 19:30:11.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\adawarebp"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml"
Successfully deleted: [File] C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\bntj1sm8.default\user.js
Successfully deleted the following from C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\bntj1sm8.default\prefs.js

user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.backgroundjs", "\n\n/****************************************************
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.js", "\n\n /************************************************************
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.ac0a5ee61512844f7bb3c75c72f490e65e6843b555d214d81af7fd9570b24effecom30996.30996.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossrider.bic", "13efde890767820f9b7a76cd4a6ee852");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/06/2013 at 19:32:06.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 12th, 2013, 6:18 am

OTL log part 1

OTL logfile created on: 12/06/2013 7:36:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

15.94 Gb Total Physical Memory | 12.32 Gb Available Physical Memory | 77.30% Memory free
18.19 Gb Paging File | 13.99 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 2773.64 Gb Total Space | 2678.87 Gb Free Space | 96.58% Space Free | Partition Type: NTFS
Drive D: | 19.40 Gb Total Space | 2.42 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 92.16 Gb Free Space | 19.79% Space Free | Partition Type: NTFS

Computer Name: STUDYPC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 19:34:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2013/06/12 03:40:07 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/31 20:48:11 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/05/31 20:45:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/31 20:45:46 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/05/30 21:09:39 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013/05/30 18:51:22 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/12 07:56:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/17 23:41:44 | 001,070,080 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/07/18 18:21:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 18:20:08 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 18:16:54 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 18:15:15 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/14 06:25:12 | 002,101,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
PRC - [2012/06/08 13:04:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/12/15 06:28:36 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
PRC - [2010/07/24 03:18:06 | 000,557,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/12 03:40:07 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/12 07:56:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/09 04:04:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 13:04:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2009/02/20 09:52:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/19 21:08:10 | 001,872,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/04/09 14:18:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 12:15:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 12:15:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/02/02 17:51:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/29 11:27:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/10 08:53:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 08:52:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 18:40:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 16:01:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 16:00:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/10 18:04:09 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/07/30 17:07:00 | 000,953,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/07/27 03:09:28 | 002,252,600 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2012/07/26 13:00:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 12:37:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 12:37:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 12:37:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 12:37:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 12:36:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 12:36:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 12:36:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 12:35:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 12:35:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 12:35:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 12:35:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 12:35:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/21 06:46:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/06/12 03:40:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/31 20:48:11 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/05/31 20:45:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/30 21:09:39 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (eSafeSvc)
SRV - [2013/05/12 07:56:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/17 23:41:44 | 001,070,080 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/08/30 02:32:16 | 000,035,232 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/08/16 05:59:52 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/26 13:00:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 12:50:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 12:48:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 12:47:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 18:21:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 18:20:08 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 18:16:54 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/18 18:15:15 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/17 02:59:40 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/10/13 03:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/03 19:32:31 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/31 20:49:22 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/05/31 20:49:22 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/05/31 20:49:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/04/09 14:57:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 20:27:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/03/02 20:27:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 20:15:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 20:15:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 20:09:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/02 20:49:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/02/02 16:55:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/29 11:27:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/29 08:38:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/10 11:23:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 13:25:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 14:24:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 13:25:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 17:38:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 16:55:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 16:43:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 17:25:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 17:25:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 17:25:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 17:25:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/12 07:54:27 | 006,824,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 18:04:52 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/03 18:20:13 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/28 01:18:26 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/07/27 07:26:48 | 000,156,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/07/27 03:09:24 | 000,164,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/07/27 03:09:22 | 000,186,680 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/07/27 03:09:20 | 000,212,792 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/07/27 03:09:16 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/07/26 14:56:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 14:56:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 14:30:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 14:30:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 14:30:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 14:30:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 14:30:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 14:30:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 14:30:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 14:30:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 14:30:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 14:30:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 14:30:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 14:30:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 14:30:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 14:30:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 14:30:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 14:27:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 14:24:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 14:23:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 12:47:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 11:59:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 11:59:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 11:59:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 11:59:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 11:58:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 11:57:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 11:57:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 11:57:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 11:57:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 11:57:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 11:57:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 11:57:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 11:56:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 11:56:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 11:56:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 11:56:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 11:55:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 11:55:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 11:55:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 11:55:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 11:55:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 11:53:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 11:53:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/26 10:01:28 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/07/26 10:01:26 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/07/18 18:16:20 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/04 16:55:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/27 18:46:54 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/06/26 02:54:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/03 00:02:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/06/03 00:01:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?ut ... ts=3407939
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?ut ... ts=3407939
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/inde ... 51AC69F814
IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.adelaidenow.com.au/"
FF - prefs.js..extensions.enabledAddons: c0a5ee61-5128-44f7-bb3c-75c72f490e65%40e6843b55-5d21-4d81-af7f-d9570b24effe.com:0.91.10
FF - prefs.js..extensions.enabledAddons: lyricskid%40mpytsoft.net:1.114
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/03 19:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricskid@mpytsoft.net: C:\Program Files (x86)\LyricsKid\FF\ [2013/06/01 13:33:57 | 000,000,000 | ---D | M]

[2013/05/30 21:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2013/06/05 21:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bntj1sm8.default\extensions
[2013/06/02 13:57:58 | 000,000,000 | ---D | M] ("GVU Technologies") -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bntj1sm8.default\extensions\c0a5ee61-5128-44f7-bb3c-75c72f490e65@e6843b55-5d21-4d81-af7f-d9570b24effe.com
[2013/06/02 13:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bntj1sm8.default\extensions\c0a5ee61-5128-44f7-bb3c-75c72f490e65@e6843b55-5d21-4d81-af7f-d9570b24effe.com\chrome\content\extensionCode
[2013/05/30 21:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/30 21:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/01 13:33:57 | 000,000,000 | ---D | M] ("Lyrics Kid") -- C:\PROGRAM FILES (X86)\LYRICSKID\FF

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securedsearch2.lavasoft.com/inde ... 51AC69F814
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjdicogloiccgiandeocgphindanplc\1.114_0\
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjdlchhaepkcebfcaeghaafmgbnhlihm\1.23.10_0\crossrider
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjdlchhaepkcebfcaeghaafmgbnhlihm\1.23.10_0\
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 14:56:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lyrics Kid) - {BA146CF5-1875-4EA8-AAEA-A90142FC2EC9} - C:\Program Files (x86)\LyricsKid\lkid.dll (MPYT Software)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe (Hewlett-Packard)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DAEF880-29E2-4B5A-AF4F-F345B1B8CFF6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D89C42DA-19E8-4186-AE96-88F8206B9154}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/12 18:55:05 | 000,000,033 | -HS- | M] () - J:\AUTORUN.FCB -- [ NTFS ]
O33 - MountPoints2\{13db480a-9fc5-11e2-be6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13db480a-9fc5-11e2-be6e-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\autorun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 12th, 2013, 6:19 am

OTL log part 2

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 19:34:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/06/12 19:30:09 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/06/12 19:30:04 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/12 19:27:09 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Mark\Desktop\JRT.exe
[2013/06/09 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\WildTangent
[2013/06/05 21:08:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2013/06/05 21:08:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/06/05 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/05 21:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/05 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/05 21:08:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Programs
[2013/06/05 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Custom Office Templates
[2013/06/03 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\LavasoftStatistics
[2013/06/03 19:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/06/03 19:32:32 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/06/02 20:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/06/02 20:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/02 20:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/06/02 14:39:53 | 002,155,688 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysNative\Incinerator64.dll
[2013/06/02 14:39:53 | 002,097,472 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysWow64\Incinerator32.dll
[2013/06/02 14:39:53 | 000,082,160 | ---- | C] (Raxco Software, Inc.) -- C:\windows\SysNative\drivers\PDFsFilter.sys
[2013/06/02 14:39:53 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\offreg.dll
[2013/06/02 14:39:53 | 000,057,584 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysNative\iolobtdfg.exe
[2013/06/02 14:39:53 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\offreg.dll
[2013/06/02 14:39:53 | 000,026,184 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysNative\smrgdf.exe
[2013/06/02 14:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
[2013/06/02 14:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2013/06/02 14:07:26 | 000,030,752 | ---- | C] (EldoS Corporation) -- C:\windows\SysNative\drivers\ElRawDsk.sys
[2013/06/02 14:06:52 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\iolo
[2013/06/02 14:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/06/01 13:45:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\vlc
[2013/06/01 13:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/01 13:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/06/01 13:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GVU Technologies
[2013/06/01 13:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/06/01 13:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsKid
[2013/05/31 22:23:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Macromedia
[2013/05/31 21:51:20 | 000,087,392 | ---- | C] (Twain Working Group) -- C:\windows\twain.dll
[2013/05/31 21:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/05/31 21:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/05/31 21:49:52 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\windows\IsUninst.exe
[2013/05/31 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/31 21:43:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe
[2013/05/31 20:55:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Avira
[2013/05/31 20:53:30 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013/05/31 20:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/05/31 20:50:04 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/05/31 20:50:04 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/05/31 20:50:04 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/05/31 20:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/05/31 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/05/31 17:59:57 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetsrc.dll
[2013/05/31 17:59:57 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll
[2013/05/31 17:59:57 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetcore.dll
[2013/05/31 17:59:57 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmpeg2srcsnk.dll
[2013/05/31 17:59:57 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2013/05/31 17:59:57 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll
[2013/05/31 17:59:48 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dskquota.dll
[2013/05/31 17:59:48 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dskquota.dll
[2013/05/31 17:59:40 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hal.dll
[2013/05/30 22:13:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Identities
[2013/05/30 21:38:01 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2013/05/30 21:38:00 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/05/30 21:38:00 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/05/30 21:38:00 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2013/05/30 21:38:00 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Immersive.dll
[2013/05/30 21:37:59 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/05/30 21:37:59 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Immersive.dll
[2013/05/30 21:37:59 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfplat.dll
[2013/05/30 21:37:59 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SHCore.dll
[2013/05/30 21:37:59 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StructuredQuery.dll
[2013/05/30 21:37:57 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usercpl.dll
[2013/05/30 21:37:57 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfplat.dll
[2013/05/30 21:37:57 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll
[2013/05/30 21:37:57 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2013/05/30 21:37:57 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SHCore.dll
[2013/05/30 21:37:57 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2013/05/30 21:37:57 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2013/05/30 21:37:57 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/05/30 21:37:57 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Storage.Compression.dll
[2013/05/30 21:37:56 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usercpl.dll
[2013/05/30 21:37:56 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SpaceControl.dll
[2013/05/30 21:37:56 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2013/05/30 21:37:56 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2013/05/30 21:37:56 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys
[2013/05/30 21:37:55 | 001,636,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMALFXGFXDSP.dll
[2013/05/30 21:37:55 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\input.dll
[2013/05/30 21:37:55 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\input.dll
[2013/05/30 21:37:55 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Storage.Compression.dll
[2013/05/30 21:37:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2013/05/30 21:37:55 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdstor.sys
[2013/05/30 21:37:55 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\microsoft-windows-pdc.dll
[2013/05/30 21:37:55 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys
[2013/05/30 21:37:54 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/05/30 21:37:54 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FirewallAPI.dll
[2013/05/30 21:37:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PCPKsp.dll
[2013/05/30 21:37:53 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/05/30 21:37:53 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SysFxUI.dll
[2013/05/30 21:37:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppxSip.dll
[2013/05/30 21:37:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2013/05/30 21:37:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icfupgd.dll
[2013/05/30 21:37:53 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppxSip.dll
[2013/05/30 21:37:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PCPKsp.dll
[2013/05/30 21:37:53 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BdeUISrv.exe
[2013/05/30 21:37:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfapigp.dll
[2013/05/30 21:37:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfapigp.dll
[2013/05/30 21:37:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kbdhebl3.dll
[2013/05/30 21:37:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\kbdhebl3.dll
[2013/05/30 21:32:51 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2013/05/30 21:32:50 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll
[2013/05/30 21:32:49 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/05/30 21:32:47 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013/05/30 21:32:46 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013/05/30 21:32:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL
[2013/05/30 21:32:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL
[2013/05/30 21:32:41 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2013/05/30 21:32:40 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storagewmi.dll
[2013/05/30 21:32:40 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Taskmgr.exe
[2013/05/30 21:32:40 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Taskmgr.exe
[2013/05/30 21:32:40 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WebcamUi.dll
[2013/05/30 21:32:40 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WebcamUi.dll
[2013/05/30 21:32:40 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UserLanguagesCpl.dll
[2013/05/30 21:32:40 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnapps.dll
[2013/05/30 21:32:39 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\storagewmi.dll
[2013/05/30 21:32:39 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2013/05/30 21:32:39 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2013/05/30 21:32:39 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/05/30 21:32:39 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/05/30 21:32:39 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserLanguagesCpl.dll
[2013/05/30 21:32:39 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/05/30 21:32:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/05/30 21:32:39 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2013/05/30 21:32:39 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/05/30 21:32:39 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wpnapps.dll
[2013/05/30 21:32:39 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vds_ps.dll
[2013/05/30 21:32:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vds_ps.dll
[2013/05/30 21:32:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rfxvmt.dll
[2013/05/30 21:32:39 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2013/05/30 21:32:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsldr.exe
[2013/05/30 21:32:37 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2013/05/30 21:32:37 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2013/05/30 21:32:37 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/05/30 21:32:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/05/30 21:32:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/05/30 21:32:37 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/05/30 21:31:27 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\glcndFilter.dll
[2013/05/30 21:31:23 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\glcndFilter.dll
[2013/05/30 21:31:23 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2013/05/30 21:31:21 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2013/05/30 21:31:21 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/05/30 21:31:20 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll
[2013/05/30 21:31:20 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013/05/30 21:31:19 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\windows\HelpPane.exe
[2013/05/30 21:31:18 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll
[2013/05/30 21:31:18 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanapi.dll
[2013/05/30 21:31:18 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dafWCN.dll
[2013/05/30 21:31:17 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanmsm.dll
[2013/05/30 21:31:17 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2013/05/30 21:31:17 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlansec.dll
[2013/05/30 21:31:17 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanmsm.dll
[2013/05/30 21:31:17 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlansec.dll
[2013/05/30 21:31:17 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpclip.exe
[2013/05/30 21:31:17 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bthprops.cpl
[2013/05/30 21:31:17 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanapi.dll
[2013/05/30 21:31:17 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\bthprops.cpl
[2013/05/30 21:31:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFCaptureEngine.dll
[2013/05/30 21:31:17 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFCaptureEngine.dll
[2013/05/30 21:31:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnApi.dll
[2013/05/30 21:31:15 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WcnApi.dll
[2013/05/30 21:31:14 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fdWCN.dll
[2013/05/30 21:31:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfdprov.dll
[2013/05/30 21:31:14 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapPeerProxy.dll
[2013/05/30 21:31:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapAuthProxy.dll
[2013/05/30 21:31:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfdprov.dll
[2013/05/30 21:31:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fxppm.sys
[2013/05/30 21:31:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iscsilog.dll
[2013/05/30 21:31:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanhlp.dll
[2013/05/30 21:31:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanhlp.dll
[2013/05/30 21:31:00 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\newdev.dll
[2013/05/30 21:31:00 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\newdev.dll
[2013/05/30 21:31:00 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\newdev.exe
[2013/05/30 21:31:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ndadmin.exe
[2013/05/30 21:31:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\newdev.exe
[2013/05/30 21:31:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ndadmin.exe
[2013/05/30 21:30:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013/05/30 21:30:19 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSService.dll
[2013/05/30 21:30:15 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\evbda.sys
[2013/05/30 21:30:10 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WpcMon.exe
[2013/05/30 21:30:09 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/05/30 21:30:08 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSAT.exe
[2013/05/30 21:30:07 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vssapi.dll
[2013/05/30 21:30:07 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\bxvbda.sys
[2013/05/30 21:30:06 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RacEngn.dll
[2013/05/30 21:30:06 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.dll
[2013/05/30 21:30:05 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/05/30 21:30:05 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.Streaming.dll
[2013/05/30 21:30:05 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uDWM.dll
[2013/05/30 21:30:04 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\provcore.dll
[2013/05/30 21:30:04 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MMDevAPI.dll
[2013/05/30 21:30:03 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSATAPI.dll
[2013/05/30 21:30:02 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Streaming.dll
[2013/05/30 21:30:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apphelp.dll
[2013/05/30 21:30:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IPHLPAPI.DLL
[2013/05/30 21:30:01 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\combase.dll
[2013/05/30 21:30:01 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinTypes.dll
[2013/05/30 21:30:01 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fveapi.dll
[2013/05/30 21:30:01 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsSpellCheckingFacility.dll
[2013/05/30 21:30:01 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll
[2013/05/30 21:30:01 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskeng.exe
[2013/05/30 21:30:01 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWAHost.exe
[2013/05/30 21:30:01 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidcredprov.dll
[2013/05/30 21:30:01 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFPlay.dll
[2013/05/30 21:30:00 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\propsys.dll
[2013/05/30 21:30:00 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfsrcsnk.dll
[2013/05/30 21:30:00 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VAN.dll
[2013/05/30 21:30:00 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfsvr.dll
[2013/05/30 21:30:00 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/05/30 21:30:00 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinSATAPI.dll
[2013/05/30 21:30:00 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnprv.dll
[2013/05/30 21:30:00 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bcdsrv.dll
[2013/05/30 21:29:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appwiz.cpl
[2013/05/30 21:29:59 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\services.exe
[2013/05/30 21:29:59 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fveapibase.dll
[2013/05/30 21:29:59 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSClient.dll
[2013/05/30 21:29:59 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bisrv.dll
[2013/05/30 21:29:59 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSSync.dll
[2013/05/30 21:29:59 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSClient.dll
[2013/05/30 21:29:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psmsrv.dll
[2013/05/30 21:29:58 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RacEngn.dll
[2013/05/30 21:29:58 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\appwiz.cpl
[2013/05/30 21:29:58 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\provcore.dll
[2013/05/30 21:29:58 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinapi.dll
[2013/05/30 21:29:58 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWAHost.exe
[2013/05/30 21:29:58 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvproc.dll
[2013/05/30 21:29:58 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ProximityService.dll
[2013/05/30 21:29:58 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFPlay.dll
[2013/05/30 21:29:58 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSSync.dll
[2013/05/30 21:29:58 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpioclx.sys
[2013/05/30 21:29:58 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PackageStateRoaming.dll
[2013/05/30 21:29:58 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TpmTasks.dll
[2013/05/30 21:29:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PackageStateRoaming.dll
[2013/05/30 21:29:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setbcdlocale.dll
[2013/05/30 21:29:58 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\avrt.dll
[2013/05/30 21:29:57 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\batmeter.dll
[2013/05/30 21:29:57 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\batmeter.dll
[2013/05/30 21:29:57 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\combase.dll
[2013/05/30 21:29:57 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VAN.dll
[2013/05/30 21:29:57 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinTypes.dll
[2013/05/30 21:29:57 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfsrcsnk.dll
[2013/05/30 21:29:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfsvr.dll
[2013/05/30 21:29:57 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlidcredprov.dll
[2013/05/30 21:29:57 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\microsoft-windows-kernel-power-events.dll
[2013/05/30 21:29:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncHost.exe
[2013/05/30 21:29:57 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpfve.sys
[2013/05/30 21:29:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfdisk.dll
[2013/05/30 21:29:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfdisk.dll
[2013/05/30 21:29:57 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe
[2013/05/30 21:29:56 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/05/30 21:29:56 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\user32.dll
[2013/05/30 21:29:56 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinapi.dll
[2013/05/30 21:29:56 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpksetup.exe
[2013/05/30 21:29:56 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/05/30 21:29:56 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfh264enc.dll
[2013/05/30 21:29:56 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfh264enc.dll
[2013/05/30 21:29:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvproc.dll
[2013/05/30 21:29:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/05/30 21:29:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DAFWSD.dll
[2013/05/30 21:29:56 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevPropMgr.dll
[2013/05/30 21:29:56 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwm.exe
[2013/05/30 21:29:56 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvinst.exe
[2013/05/30 21:29:56 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncHost.exe
[2013/05/30 21:29:56 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2013/05/30 21:29:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfnet.dll
[2013/05/30 21:29:56 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfnet.dll
[2013/05/30 21:29:55 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/05/30 21:29:55 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2013/05/30 21:29:55 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2013/05/30 21:29:55 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfos.dll
[2013/05/30 21:29:55 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/05/30 21:29:55 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpremove.exe
[2013/05/30 21:29:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vsstrace.dll
[2013/05/30 21:29:55 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/05/30 21:29:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sdbinst.exe
[2013/05/30 21:29:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/05/30 21:29:55 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sdbinst.exe
[2013/05/30 21:29:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfctrs.dll
[2013/05/30 21:29:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfctrs.dll
[2013/05/30 21:29:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfproc.dll
[2013/05/30 21:29:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\LangCleanupSysprepAction.dll
[2013/05/30 21:29:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfproc.dll
[2013/05/30 21:29:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfos.dll
[2013/05/30 21:29:54 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/05/30 21:29:54 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\eventcls.dll
[2013/05/30 21:29:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\eventcls.dll
[2013/05/30 21:29:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MUILanguageCleanup.dll
[2013/05/30 21:29:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpksetupproxyserv.dll
[2013/05/30 21:29:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shimeng.dll
[2013/05/30 21:21:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apple Computer
[2013/05/30 21:21:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Apple Computer
[2013/05/30 21:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/30 21:21:21 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/30 21:21:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apple
[2013/05/30 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/05/30 21:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/05/30 21:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/05/30 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Downloaded Installations
[2013/05/30 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mozilla
[2013/05/30 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Mozilla
[2013/05/30 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/30 21:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/30 21:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/30 21:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/05/30 21:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/30 21:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/05/30 21:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/30 21:08:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\eIntaller
[2013/05/30 19:50:47 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/30 19:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Outlook Files
[2013/05/30 18:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/30 18:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/30 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Google
[2013/05/30 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Deployment
[2013/05/30 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apps
[2013/05/29 23:00:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Hewlett-Packard
[2013/05/29 22:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/05/29 22:21:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Macromedia
[2013/05/29 22:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/05/29 22:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/05/29 22:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/05/29 21:52:53 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mmc.exe
[2013/05/29 21:52:53 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidsvc.dll
[2013/05/29 21:52:53 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2013/05/29 21:52:52 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupapi.dll
[2013/05/29 21:52:52 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe
[2013/05/29 21:52:52 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013/05/29 21:52:52 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MP4SDECD.DLL
[2013/05/29 21:52:52 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll
[2013/05/29 21:52:52 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MP4SDECD.DLL
[2013/05/29 21:52:52 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.dll
[2013/05/29 21:52:52 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll
[2013/05/29 21:52:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDMon.dll
[2013/05/29 21:52:52 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncbservice.dll
[2013/05/29 21:52:52 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll
[2013/05/29 21:52:52 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxm.dll
[2013/05/29 21:52:52 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wiaacmgr.exe
[2013/05/29 21:52:52 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wiaacmgr.exe
[2013/05/29 21:52:52 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhsvc.dll
[2013/05/29 21:52:52 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpiowin32.sys
[2013/05/29 21:52:52 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhapi.dll
[2013/05/29 21:52:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxp.dll
[2013/05/29 21:52:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\keepaliveprovider.dll
[2013/05/29 21:52:32 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100_clr0400.dll
[2013/05/29 21:52:32 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcr100_clr0400.dll
[2013/05/29 21:51:58 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppobjs.dll
[2013/05/29 21:51:56 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/05/29 21:51:56 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/05/29 21:51:55 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/05/29 21:51:55 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/05/29 21:51:55 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll
[2013/05/29 21:51:55 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2013/05/29 21:51:55 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/05/29 21:51:55 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Globalization.dll
[2013/05/29 21:51:55 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/05/29 21:51:55 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/05/29 21:51:55 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/05/29 21:51:55 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/29 21:51:55 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BCP47Langs.dll
[2013/05/29 21:51:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcfgx.dll
[2013/05/29 21:51:55 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013/05/29 21:51:55 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2013/05/29 21:51:55 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2013/05/29 21:51:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BCP47Langs.dll
[2013/05/29 21:51:55 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll
[2013/05/29 21:51:55 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll
[2013/05/29 21:51:55 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll
[2013/05/29 21:51:54 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2013/05/29 21:51:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll
[2013/05/29 21:51:54 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2013/05/29 21:51:54 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2013/05/29 21:51:54 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll
[2013/05/29 21:51:54 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/05/29 21:51:54 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcfgx.dll
[2013/05/29 21:51:54 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013/05/29 21:51:54 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/05/29 21:51:54 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2013/05/29 21:51:54 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll
[2013/05/29 21:51:53 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013/05/29 21:51:53 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsquirt.exe
[2013/05/29 21:51:53 | 000,212,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/05/29 21:51:53 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/05/29 21:51:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/05/29 21:51:53 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powercfg.cpl
[2013/05/29 21:51:53 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\discan.dll
[2013/05/29 21:51:53 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tpm.sys
[2013/05/29 21:51:53 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\powercfg.cpl
[2013/05/29 21:51:53 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/05/29 21:51:53 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncInfo.dll
[2013/05/29 21:51:53 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2013/05/29 21:51:53 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/05/29 21:51:53 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NdisImPlatform.dll
[2013/05/29 21:51:53 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncInfo.dll
[2013/05/29 21:51:53 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wushareduxresources.dll
[2013/05/29 21:51:53 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/05/29 21:51:53 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2013/05/29 21:51:53 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/05/29 21:51:53 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storahci.sys
[2013/05/29 21:51:53 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe
[2013/05/29 21:51:53 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDPrintProxy.DLL
[2013/05/29 21:51:53 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/05/29 21:51:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll
[2013/05/29 21:51:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/05/29 21:51:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/05/29 21:51:53 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/05/29 21:51:53 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll
[2013/05/29 21:51:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2013/05/29 21:51:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2013/05/29 21:51:53 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuaext.dll
[2013/05/29 21:50:06 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013/05/29 21:50:06 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/05/29 21:50:05 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/05/29 21:50:05 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/05/29 21:50:04 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/05/29 21:50:04 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013/05/29 21:50:04 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/05/29 21:50:04 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/05/29 21:50:03 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/05/29 21:50:02 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/05/29 21:50:02 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/05/29 21:50:01 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll
[2013/05/29 21:50:01 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll
[2013/05/29 21:50:00 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/05/29 21:50:00 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/05/29 21:50:00 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/05/29 21:50:00 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013/05/29 21:50:00 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2013/05/29 21:50:00 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2013/05/29 21:50:00 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/05/29 21:50:00 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/05/29 21:50:00 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/05/29 21:50:00 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/05/29 21:50:00 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll
[2013/05/29 21:50:00 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll
[2013/05/29 21:50:00 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2013/05/29 21:50:00 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll
[2013/05/29 21:49:59 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2013/05/29 21:49:59 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/05/29 21:49:59 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/05/29 21:49:59 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/05/29 21:49:59 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2013/05/29 21:49:59 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/05/29 21:49:59 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/05/29 21:49:59 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2013/05/29 21:49:59 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013/05/29 21:49:59 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll
[2013/05/29 21:49:59 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013/05/29 21:49:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/05/29 21:49:59 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013/05/29 21:49:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll
[2013/05/29 21:49:59 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll
[2013/05/29 21:49:59 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll
[2013/05/29 21:49:59 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rascfg.dll
[2013/05/29 21:49:59 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rascfg.dll
[2013/05/29 21:49:58 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2013/05/29 21:49:58 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/05/29 21:49:58 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll
[2013/05/29 21:49:58 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll
[2013/05/29 21:49:58 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl
[2013/05/29 21:49:58 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll
[2013/05/29 21:49:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl
[2013/05/29 21:49:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/05/29 21:49:58 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhcfg.dll
[2013/05/29 21:49:58 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013/05/29 21:49:58 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys
[2013/05/29 21:49:58 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2013/05/29 21:49:58 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhcat.dll
[2013/05/29 21:49:58 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/05/29 21:49:58 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll
[2013/05/29 21:49:58 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2013/05/29 21:49:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2013/05/29 21:49:58 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll
[2013/05/29 21:49:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/05/29 21:49:58 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2013/05/29 21:49:58 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll
[2013/05/29 21:49:58 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll
[2013/05/29 21:49:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhmanagew.exe
[2013/05/29 21:49:58 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhshl.dll
[2013/05/29 21:49:58 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2013/05/29 21:49:58 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2013/05/29 21:49:58 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsvc.dll
[2013/05/29 21:49:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2013/05/29 21:49:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssitlb.dll
[2013/05/29 21:49:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2013/05/29 21:49:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssitlb.dll
[2013/05/29 21:49:58 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll
[2013/05/29 21:49:58 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/05/29 21:49:58 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsrchapi.dll
[2013/05/29 21:49:58 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll
[2013/05/29 21:49:58 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rasdiag.dll
[2013/05/29 21:49:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhevents.dll
[2013/05/29 21:49:58 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2013/05/29 21:49:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsrchph.dll
[2013/05/29 21:49:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/05/29 21:49:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhlisten.dll
[2013/05/29 21:49:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhautoplay.dll
[2013/05/29 21:49:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ndptsp.tsp
[2013/05/29 21:49:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rasdiag.dll
[2013/05/29 21:49:58 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhcleanup.dll
[2013/05/29 21:49:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ndptsp.tsp
[2013/05/29 21:49:58 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll
[2013/05/29 21:49:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2013/05/29 21:49:58 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kmddsp.tsp
[2013/05/29 21:49:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rasmxs.dll
[2013/05/29 21:49:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll
[2013/05/29 21:49:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidi2c.sys
[2013/05/29 21:49:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\kmddsp.tsp
[2013/05/29 21:49:58 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhtask.dll
[2013/05/29 21:49:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rasmxs.dll
[2013/05/29 21:49:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rasser.dll
[2013/05/29 21:49:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rasser.dll
[2013/05/29 21:49:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsvcctl.dll
[2013/05/29 21:49:58 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll
[2013/05/29 21:49:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll
[2013/05/29 21:49:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\spwmp.dll
[2013/05/29 21:49:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\spwmp.dll
[2013/05/29 21:49:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdxm.ocx
[2013/05/29 21:49:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxmasf.dll
[2013/05/29 21:49:58 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msdxm.ocx
[2013/05/29 21:49:58 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dxmasf.dll
[2013/05/29 21:49:57 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2013/05/29 21:46:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2013/05/29 21:46:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncryptsslp.dll
[2013/05/29 21:46:55 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2013/05/29 21:46:55 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncryptsslp.dll
[2013/05/29 21:46:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/05/29 21:46:42 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/05/29 21:46:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/05/29 21:46:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/05/29 21:46:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/05/29 21:46:41 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/05/29 21:46:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/05/29 21:46:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/05/29 21:46:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/05/29 21:46:41 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013/05/29 21:46:41 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/05/29 21:46:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013/05/29 21:46:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/05/29 21:46:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/05/29 21:45:18 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2013/05/29 21:45:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/05/29 21:45:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appserverai.dll
[2013/05/29 21:45:18 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2013/05/29 21:45:18 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RDWebAI.dll
[2013/05/29 21:45:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VmHostAI.dll
[2013/05/29 21:44:50 | 002,893,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/05/29 21:44:50 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/05/29 21:44:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgentc.exe
[2013/05/29 21:44:39 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll
[2013/05/29 21:44:39 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resetengmig.dll
[2013/05/29 21:44:39 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll
[2013/05/29 21:44:39 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2013/05/29 21:44:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysreset.exe
[2013/05/29 21:44:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgentc.exe
[2013/05/29 21:44:32 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/05/29 21:44:32 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll
[2013/05/29 21:44:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll
[2013/05/29 21:44:32 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll
[2013/05/29 21:44:32 | 000,488,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/05/29 21:44:32 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll
[2013/05/29 21:44:32 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll
[2013/05/29 21:44:32 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2013/05/29 21:44:32 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll
[2013/05/29 21:44:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013/05/29 21:44:32 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll
[2013/05/29 21:44:32 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll
[2013/05/29 21:44:32 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll
[2013/05/29 21:44:32 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013/05/29 21:44:32 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/05/29 21:44:32 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013/05/29 21:44:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe
[2013/05/29 21:44:32 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe
[2013/05/29 21:44:32 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe
[2013/05/29 21:44:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe
[2013/05/29 21:44:32 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys
[2013/05/29 21:44:32 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/05/29 21:44:32 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthhfHid.sys
[2013/05/29 21:44:32 | 000,021,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/05/29 21:44:32 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BtaMPM.sys
[2013/05/29 21:44:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll
[2013/05/29 21:44:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll
[2013/05/29 21:44:15 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll
[2013/05/29 21:44:14 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll
[2013/05/29 21:44:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/05/29 21:44:09 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/05/29 21:44:09 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/05/29 21:44:06 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/05/29 21:44:04 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013/05/29 21:44:04 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013/05/29 21:44:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcadm.dll
[2013/05/29 21:44:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcalua.exe
[2013/05/29 21:44:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcaevts.dll
[2013/05/29 21:43:59 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2013/05/29 21:43:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2013/05/29 21:43:59 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/05/29 21:43:59 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/05/29 21:43:59 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2013/05/29 21:43:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2013/05/29 21:43:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnathlp.dll
[2013/05/29 21:43:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnathlp.dll
[2013/05/29 21:43:59 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/05/29 21:43:59 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/05/29 21:43:59 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnsvr.exe
[2013/05/29 21:43:59 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnsvr.exe
[2013/05/29 21:43:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2013/05/29 21:43:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhupnp.dll
[2013/05/29 21:43:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhpast.dll
[2013/05/29 21:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhupnp.dll
[2013/05/29 21:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhpast.dll
[2013/05/29 21:43:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnlobby.dll
[2013/05/29 21:43:59 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnaddr.dll
[2013/05/29 21:43:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2013/05/29 21:43:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnlobby.dll
[2013/05/29 21:43:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnaddr.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2013/05/29 21:43:54 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/05/29 21:43:54 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/05/29 21:38:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Broadcom
[2013/05/29 21:38:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Bluetooth Exchange Folder
[2013/05/29 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Power2Go8
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\Searches
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\Contacts
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/29 21:38:21 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/29 21:38:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Adobe
[2013/05/29 21:37:36 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\assembly
[2013/05/29 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Hewlett-Packard
[2013/05/29 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VirtualStore
[2013/05/29 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Packages
[2013/05/29 21:36:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Temporary Internet Files
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Templates
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Start Menu
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\SendTo
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Recent
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\PrintHood
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\NetHood
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Videos
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Pictures
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Music
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\My Documents
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Local Settings
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\History
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Cookies
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Application Data
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Application Data
[2013/05/29 21:36:19 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/29 21:36:19 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/05/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
[2013/05/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft
[2013/05/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/29 21:36:18 | 000,000,000 | --SD | C] -- C:\Users\Mark\AppData\Roaming\Microsoft
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Videos
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Saved Games
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Pictures
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Music
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Links
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Favorites
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Downloads
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Documents
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Desktop
[2013/05/29 21:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Documents\hp.system.package.metadata
[2013/05/29 21:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Documents\hp.applications.package.appdata
[2013/05/29 21:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData
[2013/05/29 21:32:29 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/12 19:34:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/06/12 19:27:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Mark\Desktop\JRT.exe
[2013/06/12 18:56:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/12 18:56:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/12 18:40:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/12 13:13:04 | 000,000,396 | ---- | M] () -- C:\windows\tasks\Lyrics Kid Update.job
[2013/06/11 20:31:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/11 20:30:07 | 000,000,428 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/06/10 20:46:07 | 000,002,225 | ---- | M] () -- C:\Users\Mark\Desktop\System Mechanic.lnk
[2013/06/10 15:46:07 | 000,025,088 | ---- | M] () -- C:\Users\Mark\Desktop\codecheck.exe
[2013/06/09 22:04:36 | 000,876,494 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/09 22:04:36 | 000,731,082 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/09 22:04:36 | 000,154,718 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/07 17:35:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/06/07 17:35:33 | 808,591,357 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/05 21:08:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 19:32:31 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/06/03 18:58:40 | 000,432,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/06/02 23:36:34 | 000,001,356 | ---- | M] () -- C:\windows\wininit.ini
[2013/06/02 20:50:37 | 000,001,288 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/06/02 20:50:37 | 000,001,264 | ---- | M] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2013/06/02 18:40:39 | 000,000,406 | ---- | M] () -- C:\windows\SysNative\ioloBootDefrag.cfg
[2013/06/02 14:06:52 | 000,074,703 | ---- | M] () -- C:\windows\SysWow64\mfc45.dat
[2013/05/31 21:51:39 | 000,001,132 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2013/05/31 21:51:38 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 2.0.lnk
[2013/05/31 20:53:29 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013/05/31 20:50:08 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/31 20:49:22 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/05/31 20:49:22 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/05/31 20:49:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/05/31 03:18:05 | 000,002,511 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/30 22:59:15 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/30 21:21:23 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/30 21:09:45 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/30 21:09:08 | 000,001,668 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/30 19:45:44 | 000,001,054 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/29 21:37:58 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:58 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:40 | 000,000,141 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/29 21:30:35 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/05/29 11:28:40 | 000,057,584 | ---- | M] (iolo technologies, LLC) -- C:\windows\SysNative\iolobtdfg.exe
[2013/05/29 11:28:30 | 000,026,184 | ---- | M] (iolo technologies, LLC) -- C:\windows\SysNative\smrgdf.exe
[2013/05/29 11:12:34 | 002,097,472 | ---- | M] (iolo technologies, LLC) -- C:\windows\SysWow64\Incinerator32.dll
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/10 15:46:07 | 000,025,088 | ---- | C] () -- C:\Users\Mark\Desktop\codecheck.exe
[2013/06/05 21:08:33 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 18:58:31 | 000,432,288 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/06/02 23:35:45 | 000,001,356 | ---- | C] () -- C:\windows\wininit.ini
[2013/06/02 20:50:37 | 000,001,288 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/06/02 20:50:37 | 000,001,264 | ---- | C] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2013/06/02 18:40:39 | 000,000,406 | ---- | C] () -- C:\windows\SysNative\ioloBootDefrag.cfg
[2013/06/02 14:39:54 | 000,002,225 | ---- | C] () -- C:\Users\Mark\Desktop\System Mechanic.lnk
[2013/06/02 14:06:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/06/01 13:44:01 | 000,000,428 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/06/01 13:33:57 | 000,000,396 | ---- | C] () -- C:\windows\tasks\Lyrics Kid Update.job
[2013/05/31 21:51:39 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2013/05/31 21:51:38 | 000,001,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2013/05/31 21:51:38 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 2.0.lnk
[2013/05/31 21:46:29 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/31 20:50:08 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/30 22:59:15 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/30 21:29:55 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
[2013/05/30 21:29:55 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/05/30 21:21:23 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/30 21:21:10 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/05/30 21:09:45 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/30 21:09:44 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/30 19:45:44 | 000,001,054 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/30 18:51:44 | 000,002,511 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/30 18:51:24 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 18:51:23 | 000,000,906 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 22:21:02 | 000,001,668 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/29 21:49:59 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/05/29 21:38:19 | 000,001,674 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/29 21:38:04 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/05/29 21:37:58 | 000,000,000 | RHS- | C] () -- C:\windows\SysWow64\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:58 | 000,000,000 | RHS- | C] () -- C:\windows\SysNative\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:40 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/29 21:36:40 | 000,000,352 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/29 21:36:40 | 000,000,334 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/29 21:30:35 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/08/02 11:38:37 | 000,915,038 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/26 17:43:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 17:43:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 16:51:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/26 10:47:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/26 06:07:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/26 05:58:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/26 05:52:54 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2012/07/26 05:52:54 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2012/07/26 05:52:54 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2012/06/03 00:01:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/21 06:29:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/09/12 07:55:40 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 16:01:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 14:33:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 12:35:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 12:48:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 12:37:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 12th, 2013, 6:20 am

Extras log

OTL Extras logfile created on: 12/06/2013 7:36:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

15.94 Gb Total Physical Memory | 12.32 Gb Available Physical Memory | 77.30% Memory free
18.19 Gb Paging File | 13.99 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 2773.64 Gb Total Space | 2678.87 Gb Free Space | 96.58% Space Free | Partition Type: NTFS
Drive D: | 19.40 Gb Total Space | 2.42 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 92.16 Gb Free Space | 19.79% Space Free | Partition Type: NTFS

Computer Name: STUDYPC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9AA657-04E9-414E-9DA3-F35759A8A189}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18A45E2D-5A07-4474-AF7D-5FF7DDBC1F70}" = lport=137 | protocol=17 | dir=in | app=system |
"{1AE5B904-891D-415A-B6EA-92DE938CC9C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{287CAF30-D0CD-4111-8995-DBBEEFDB93A5}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |
"{49BB3815-9952-48FA-8E7C-BFCF6C928ECB}" = lport=138 | protocol=17 | dir=in | app=system |
"{54F70F11-534C-4246-8EDA-FC6F7FAF7CA7}" = rport=137 | protocol=17 | dir=out | app=system |
"{5F75161C-F5D2-4DAA-B82E-BC7B13586B4E}" = lport=139 | protocol=6 | dir=in | app=system |
"{70578A31-BC44-4102-8580-31790A3B4E1A}" = rport=139 | protocol=6 | dir=out | app=system |
"{84336FB7-1E3F-4B71-8F18-37AFBB6F7131}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CC088B8-FD1C-4D37-AFC7-DB4455FA3E2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90E8CD4D-C548-4CBA-8709-C75D3D7830C3}" = lport=445 | protocol=6 | dir=in | app=system |
"{93CB466D-99CD-49EE-9B40-BC267E266359}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{96CD2858-DEF6-45BA-AE6A-385686385D85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E31029B-289B-4AB7-B11B-A55476A73450}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A30C56E3-F186-403F-A513-3703C2ADA537}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8972C5F-319D-4761-A214-C710372E0128}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B9631155-96A6-4290-967E-31446AF282C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C206D524-704D-4E3E-A3A6-45B50F950DFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC3479DA-DEFB-4DE1-B933-E18CFC0CF4CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE85EAF7-BCB3-4513-9B88-AC567912F0A5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{E088631E-DA90-420A-A683-E1F815188D4C}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1415213-2612-408C-8800-2A2A0C3F6979}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC16201A-CBB6-47CC-B8AA-1ECC4AA744D5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F9B466E7-850D-4A79-9C0C-E0F78E5EAF0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD98E532-1607-4961-98D8-1C9D9FBAFE97}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FF94A0FF-97AF-42DF-B0BA-19595F8B94FF}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04248440-BD1E-4B2F-8DDB-6C5E3F2DBFA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{06049CD3-9A3D-4C67-8334-9130FA4977B0}" = dir=out | name=hp+ |
"{0640B834-8B6A-4F87-B7F1-A56831374E75}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{13EB1D32-6C28-4652-8D48-1EF930940BE9}" = dir=out | name=microsoft solitaire collection |
"{1465EF7C-CD74-4B8D-9B1C-844299329FA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15EEB65B-BCA9-4500-AF7C-59590F1CFC78}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{173EF18A-D6D0-4159-80C1-CC2CE97160A4}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1C103D00-7BC8-4199-99E7-06AD86A0141A}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{24291CF7-DD65-403D-BF54-AA679345C54B}" = dir=in | name=skype |
"{2D13724E-9EC2-4E6B-8BB2-EB0D557248F0}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{2E4886DE-A350-4821-8D15-9C460352B78A}" = dir=out | name=microsoft mahjong |
"{329C3D3A-4203-4064-BD60-1AB6B2459084}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{32B2B1B3-FE93-47A6-8AA2-25DBF25605B1}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{33B6EFAC-D492-488D-8530-0FF1D59CD553}" = dir=in | name=kindle |
"{35486853-69EB-4D33-9C0C-CCB6AC49B8A5}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3809FDED-9BC6-4266-A615-05C4A9096034}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{38406390-CE28-4FDC-A214-2991A702ED27}" = dir=out | name=getting started with windows 8 |
"{3A0A300A-B623-4709-BD81-A439D0AEABCE}" = dir=in | name=ebay |
"{3AAC0EDE-1F19-4893-BCDF-D117466AC2D0}" = dir=in | name=ebay |
"{3C03F17E-8C01-4942-8048-5C7EAD474080}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{3D8557CA-C047-4936-98F9-C9326A02EFAD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{4024B8D4-5EFB-4484-9B95-3CF386183334}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{405385D5-7A9D-417E-AA4A-FAE5886022C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{41C8C596-3ABD-461D-9C3F-70C50BCB7C45}" = dir=out | name=kindle |
"{468C9E9D-12F2-4A59-BC43-9E16EBC5D607}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{46BEEB1A-F2DD-41E8-8E8B-008E336D2D4A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{486B1296-4E93-471B-8263-E01D042AC4FB}" = dir=out | name=microsoft mahjong |
"{4B878130-137E-43AD-ACFB-87B98DD7B3CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4ECFFF95-94BE-438F-BF80-810AE75D8E04}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{53981327-5B9C-4ECC-ACBE-B9743AEEB643}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{596273EB-D446-4FC3-896E-2C1F50F728B5}" = dir=out | name=skype |
"{5BBDDF3D-D913-47F1-8894-1767197994B8}" = dir=out | name=kindle |
"{5F03C031-0E9F-4D5C-A129-8F11537680D8}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{60F9ABE4-BA09-4D48-84D6-15CD9D2906E0}" = dir=out | name=hp connected photo powered by snapfish |
"{6297B022-F8FF-484F-BBC3-84A3F2B44E80}" = dir=out | name=ebay |
"{62B9A5A6-3DE1-4C6C-85BA-0280C34C3A63}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe |
"{62F36F00-C322-41DC-BCFF-059D9B9605CC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{654A25CE-0191-4363-90D1-FA0AEEEC17FB}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{66EF2398-133F-4FD0-AA4A-9978892E64E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{6B539FAB-22BD-4E18-AB5C-372693DAFA18}" = dir=out | name=microsoft solitaire collection |
"{6D3AF1DC-3515-4128-9B1F-BA384CC6BD32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73885595-7E35-4EFB-A2E0-AFD9BC2FED60}" = dir=out | name=norton studio |
"{778C2082-28D6-49AA-B600-90B554E5560F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78213AF2-1288-4DE6-9AF1-83BAC7990E55}" = dir=in | name=kindle |
"{7942D5C0-920C-48AB-B556-09474AED89B4}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{79A6C4BD-C5FA-4966-867E-BC0231666574}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{7AB3C188-E5B8-4923-AB85-93BABED7DACC}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7DC310CE-A4AF-41D6-BE30-43B55A2B5400}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85F41081-E734-436D-A7A0-DD6DCCB2CAA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88B6F36F-83B9-4260-8F09-BB125FB41FDF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{951E8294-0952-436E-A180-1D7BF7408181}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9AB9C4F8-1BD7-4B95-9789-A640C4682A0E}" = dir=out | name=windows_ie_ac_001 |
"{9D343457-1654-470B-B4FD-56804051ACDE}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{9E6E2E16-1F13-4138-B562-B684CC3352AD}" = dir=in | name=skype |
"{A50E0EFF-B687-4529-924F-BB215BC49D26}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A529F646-D3DA-442B-BAC4-B9B27339B17A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A618A67F-A079-4A7A-889F-73099A3FD617}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7E83AF7-C8BB-4CDD-A152-6E4BE57D1B7E}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A8F5EDD8-3ADD-4038-BA6D-519938174EB2}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{A9CBE61C-5489-40F6-954F-D0972217D851}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AAC96B57-3178-458B-8CA0-D26AC2F41107}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{ABB91828-C60E-4FAC-9FC7-C22819DF24A8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{ABBBD228-4D6B-41C2-AE38-F95CCD417785}" = dir=out | name=skype |
"{ABF164BA-1B4B-4A0E-9EF8-822647223B4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AC122355-6A53-4628-818A-50B42A25EF79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEB5D609-A10F-446C-8A90-ED37C003ADE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEC3FAA5-6E0F-4D78-9034-2208CBCFF6F6}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{AF63BA66-1F17-45DC-A020-8FF1B6E683C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B319EB2A-C6E1-4036-8941-D74B02B6B515}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{B5E59AB6-BFBB-4E13-A189-8B9D8674C2A6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B719226E-30E3-45DB-A9F5-AD54E021FC3D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B8E0052C-4346-4AD0-82EF-00CC843EC026}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B8E106A8-24B4-409C-A2C4-226183226006}" = dir=out | name=hp+ |
"{B9A2DB6C-97FE-43D9-8511-AA257419223A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{C2228782-674F-4505-A70A-73DD09F5433A}" = dir=out | name=norton studio |
"{C5AB9643-0DD6-4D2C-AB8F-EC275EB762D8}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C9A0767E-20D5-44E3-9618-74ED0C008AA4}" = dir=out | name=hp registration |
"{CABD237D-169B-49E9-B3ED-9CBAF1495BDA}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{CEA14B9A-334F-449A-A7BF-BAFE1CAB5280}" = dir=out | name=hp connected photo powered by snapfish |
"{D3293FDB-9C99-4F6F-B10B-B442902C48AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D368C487-2FDA-4771-A719-D11664D0AC6C}" = dir=out | name=ebay |
"{D6C62E48-C96F-4BB9-BDE0-3001DDDC0A1B}" = dir=out | name=hp registration |
"{D7342FC3-AE12-49CC-BCE8-7E25EBAED1CF}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D89F4BF5-C12C-411F-BBD2-0810D661A29D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{D8A57319-2D9E-4935-B8EF-C339A7688A11}" = protocol=6 | dir=out | app=system |
"{D8B2A412-F444-4CCB-99EF-87ABA4A9E71E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E191074D-53B8-48F1-8B68-50171C4DA266}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{E20D1849-8856-4809-9109-08FA4451EB77}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{E29EDF43-418F-407B-9367-EA6D588279D4}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E638094A-FBC9-42EA-B5EB-EDBA4CF069E5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EEB8FC3D-1CC6-4B53-B18A-9B7474D27687}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F299D18B-B26A-41EC-A4E6-231737197F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F41747A0-6E6F-4EA9-98E6-9692A9519E9B}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F67B43AA-B87B-419A-A817-2EB0686487DF}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{FB2F8A28-4633-4356-B166-789F2688E4F7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FD0FF6D1-FF66-4372-A9E4-BAB7C4B7ADF8}" = dir=out | name=getting started with windows 8 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 305.29
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 305.29
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = Broadcom Bluetooth Software
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89505A66-35F0-4401-B3AD-D077051F8698}" = Qtrax Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP Keyboard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"eSafeSecControl" = eSafe Security Control 1.0.0.2359
"Google Chrome" = Google Chrome
"GVU Technologies" = GVU Technologies
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"lyricskid@mpytsoft.net" = Lyrics Kid
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.6
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-010e2aa5-5ef3-473e-a387-71258be2cc03" = Farm Frenzy
"WTA-1a5a99db-be38-45da-b167-dc18c3cc1f2a" = Polar Bowler
"WTA-2476e69c-de79-4b54-b339-1913db583333" = Bejeweled 3
"WTA-2a29f938-511b-441f-93fe-d183da8f0a92" = Hoyle Card Games
"WTA-5158af4b-42ae-42d3-896f-2f38961735c2" = FlatOut 2
"WTA-5478bf24-6f0b-487e-beb0-d48771e4c4fc" = 4 Elements II
"WTA-58b0428f-c0d3-4849-b163-89318874df15" = Peggle Nights
"WTA-5ef6f4f9-b42c-4c42-acae-e5c40746eb12" = Governor of Poker 2 Premium Edition
"WTA-741173f5-140d-44aa-830d-e74e08041ff8" = John Deere Drive Green
"WTA-7bc25f62-471b-4880-ab1e-7fbf94a32dd9" = 7 Wonders II
"WTA-7c2d513c-1369-4822-9834-574f3795b084" = Trinklit Supreme
"WTA-8133a702-6112-4a96-871a-e8384101ae7a" = Build-a-lot 4 - Power Source
"WTA-87d14cde-35b5-4f79-8f99-b64f570ce08d" = Letters from Nowhere 2
"WTA-8d1953df-1a7a-4169-a659-6cd29cfba6cf" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-91f54655-e994-4ece-b5eb-9c539fbea55a" = Polar Golfer
"WTA-933282ee-08db-48d1-9d8d-17382d0f41a1" = Zuma's Revenge
"WTA-93408cd5-404b-4111-849e-49c8de76c427" = Aloha TriPeaks
"WTA-9738927b-8a20-4ff8-b394-9145bb1a3bee" = Cradle of Rome 2
"WTA-9ad4fb27-85fc-4614-adda-aaa0754e017b" = Jewel Match 3
"WTA-a9feea94-18f4-4e16-ae2a-eac73e1ee7b9" = Penguins!
"WTA-b2fb6990-54b1-41e0-936d-9e6a6ce1a483" = Roads of Rome 3
"WTA-c1539311-c5a2-4ccf-823b-259d4e132953" = Final Drive Fury
"WTA-d15b2e86-422c-40b2-b049-1eb358260289" = Crazy Chicken Soccer
"WTA-d546a59c-4872-40e0-b601-f8dd4e062159" = Chuzzle Deluxe
"WTA-f63d4e2d-ed33-4fbc-878c-bc8e3105f6fb" = The Treasures of Mystery Island: The Ghost Ship
"WTA-fdcafa0d-a253-4535-aeca-8a8a99b529a4" = Luxor Evolved

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2044549685.portal.qtrax.com" = Qtrax Player

< End of report >

No problems with executing instructions

mwizz
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby wannabeageek » June 13th, 2013, 11:56 pm

Hi mwizz,

Are you still experiencing "pop-ups"?

Can you tell me which web browser(s) you were using when you experienced "pop-ups"?
I have popup malware on my computer and hoping that someone can help me.

Have you experienced any redirected web page searches?


Please download SystemLook from one of the links below and save it to your Desktop.
For 64 bit Systems:
Download Mirror #1
Download Mirror #2

  • Right click on SystemLook.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Answer to my questions
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby mwizz » June 14th, 2013, 5:48 am

Hi, Yes I am still experiencing popups.

I mainly use Mozilla Firefox but also use Google Chrome. Google Chrome also keeps showing me a hxxp://www.portaldosites.com/ web page which I am finding difficult to get rid of.

I am not experiencing any redirections but I do notice that when I go into a web page there will be a few random words that are hyperlinked and when I put the cursor over them a popup appears

Contents of SystemLook below:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:14 on 14/06/2013 by Mark
Administrator - Elevation successful

No Context: :filefind

No Context: *Bandoo*

No Context: *Community*

No Context: *Conduit*

No Context: *datamngr*

No Context: *Fun4IM*

No Context: *iLivid*

No Context: *IObit*

No Context: *Iminent*

No Context: *Searchqu*

No Context: *Searchnu*

No Context: *Tarma*

No Context: *trolltech*

No Context: *vshare*

No Context: *whitesmoke*

No Context: *Yontoo*

No Context: :folderfind

No Context: *Bandoo*

No Context: *Community*

No Context: *Conduit*

No Context: *datamngr*

No Context: *Fun4IM*

No Context: *iLivid*

No Context: *IObit*

No Context: *Iminent*

No Context: *Searchqu*

No Context: *Searchnu*

No Context: *Tarma*

No Context: *trolltech*

No Context: *vshare*

No Context: *whitesmoke*

No Context: *Yontoo*

No Context: :Regfind

No Context: Bandoo

No Context: Community

No Context: Conduit

No Context: datamngr

No Context: Fun4IM

No Context: iLivid

No Context: IObit

No Context: Iminent

No Context: Searchqu

No Context: Searchnu

No Context: Tarma

No Context: trolltech

No Context: vshare

No Context: whitesmoke

No Context: Yontoo

-= EOF =-

No problem in executing instructions
Last edited by Cypher on June 14th, 2013, 5:57 am, edited 1 time in total.
Reason: Disabled potentially malicious link
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby wannabeageek » June 14th, 2013, 3:27 pm

Hi mwizz,

Please repost the complete systemlook.txt log in it's entire unedited format.

It will be in the following format:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:18 on 14/06/2013 by Wannabeageek
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby mwizz » June 15th, 2013, 2:07 am

I have run system look again and the only file that I get is what I posted above. It is a text file that is on the desktop and I have posted the entire content. I cannot find any other information in the text file. It only took about 2 seconds to appear after I selected "look" but I let it go to see if anything else appeared but that was it.
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby wannabeageek » June 15th, 2013, 11:36 pm

Hi mwizz,

Please run Systemlook again only don't use the "Select all" hot link to copy.
Start at the bottom of the code box and click to drag the text to copy.
It seems that the hot link for coping is adding tab spaces to each line of the text causing the erroneous report.
I have reported the problem to the system admin for further investigation.

  • Right click on SystemLook.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby mwizz » June 16th, 2013, 1:44 am

Thanks for the clarification. systemlook log below:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:53 on 16/06/2013 by Mark
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
No files found.

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [03:13 06/12/2012] [03:13 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\OFFOPTIN_YOUTUBE]
"Description"="The largest worldwide video-sharing community!"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1004\Software\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\OFFOPTIN_YOUTUBE]
"Description"="The largest worldwide video-sharing community!"
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1007\Software\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\OFFOPTIN_YOUTUBE]
"Description"="The largest worldwide video-sharing community!"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "datamngr"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{290A71BB-174F-591E-B6C0-08FB5965E240}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
@="IUccUserSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{54562FBC-5A84-4461-8BC9-590737E5DE13}]
@="IUccUserSearchQueryEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
@="_IUccUserSearchQueryEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1004\Software\Classes\ActivatableClasses\CLSID\{290A71BB-174F-591E-B6C0-08FB5965E240}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1004\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1004_Classes\ActivatableClasses\CLSID\{290A71BB-174F-591E-B6C0-08FB5965E240}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1004_Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1007\Software\Classes\ActivatableClasses\CLSID\{290A71BB-174F-591E-B6C0-08FB5965E240}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1007\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1007_Classes\ActivatableClasses\CLSID\{290A71BB-174F-591E-B6C0-08FB5965E240}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-1829102027-1664496337-1714098150-1007_Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]

Searching for "Searchnu"
No data found.

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]

Searching for "trolltech"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware