Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popup Malware on my computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Popup Malware on my computer

Unread postby wannabeageek » June 18th, 2013, 12:21 am

Hi mwizz,

Sorry for the long delay.
I mainly use Mozilla Firefox but also use Google Chrome. Google Chrome also keeps showing me a hxxp://www.portaldosites.com/ web page which I am finding difficult to get rid of.

This should take care of the Internet Explorer searches. Chrome may need to be uninstalled and then reinstalled to fix as there is no reset button for it like Internet Explorer has.

The "select all" bug for the code box has been fixed. If you do a hard refresh of the page, "CTRL F5" it should work normally.

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=3407939
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=3407939
    IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    [2013/05/31 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step 3.
Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.


Please include in your next reply:
  1. Contents of OTX.txt log
  2. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
  3. Contents of checkup.txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Re: Popup Malware on my computer

Unread postby mwizz » June 18th, 2013, 9:08 am

OTL Log part 1

OTL logfile created on: 18/06/2013 10:32:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

15.94 Gb Total Physical Memory | 13.92 Gb Available Physical Memory | 87.34% Memory free
18.19 Gb Paging File | 15.92 Gb Available in Paging File | 87.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 2773.64 Gb Total Space | 2682.15 Gb Free Space | 96.70% Space Free | Partition Type: NTFS
Drive D: | 19.40 Gb Total Space | 2.42 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 92.15 Gb Free Space | 19.79% Space Free | Partition Type: NTFS

Computer Name: STUDYPC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 19:34:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2013/06/12 03:40:07 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/31 20:48:11 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/05/31 20:45:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/31 20:45:46 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/05/30 18:51:22 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/29 11:10:32 | 001,072,664 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/05/12 07:56:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/18 18:21:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 18:20:08 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 18:16:54 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 18:15:15 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/14 06:25:12 | 002,101,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
PRC - [2012/06/08 13:04:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/12/15 06:28:36 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
PRC - [2010/07/24 03:18:06 | 000,557,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/12 03:40:07 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/12 07:56:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/09 04:04:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 13:04:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2009/02/20 09:52:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/04 16:28:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 16:27:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 14:18:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 12:15:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 12:15:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/29 11:27:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/10 08:53:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 08:52:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 18:40:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 16:01:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/10 18:04:09 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/07/30 17:07:00 | 000,953,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/07/27 03:09:28 | 002,252,600 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2012/07/26 13:00:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 12:37:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 12:37:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 12:37:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 12:37:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 12:36:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 12:36:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 12:36:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 12:35:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 12:35:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 12:35:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 12:35:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 12:35:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 09:54:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/21 06:46:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/06/12 03:40:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/31 20:48:11 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/05/31 20:45:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/29 11:10:32 | 001,072,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/05/12 07:56:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/30 02:32:16 | 000,035,232 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/08/16 05:59:52 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/26 13:00:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 12:50:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 12:48:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 12:47:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 18:21:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 18:20:08 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 18:16:54 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/18 18:15:15 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/17 02:59:40 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/10/13 03:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/03 19:32:31 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/31 20:49:22 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/05/31 20:49:22 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/05/31 20:49:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/05/04 17:04:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 17:04:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/04 17:04:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 20:27:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/03/02 20:27:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 20:15:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 20:15:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 20:09:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/02 16:55:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/29 11:27:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/29 08:38:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/10 11:23:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 13:25:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 14:24:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 13:25:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 17:38:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 16:55:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 16:43:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 17:25:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 17:25:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 17:25:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/12 07:54:27 | 006,824,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 18:04:52 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/03 18:20:13 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/28 01:18:26 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/07/27 07:26:48 | 000,156,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/07/27 03:09:24 | 000,164,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/07/27 03:09:22 | 000,186,680 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/07/27 03:09:20 | 000,212,792 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/07/27 03:09:16 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/07/26 14:56:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 14:56:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 14:30:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 14:30:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 14:30:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 14:30:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 14:30:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 14:30:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 14:30:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 14:30:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 14:30:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 14:30:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 14:30:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 14:30:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 14:30:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 14:30:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 14:30:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 14:27:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 14:24:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 14:23:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 12:47:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 11:59:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 11:59:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 11:59:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 11:59:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 11:58:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 11:57:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 11:57:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 11:57:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 11:57:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 11:57:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 11:57:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 11:57:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 11:56:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 11:56:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 11:56:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 11:56:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 11:55:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 11:55:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 11:55:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 11:55:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 11:55:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 11:53:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 11:53:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/26 10:01:28 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/07/26 10:01:26 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/07/18 18:16:20 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/04 16:55:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/27 18:46:54 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/06/26 02:54:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/03 00:02:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/06/03 00:01:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?ut ... ts=3407939
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?ut ... ts=3407939
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/inde ... 51AC69F814
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.adelaidenow.com.au/"
FF - prefs.js..extensions.enabledAddons: lyricskid%40mpytsoft.net:1.114
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/03 19:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricskid@mpytsoft.net: C:\Program Files (x86)\LyricsKid\FF\ [2013/06/01 13:33:57 | 000,000,000 | ---D | M]

[2013/05/30 21:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2013/06/15 16:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bntj1sm8.default\extensions
[2013/05/30 21:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/30 21:09:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/01 13:33:57 | 000,000,000 | ---D | M] ("Lyrics Kid") -- C:\PROGRAM FILES (X86)\LYRICSKID\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://securedsearch2.lavasoft.com/inde ... 51AC69F814
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - Extension: Google Docs = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Lyrics Kid = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjdicogloiccgiandeocgphindanplc\1.114_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 14:56:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lyrics Kid) - {BA146CF5-1875-4EA8-AAEA-A90142FC2EC9} - C:\Program Files (x86)\LyricsKid\lkid.dll (MPYT Software)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe (Hewlett-Packard)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (Hewlett-Packard)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DAEF880-29E2-4B5A-AF4F-F345B1B8CFF6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D89C42DA-19E8-4186-AE96-88F8206B9154}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/12 18:55:05 | 000,000,033 | -HS- | M] () - J:\AUTORUN.FCB -- [ NTFS ]
O33 - MountPoints2\{13db480a-9fc5-11e2-be6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13db480a-9fc5-11e2-be6e-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\autorun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 18th, 2013, 9:08 am

OTL Log part 2

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 16:16:11 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\autochk.exe
[2013/06/15 16:16:11 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\untfs.dll
[2013/06/15 16:16:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\untfs.dll
[2013/06/15 16:16:10 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/06/15 16:16:10 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/06/15 16:16:10 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\autochk.exe
[2013/06/15 16:16:07 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013/06/15 16:16:05 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013/06/15 16:16:05 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2013/06/15 16:16:04 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/06/15 16:16:02 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/06/15 16:16:02 | 002,305,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/06/15 16:16:02 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/06/15 16:16:02 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/06/15 16:16:02 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll
[2013/06/15 16:16:02 | 000,446,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2013/06/15 16:16:02 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2013/06/15 16:16:02 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysWow64\rars.rs
[2013/06/15 16:16:02 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysNative\rars.rs
[2013/06/15 16:16:01 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/06/15 16:16:01 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Magnify.exe
[2013/06/15 16:16:01 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Magnify.exe
[2013/06/15 16:16:01 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll
[2013/06/15 16:16:01 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2013/06/15 16:16:01 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll
[2013/06/15 16:16:01 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll
[2013/06/15 16:16:01 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2013/06/15 16:16:01 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl
[2013/06/15 16:16:01 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2013/06/15 16:16:01 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl
[2013/06/15 16:16:01 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BCP47Langs.dll
[2013/06/15 16:16:01 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\stobject.dll
[2013/06/15 16:16:01 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BCP47Langs.dll
[2013/06/15 16:16:01 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys
[2013/06/15 16:16:01 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2013/06/15 16:16:01 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll
[2013/06/15 16:16:01 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/06/15 16:16:01 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bisrv.dll
[2013/06/15 16:16:01 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/06/15 16:16:01 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netplwiz.dll
[2013/06/15 16:16:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netplwiz.dll
[2013/06/15 16:16:01 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/06/15 16:16:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2013/06/15 16:16:01 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\biwinrt.dll
[2013/06/15 16:16:01 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AuthHost.exe
[2013/06/15 16:16:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/06/15 16:16:01 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psmsrv.dll
[2013/06/15 16:16:01 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\biwinrt.dll
[2013/06/15 16:16:01 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2013/06/15 16:16:01 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/06/15 16:16:01 | 000,058,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/06/15 16:16:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/06/15 16:16:00 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2013/06/15 16:16:00 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\muifontsetup.dll
[2013/06/15 16:15:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\muifontsetup.dll
[2013/06/12 19:34:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/06/12 19:30:09 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/06/12 19:30:04 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/12 19:27:09 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Mark\Desktop\JRT.exe
[2013/06/12 09:08:32 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/06/12 09:08:32 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/12 09:08:32 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/12 09:08:32 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/06/12 09:08:31 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/12 09:08:30 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/06/12 09:08:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/06/12 09:08:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/06/12 09:08:13 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/06/12 09:08:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/06/12 09:08:13 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/06/12 09:08:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/06/12 09:08:12 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/06/12 09:08:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013/06/12 09:08:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013/06/10 20:46:07 | 002,155,688 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysNative\Incinerator64.dll
[2013/06/09 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\WildTangent
[2013/06/05 21:08:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2013/06/05 21:08:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/06/05 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/05 21:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/05 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/05 21:08:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Programs
[2013/06/05 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Custom Office Templates
[2013/06/03 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\LavasoftStatistics
[2013/06/03 19:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/06/03 19:32:32 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/06/02 20:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/06/02 20:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/02 20:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/06/02 14:39:53 | 002,097,472 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysWow64\Incinerator32.dll
[2013/06/02 14:39:53 | 000,082,160 | ---- | C] (Raxco Software, Inc.) -- C:\windows\SysNative\drivers\PDFsFilter.sys
[2013/06/02 14:39:53 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\offreg.dll
[2013/06/02 14:39:53 | 000,057,584 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysNative\iolobtdfg.exe
[2013/06/02 14:39:53 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\offreg.dll
[2013/06/02 14:39:53 | 000,026,184 | ---- | C] (iolo technologies, LLC) -- C:\windows\SysNative\smrgdf.exe
[2013/06/02 14:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
[2013/06/02 14:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2013/06/02 14:07:26 | 000,030,752 | ---- | C] (EldoS Corporation) -- C:\windows\SysNative\drivers\ElRawDsk.sys
[2013/06/02 14:06:52 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\iolo
[2013/06/02 14:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/06/01 13:45:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\vlc
[2013/06/01 13:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/01 13:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/06/01 13:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/06/01 13:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsKid
[2013/05/31 22:23:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Macromedia
[2013/05/31 21:51:20 | 000,087,392 | ---- | C] (Twain Working Group) -- C:\windows\twain.dll
[2013/05/31 21:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/05/31 21:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/05/31 21:49:52 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\windows\IsUninst.exe
[2013/05/31 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/31 21:43:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe
[2013/05/31 20:55:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Avira
[2013/05/31 20:53:30 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013/05/31 20:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/05/31 20:50:04 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/05/31 20:50:04 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/05/31 20:50:04 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/05/31 20:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/05/31 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/05/31 17:59:57 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetsrc.dll
[2013/05/31 17:59:57 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll
[2013/05/31 17:59:57 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetcore.dll
[2013/05/31 17:59:57 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmpeg2srcsnk.dll
[2013/05/31 17:59:57 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2013/05/31 17:59:57 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll
[2013/05/31 17:59:48 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dskquota.dll
[2013/05/31 17:59:48 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dskquota.dll
[2013/05/31 17:59:40 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hal.dll
[2013/05/30 22:13:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Identities
[2013/05/30 21:38:01 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2013/05/30 21:38:00 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/05/30 21:38:00 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/05/30 21:38:00 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2013/05/30 21:38:00 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Immersive.dll
[2013/05/30 21:37:59 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/05/30 21:37:59 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Immersive.dll
[2013/05/30 21:37:59 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfplat.dll
[2013/05/30 21:37:59 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SHCore.dll
[2013/05/30 21:37:59 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StructuredQuery.dll
[2013/05/30 21:37:57 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usercpl.dll
[2013/05/30 21:37:57 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfplat.dll
[2013/05/30 21:37:57 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2013/05/30 21:37:57 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SHCore.dll
[2013/05/30 21:37:57 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2013/05/30 21:37:57 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/05/30 21:37:57 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Storage.Compression.dll
[2013/05/30 21:37:56 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usercpl.dll
[2013/05/30 21:37:56 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SpaceControl.dll
[2013/05/30 21:37:56 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2013/05/30 21:37:56 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2013/05/30 21:37:56 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys
[2013/05/30 21:37:55 | 001,636,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMALFXGFXDSP.dll
[2013/05/30 21:37:55 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\input.dll
[2013/05/30 21:37:55 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\input.dll
[2013/05/30 21:37:55 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Storage.Compression.dll
[2013/05/30 21:37:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2013/05/30 21:37:55 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdstor.sys
[2013/05/30 21:37:55 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\microsoft-windows-pdc.dll
[2013/05/30 21:37:55 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys
[2013/05/30 21:37:54 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FirewallAPI.dll
[2013/05/30 21:37:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PCPKsp.dll
[2013/05/30 21:37:53 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/05/30 21:37:53 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SysFxUI.dll
[2013/05/30 21:37:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppxSip.dll
[2013/05/30 21:37:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2013/05/30 21:37:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icfupgd.dll
[2013/05/30 21:37:53 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppxSip.dll
[2013/05/30 21:37:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PCPKsp.dll
[2013/05/30 21:37:53 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BdeUISrv.exe
[2013/05/30 21:37:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfapigp.dll
[2013/05/30 21:37:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfapigp.dll
[2013/05/30 21:37:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kbdhebl3.dll
[2013/05/30 21:37:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\kbdhebl3.dll
[2013/05/30 21:32:49 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/05/30 21:32:47 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013/05/30 21:32:46 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013/05/30 21:32:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL
[2013/05/30 21:32:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL
[2013/05/30 21:32:41 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2013/05/30 21:32:40 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storagewmi.dll
[2013/05/30 21:32:40 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Taskmgr.exe
[2013/05/30 21:32:40 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Taskmgr.exe
[2013/05/30 21:32:40 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WebcamUi.dll
[2013/05/30 21:32:40 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WebcamUi.dll
[2013/05/30 21:32:40 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UserLanguagesCpl.dll
[2013/05/30 21:32:40 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnapps.dll
[2013/05/30 21:32:39 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\storagewmi.dll
[2013/05/30 21:32:39 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2013/05/30 21:32:39 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2013/05/30 21:32:39 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/05/30 21:32:39 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/05/30 21:32:39 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserLanguagesCpl.dll
[2013/05/30 21:32:39 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/05/30 21:32:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/05/30 21:32:39 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2013/05/30 21:32:39 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/05/30 21:32:39 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wpnapps.dll
[2013/05/30 21:32:39 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vds_ps.dll
[2013/05/30 21:32:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vds_ps.dll
[2013/05/30 21:32:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rfxvmt.dll
[2013/05/30 21:32:39 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2013/05/30 21:32:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsldr.exe
[2013/05/30 21:32:37 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2013/05/30 21:32:37 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2013/05/30 21:32:37 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/05/30 21:32:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/05/30 21:32:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/05/30 21:32:37 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/05/30 21:31:27 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\glcndFilter.dll
[2013/05/30 21:31:23 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\glcndFilter.dll
[2013/05/30 21:31:23 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2013/05/30 21:31:21 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2013/05/30 21:31:21 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/05/30 21:31:20 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll
[2013/05/30 21:31:20 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013/05/30 21:31:19 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\windows\HelpPane.exe
[2013/05/30 21:31:18 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanapi.dll
[2013/05/30 21:31:18 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dafWCN.dll
[2013/05/30 21:31:17 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanmsm.dll
[2013/05/30 21:31:17 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlansec.dll
[2013/05/30 21:31:17 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanmsm.dll
[2013/05/30 21:31:17 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlansec.dll
[2013/05/30 21:31:17 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpclip.exe
[2013/05/30 21:31:17 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bthprops.cpl
[2013/05/30 21:31:17 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanapi.dll
[2013/05/30 21:31:17 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\bthprops.cpl
[2013/05/30 21:31:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFCaptureEngine.dll
[2013/05/30 21:31:17 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFCaptureEngine.dll
[2013/05/30 21:31:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnApi.dll
[2013/05/30 21:31:15 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WcnApi.dll
[2013/05/30 21:31:14 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fdWCN.dll
[2013/05/30 21:31:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfdprov.dll
[2013/05/30 21:31:14 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapPeerProxy.dll
[2013/05/30 21:31:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapAuthProxy.dll
[2013/05/30 21:31:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfdprov.dll
[2013/05/30 21:31:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fxppm.sys
[2013/05/30 21:31:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iscsilog.dll
[2013/05/30 21:31:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanhlp.dll
[2013/05/30 21:31:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanhlp.dll
[2013/05/30 21:31:00 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\newdev.dll
[2013/05/30 21:31:00 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\newdev.dll
[2013/05/30 21:31:00 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\newdev.exe
[2013/05/30 21:31:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ndadmin.exe
[2013/05/30 21:31:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\newdev.exe
[2013/05/30 21:31:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ndadmin.exe
[2013/05/30 21:30:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013/05/30 21:30:19 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSService.dll
[2013/05/30 21:30:15 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\evbda.sys
[2013/05/30 21:30:10 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WpcMon.exe
[2013/05/30 21:30:09 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/05/30 21:30:08 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSAT.exe
[2013/05/30 21:30:07 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vssapi.dll
[2013/05/30 21:30:07 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\bxvbda.sys
[2013/05/30 21:30:06 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RacEngn.dll
[2013/05/30 21:30:06 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.dll
[2013/05/30 21:30:05 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/05/30 21:30:05 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.Streaming.dll
[2013/05/30 21:30:05 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uDWM.dll
[2013/05/30 21:30:04 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\provcore.dll
[2013/05/30 21:30:04 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MMDevAPI.dll
[2013/05/30 21:30:03 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSATAPI.dll
[2013/05/30 21:30:02 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Streaming.dll
[2013/05/30 21:30:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apphelp.dll
[2013/05/30 21:30:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IPHLPAPI.DLL
[2013/05/30 21:30:01 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\combase.dll
[2013/05/30 21:30:01 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinTypes.dll
[2013/05/30 21:30:01 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fveapi.dll
[2013/05/30 21:30:01 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsSpellCheckingFacility.dll
[2013/05/30 21:30:01 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll
[2013/05/30 21:30:01 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskeng.exe
[2013/05/30 21:30:01 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWAHost.exe
[2013/05/30 21:30:01 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidcredprov.dll
[2013/05/30 21:30:01 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFPlay.dll
[2013/05/30 21:30:00 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\propsys.dll
[2013/05/30 21:30:00 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfsrcsnk.dll
[2013/05/30 21:30:00 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VAN.dll
[2013/05/30 21:30:00 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfsvr.dll
[2013/05/30 21:30:00 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/05/30 21:30:00 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinSATAPI.dll
[2013/05/30 21:30:00 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnprv.dll
[2013/05/30 21:30:00 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bcdsrv.dll
[2013/05/30 21:29:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appwiz.cpl
[2013/05/30 21:29:59 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\services.exe
[2013/05/30 21:29:59 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fveapibase.dll
[2013/05/30 21:29:59 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSClient.dll
[2013/05/30 21:29:59 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSSync.dll
[2013/05/30 21:29:59 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSClient.dll
[2013/05/30 21:29:58 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RacEngn.dll
[2013/05/30 21:29:58 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\appwiz.cpl
[2013/05/30 21:29:58 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\provcore.dll
[2013/05/30 21:29:58 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinapi.dll
[2013/05/30 21:29:58 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWAHost.exe
[2013/05/30 21:29:58 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvproc.dll
[2013/05/30 21:29:58 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ProximityService.dll
[2013/05/30 21:29:58 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFPlay.dll
[2013/05/30 21:29:58 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSSync.dll
[2013/05/30 21:29:58 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpioclx.sys
[2013/05/30 21:29:58 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PackageStateRoaming.dll
[2013/05/30 21:29:58 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TpmTasks.dll
[2013/05/30 21:29:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PackageStateRoaming.dll
[2013/05/30 21:29:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setbcdlocale.dll
[2013/05/30 21:29:58 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\avrt.dll
[2013/05/30 21:29:57 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\batmeter.dll
[2013/05/30 21:29:57 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\batmeter.dll
[2013/05/30 21:29:57 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\combase.dll
[2013/05/30 21:29:57 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VAN.dll
[2013/05/30 21:29:57 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinTypes.dll
[2013/05/30 21:29:57 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfsrcsnk.dll
[2013/05/30 21:29:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfsvr.dll
[2013/05/30 21:29:57 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlidcredprov.dll
[2013/05/30 21:29:57 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\microsoft-windows-kernel-power-events.dll
[2013/05/30 21:29:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncHost.exe
[2013/05/30 21:29:57 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpfve.sys
[2013/05/30 21:29:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfdisk.dll
[2013/05/30 21:29:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfdisk.dll
[2013/05/30 21:29:57 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe
[2013/05/30 21:29:56 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/05/30 21:29:56 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\user32.dll
[2013/05/30 21:29:56 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinapi.dll
[2013/05/30 21:29:56 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpksetup.exe
[2013/05/30 21:29:56 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/05/30 21:29:56 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfh264enc.dll
[2013/05/30 21:29:56 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfh264enc.dll
[2013/05/30 21:29:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvproc.dll
[2013/05/30 21:29:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/05/30 21:29:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DAFWSD.dll
[2013/05/30 21:29:56 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevPropMgr.dll
[2013/05/30 21:29:56 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwm.exe
[2013/05/30 21:29:56 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvinst.exe
[2013/05/30 21:29:56 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncHost.exe
[2013/05/30 21:29:56 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2013/05/30 21:29:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfnet.dll
[2013/05/30 21:29:56 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfnet.dll
[2013/05/30 21:29:55 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/05/30 21:29:55 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2013/05/30 21:29:55 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2013/05/30 21:29:55 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfos.dll
[2013/05/30 21:29:55 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/05/30 21:29:55 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpremove.exe
[2013/05/30 21:29:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vsstrace.dll
[2013/05/30 21:29:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sdbinst.exe
[2013/05/30 21:29:55 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sdbinst.exe
[2013/05/30 21:29:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfctrs.dll
[2013/05/30 21:29:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfctrs.dll
[2013/05/30 21:29:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perfproc.dll
[2013/05/30 21:29:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\LangCleanupSysprepAction.dll
[2013/05/30 21:29:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfproc.dll
[2013/05/30 21:29:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\perfos.dll
[2013/05/30 21:29:54 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/05/30 21:29:54 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\eventcls.dll
[2013/05/30 21:29:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\eventcls.dll
[2013/05/30 21:29:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MUILanguageCleanup.dll
[2013/05/30 21:29:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpksetupproxyserv.dll
[2013/05/30 21:29:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shimeng.dll
[2013/05/30 21:21:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apple Computer
[2013/05/30 21:21:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Apple Computer
[2013/05/30 21:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/30 21:21:21 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/30 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/30 21:21:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apple
[2013/05/30 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/05/30 21:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/05/30 21:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/05/30 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Downloaded Installations
[2013/05/30 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mozilla
[2013/05/30 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Mozilla
[2013/05/30 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/30 21:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/30 21:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/30 21:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/05/30 21:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/30 21:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/05/30 21:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/30 21:08:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\eIntaller
[2013/05/30 19:50:47 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/30 19:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Outlook Files
[2013/05/30 18:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/30 18:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/30 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Google
[2013/05/30 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Deployment
[2013/05/30 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apps
[2013/05/29 23:00:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Hewlett-Packard
[2013/05/29 22:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/05/29 22:21:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Macromedia
[2013/05/29 22:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/05/29 22:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/05/29 22:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/05/29 21:52:53 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mmc.exe
[2013/05/29 21:52:53 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidsvc.dll
[2013/05/29 21:52:53 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2013/05/29 21:52:52 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupapi.dll
[2013/05/29 21:52:52 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe
[2013/05/29 21:52:52 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013/05/29 21:52:52 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MP4SDECD.DLL
[2013/05/29 21:52:52 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll
[2013/05/29 21:52:52 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MP4SDECD.DLL
[2013/05/29 21:52:52 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.dll
[2013/05/29 21:52:52 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll
[2013/05/29 21:52:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDMon.dll
[2013/05/29 21:52:52 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncbservice.dll
[2013/05/29 21:52:52 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll
[2013/05/29 21:52:52 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxm.dll
[2013/05/29 21:52:52 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wiaacmgr.exe
[2013/05/29 21:52:52 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wiaacmgr.exe
[2013/05/29 21:52:52 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhsvc.dll
[2013/05/29 21:52:52 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpiowin32.sys
[2013/05/29 21:52:52 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhapi.dll
[2013/05/29 21:52:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxp.dll
[2013/05/29 21:52:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\keepaliveprovider.dll
[2013/05/29 21:52:32 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100_clr0400.dll
[2013/05/29 21:52:32 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcr100_clr0400.dll
[2013/05/29 21:51:58 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppobjs.dll
[2013/05/29 21:51:56 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/05/29 21:51:56 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/05/29 21:51:55 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/05/29 21:51:55 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll
[2013/05/29 21:51:55 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2013/05/29 21:51:55 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/05/29 21:51:55 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Globalization.dll
[2013/05/29 21:51:55 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/05/29 21:51:55 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/05/29 21:51:55 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/29 21:51:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcfgx.dll
[2013/05/29 21:51:55 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013/05/29 21:51:55 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2013/05/29 21:51:55 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll
[2013/05/29 21:51:55 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll
[2013/05/29 21:51:54 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2013/05/29 21:51:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll
[2013/05/29 21:51:54 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2013/05/29 21:51:54 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll
[2013/05/29 21:51:54 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/05/29 21:51:54 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcfgx.dll
[2013/05/29 21:51:54 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013/05/29 21:51:54 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/05/29 21:51:54 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll
[2013/05/29 21:51:53 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013/05/29 21:51:53 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsquirt.exe
[2013/05/29 21:51:53 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/05/29 21:51:53 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powercfg.cpl
[2013/05/29 21:51:53 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\discan.dll
[2013/05/29 21:51:53 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tpm.sys
[2013/05/29 21:51:53 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\powercfg.cpl
[2013/05/29 21:51:53 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncInfo.dll
[2013/05/29 21:51:53 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/05/29 21:51:53 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NdisImPlatform.dll
[2013/05/29 21:51:53 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncInfo.dll
[2013/05/29 21:51:53 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wushareduxresources.dll
[2013/05/29 21:51:53 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/05/29 21:51:53 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storahci.sys
[2013/05/29 21:51:53 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe
[2013/05/29 21:51:53 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDPrintProxy.DLL
[2013/05/29 21:51:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll
[2013/05/29 21:51:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/05/29 21:51:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/05/29 21:51:53 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll
[2013/05/29 21:51:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2013/05/29 21:51:53 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuaext.dll
[2013/05/29 21:50:05 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/05/29 21:50:05 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/05/29 21:50:04 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/05/29 21:50:04 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/05/29 21:50:03 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/05/29 21:50:02 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/05/29 21:50:02 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/05/29 21:50:01 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll
[2013/05/29 21:50:01 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll
[2013/05/29 21:50:00 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/05/29 21:50:00 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/05/29 21:50:00 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013/05/29 21:50:00 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2013/05/29 21:50:00 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2013/05/29 21:50:00 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/05/29 21:50:00 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/05/29 21:50:00 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/05/29 21:50:00 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/05/29 21:50:00 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll
[2013/05/29 21:50:00 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll
[2013/05/29 21:50:00 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2013/05/29 21:50:00 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll
[2013/05/29 21:49:59 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2013/05/29 21:49:59 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/05/29 21:49:59 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/05/29 21:49:59 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2013/05/29 21:49:59 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/05/29 21:49:59 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/05/29 21:49:59 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2013/05/29 21:49:59 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013/05/29 21:49:59 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll
[2013/05/29 21:49:59 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013/05/29 21:49:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/05/29 21:49:59 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013/05/29 21:49:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll
[2013/05/29 21:49:59 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll
[2013/05/29 21:49:59 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll
[2013/05/29 21:49:59 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rascfg.dll
[2013/05/29 21:49:59 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rascfg.dll
[2013/05/29 21:49:58 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2013/05/29 21:49:58 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/05/29 21:49:58 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll
[2013/05/29 21:49:58 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll
[2013/05/29 21:49:58 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll
[2013/05/29 21:49:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/05/29 21:49:58 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhcfg.dll
[2013/05/29 21:49:58 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013/05/29 21:49:58 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2013/05/29 21:49:58 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhcat.dll
[2013/05/29 21:49:58 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/05/29 21:49:58 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll
[2013/05/29 21:49:58 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2013/05/29 21:49:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2013/05/29 21:49:58 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll
[2013/05/29 21:49:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/05/29 21:49:58 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2013/05/29 21:49:58 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll
[2013/05/29 21:49:58 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll
[2013/05/29 21:49:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhmanagew.exe
[2013/05/29 21:49:58 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhshl.dll
[2013/05/29 21:49:58 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2013/05/29 21:49:58 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2013/05/29 21:49:58 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsvc.dll
[2013/05/29 21:49:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2013/05/29 21:49:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssitlb.dll
[2013/05/29 21:49:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2013/05/29 21:49:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssitlb.dll
[2013/05/29 21:49:58 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll
[2013/05/29 21:49:58 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsrchapi.dll
[2013/05/29 21:49:58 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll
[2013/05/29 21:49:58 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rasdiag.dll
[2013/05/29 21:49:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhevents.dll
[2013/05/29 21:49:58 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2013/05/29 21:49:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsrchph.dll
[2013/05/29 21:49:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/05/29 21:49:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhlisten.dll
[2013/05/29 21:49:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhautoplay.dll
[2013/05/29 21:49:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ndptsp.tsp
[2013/05/29 21:49:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rasdiag.dll
[2013/05/29 21:49:58 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhcleanup.dll
[2013/05/29 21:49:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ndptsp.tsp
[2013/05/29 21:49:58 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll
[2013/05/29 21:49:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2013/05/29 21:49:58 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kmddsp.tsp
[2013/05/29 21:49:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rasmxs.dll
[2013/05/29 21:49:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll
[2013/05/29 21:49:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidi2c.sys
[2013/05/29 21:49:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\kmddsp.tsp
[2013/05/29 21:49:58 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhtask.dll
[2013/05/29 21:49:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rasmxs.dll
[2013/05/29 21:49:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rasser.dll
[2013/05/29 21:49:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rasser.dll
[2013/05/29 21:49:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhsvcctl.dll
[2013/05/29 21:49:58 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll
[2013/05/29 21:49:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll
[2013/05/29 21:49:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\spwmp.dll
[2013/05/29 21:49:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\spwmp.dll
[2013/05/29 21:49:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdxm.ocx
[2013/05/29 21:49:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxmasf.dll
[2013/05/29 21:49:58 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msdxm.ocx
[2013/05/29 21:49:58 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dxmasf.dll
[2013/05/29 21:49:57 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2013/05/29 21:46:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2013/05/29 21:46:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncryptsslp.dll
[2013/05/29 21:46:55 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2013/05/29 21:46:55 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncryptsslp.dll
[2013/05/29 21:46:41 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/05/29 21:46:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/05/29 21:46:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/05/29 21:46:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/05/29 21:46:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/05/29 21:46:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/05/29 21:45:18 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2013/05/29 21:45:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/05/29 21:45:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appserverai.dll
[2013/05/29 21:45:18 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2013/05/29 21:45:18 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RDWebAI.dll
[2013/05/29 21:45:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VmHostAI.dll
[2013/05/29 21:44:50 | 002,893,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/05/29 21:44:50 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/05/29 21:44:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgentc.exe
[2013/05/29 21:44:39 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll
[2013/05/29 21:44:39 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resetengmig.dll
[2013/05/29 21:44:39 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll
[2013/05/29 21:44:39 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2013/05/29 21:44:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysreset.exe
[2013/05/29 21:44:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgentc.exe
[2013/05/29 21:44:32 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll
[2013/05/29 21:44:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll
[2013/05/29 21:44:32 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll
[2013/05/29 21:44:32 | 000,488,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/05/29 21:44:32 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll
[2013/05/29 21:44:32 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll
[2013/05/29 21:44:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013/05/29 21:44:32 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll
[2013/05/29 21:44:32 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll
[2013/05/29 21:44:32 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll
[2013/05/29 21:44:32 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013/05/29 21:44:32 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/05/29 21:44:32 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013/05/29 21:44:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe
[2013/05/29 21:44:32 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe
[2013/05/29 21:44:32 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe
[2013/05/29 21:44:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe
[2013/05/29 21:44:32 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys
[2013/05/29 21:44:32 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/05/29 21:44:32 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthhfHid.sys
[2013/05/29 21:44:32 | 000,021,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/05/29 21:44:32 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BtaMPM.sys
[2013/05/29 21:44:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll
[2013/05/29 21:44:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll
[2013/05/29 21:44:15 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll
[2013/05/29 21:44:14 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll
[2013/05/29 21:44:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/05/29 21:44:09 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/05/29 21:44:09 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/05/29 21:44:06 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/05/29 21:44:04 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013/05/29 21:44:04 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013/05/29 21:44:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcadm.dll
[2013/05/29 21:44:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcalua.exe
[2013/05/29 21:44:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcaevts.dll
[2013/05/29 21:43:59 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2013/05/29 21:43:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2013/05/29 21:43:59 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/05/29 21:43:59 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/05/29 21:43:59 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2013/05/29 21:43:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2013/05/29 21:43:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnathlp.dll
[2013/05/29 21:43:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnathlp.dll
[2013/05/29 21:43:59 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/05/29 21:43:59 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/05/29 21:43:59 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnsvr.exe
[2013/05/29 21:43:59 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnsvr.exe
[2013/05/29 21:43:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2013/05/29 21:43:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhupnp.dll
[2013/05/29 21:43:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhpast.dll
[2013/05/29 21:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhupnp.dll
[2013/05/29 21:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhpast.dll
[2013/05/29 21:43:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnlobby.dll
[2013/05/29 21:43:59 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnaddr.dll
[2013/05/29 21:43:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2013/05/29 21:43:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnlobby.dll
[2013/05/29 21:43:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnaddr.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2013/05/29 21:43:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2013/05/29 21:43:54 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/05/29 21:43:54 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/05/29 21:38:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Broadcom
[2013/05/29 21:38:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Bluetooth Exchange Folder
[2013/05/29 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Power2Go8
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\Searches
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\Contacts
[2013/05/29 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/29 21:38:21 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/29 21:38:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Adobe
[2013/05/29 21:37:36 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\assembly
[2013/05/29 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Hewlett-Packard
[2013/05/29 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VirtualStore
[2013/05/29 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Packages
[2013/05/29 21:36:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Temporary Internet Files
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Templates
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Start Menu
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\SendTo
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Recent
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\PrintHood
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\NetHood
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Videos
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Pictures
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Music
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\My Documents
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Local Settings
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\History
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Cookies
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Application Data
[2013/05/29 21:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Application Data
[2013/05/29 21:36:19 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/29 21:36:19 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/05/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
[2013/05/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft
[2013/05/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/29 21:36:18 | 000,000,000 | --SD | C] -- C:\Users\Mark\AppData\Roaming\Microsoft
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Videos
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Saved Games
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Pictures
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Music
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Links
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Favorites
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Downloads
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Documents
[2013/05/29 21:36:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Desktop
[2013/05/29 21:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Documents\hp.system.package.metadata
[2013/05/29 21:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Documents\hp.applications.package.appdata
[2013/05/29 21:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData
[2013/05/29 21:32:29 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2013/06/18 21:56:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/18 21:40:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/18 18:56:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/18 18:43:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/18 17:05:46 | 000,888,630 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/18 17:05:46 | 000,738,070 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/18 17:05:46 | 000,159,454 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/18 17:02:22 | 000,000,396 | ---- | M] () -- C:\windows\tasks\Lyrics Kid Update.job
[2013/06/18 17:02:17 | 000,000,428 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/06/18 17:01:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/06/18 17:00:59 | 808,591,357 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/14 19:13:32 | 000,165,376 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook_x64.exe
[2013/06/12 20:04:34 | 000,884,988 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/06/12 19:34:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/06/12 19:27:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Mark\Desktop\JRT.exe
[2013/06/10 20:46:07 | 000,002,225 | ---- | M] () -- C:\Users\Mark\Desktop\System Mechanic.lnk
[2013/06/10 15:46:07 | 000,025,088 | ---- | M] () -- C:\Users\Mark\Desktop\codecheck.exe
[2013/06/05 21:08:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 07:39:22 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/06/05 07:39:22 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/03 19:32:31 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/06/02 23:36:34 | 000,001,356 | ---- | M] () -- C:\windows\wininit.ini
[2013/06/02 20:50:37 | 000,001,288 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/06/02 20:50:37 | 000,001,264 | ---- | M] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2013/06/02 18:40:39 | 000,000,406 | ---- | M] () -- C:\windows\SysNative\ioloBootDefrag.cfg
[2013/06/02 14:06:52 | 000,074,703 | ---- | M] () -- C:\windows\SysWow64\mfc45.dat
[2013/05/31 21:51:39 | 000,001,132 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2013/05/31 21:51:38 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 2.0.lnk
[2013/05/31 20:53:29 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013/05/31 20:50:08 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/31 20:49:22 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/05/31 20:49:22 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/05/31 20:49:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/05/31 08:54:29 | 001,257,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/05/31 03:18:05 | 000,002,511 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/30 22:59:15 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/30 21:21:23 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/30 21:09:45 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/30 21:09:08 | 000,001,668 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/30 19:45:44 | 000,001,054 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/29 21:37:58 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:58 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:40 | 000,000,141 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/29 21:30:35 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/05/29 11:28:40 | 000,057,584 | ---- | M] (iolo technologies, LLC) -- C:\windows\SysNative\iolobtdfg.exe
[2013/05/29 11:28:30 | 000,026,184 | ---- | M] (iolo technologies, LLC) -- C:\windows\SysNative\smrgdf.exe
[2013/05/29 11:12:36 | 002,155,688 | ---- | M] (iolo technologies, LLC) -- C:\windows\SysNative\Incinerator64.dll
[2013/05/29 11:12:34 | 002,097,472 | ---- | M] (iolo technologies, LLC) -- C:\windows\SysWow64\Incinerator32.dll
[2013/05/24 08:31:46 | 001,300,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll

========== Files Created - No Company Name ==========

[2013/06/15 16:16:00 | 000,386,646 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/06/14 19:13:31 | 000,165,376 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook_x64.exe
[2013/06/10 15:46:07 | 000,025,088 | ---- | C] () -- C:\Users\Mark\Desktop\codecheck.exe
[2013/06/05 21:08:33 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/02 23:35:45 | 000,001,356 | ---- | C] () -- C:\windows\wininit.ini
[2013/06/02 20:50:37 | 000,001,288 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/06/02 20:50:37 | 000,001,264 | ---- | C] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2013/06/02 18:40:39 | 000,000,406 | ---- | C] () -- C:\windows\SysNative\ioloBootDefrag.cfg
[2013/06/02 14:39:54 | 000,002,225 | ---- | C] () -- C:\Users\Mark\Desktop\System Mechanic.lnk
[2013/06/02 14:06:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/06/01 13:44:01 | 000,000,428 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/06/01 13:33:57 | 000,000,396 | ---- | C] () -- C:\windows\tasks\Lyrics Kid Update.job
[2013/05/31 21:51:39 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2013/05/31 21:51:38 | 000,001,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2013/05/31 21:51:38 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 2.0.lnk
[2013/05/31 21:46:29 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/31 20:50:08 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/30 22:59:15 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/05/30 21:29:55 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
[2013/05/30 21:29:55 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/05/30 21:21:23 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/30 21:21:10 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/05/30 21:09:45 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/30 21:09:44 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/30 19:45:44 | 000,001,054 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/30 18:51:44 | 000,002,511 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/30 18:51:24 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 18:51:23 | 000,000,906 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 22:21:02 | 000,001,668 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/29 21:38:19 | 000,001,674 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/29 21:38:04 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/05/29 21:37:58 | 000,000,000 | RHS- | C] () -- C:\windows\SysWow64\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:58 | 000,000,000 | RHS- | C] () -- C:\windows\SysNative\drivers\103C_HP_cPC_h9-1320a_Y53316J_0U_Q4CE2410HVK_E12AP3RR8604_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.09_T120828_W8101-0_L409_M16324_J3001_7Intel_86A9_93.40_#120911_N19691091;14E44359_Z_G10DE124B_Ohp BD-RE BH38L.MRK
[2013/05/29 21:37:40 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/29 21:36:40 | 000,000,352 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/29 21:36:40 | 000,000,334 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/29 21:30:35 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/08/02 11:38:37 | 000,884,988 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/26 17:43:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 17:43:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 16:51:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/26 10:47:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/26 06:07:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/26 05:58:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/26 05:52:54 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2012/07/26 05:52:54 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2012/07/26 05:52:54 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2012/06/03 00:01:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/21 06:29:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/09/12 07:55:40 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 16:01:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 14:33:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 12:35:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 12:48:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 12:37:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< :commands >

< >

< :OTL >

< IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946 >
Invalid Switch: ?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946

< IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_sourc ... 1369913946 >
Invalid Switch: ?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946

< IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?ut ... ts=3407939 >

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946 >
Invalid Switch: ?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_sourc ... 1369913946 >
Invalid Switch: ?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946

< IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?ut ... ts=3407939 >

< IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_sourc ... 1369913946 >
Invalid Switch: ?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946

< [2013/05/31 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee >
Invalid Switch: 31 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

< >

< :reg >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer] >

< >

< :Commands >

< [EMPTYTEMP >

< End of report >
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 18th, 2013, 9:48 am

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5ad8433bfeff814a9aeda73d1fdd46df
# engine=14101
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-18 01:46:17
# local_time=2013-06-18 11:16:17 (+0930, Cen. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 63651 1566708 0 0
# compatibility_mode=5893 16776574 100 94 1731380 31071088 0 0
# scanned=99886
# found=2
# cleaned=0
# scan_time=1016
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 18th, 2013, 9:51 am

Results of screen317's Security Check version 0.99.64
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.224
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

No problems executing instructions

Computer still has popups
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby wannabeageek » June 18th, 2013, 9:22 pm

Hi mwizz,

I need you to rerun the OTL Fix. According to the output from OTL it appears that you clicked the Run Scan button and not the Run Fix button.
========== Custom Scans ==========



Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=3407939
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=3407939
    IE - HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3000DM001-9YN166_W1F13CD2&ts=1369913946
    [2013/05/31 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Image button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
Uninstall and then reinstall Google Chrome.
The reason for this is the issue with the site "portaldosites". There is no fix for Google Chrome other than this.

Remove Program(s)
  1. If you are at the Start screen, then Right-click in the screen's bottom-right corner. A circle with three lines in it with the text All Appswill pop up at the bottom of the screen. Left Click it and choose the Control Panel from the list of apps that will pop up. You will probably find it all the way to the right. You will probably need to use the scroll bar at the bottom of the screen to get to it. Once at the Control Panel continue the same way as you would if you came from the Desktop
  2. If you are at the Desktop then pull the mouse quickly to the right lower corner of the screen. The panel with a number of choices opens up. Click on settings and a list of Settings is shown. Select Control Panel.
  3. When the Control Panel appears, choose Programs and Features.
  4. Locate the following program:
    Google Chrome
  5. Click it to choose it and then give the permission to go ahead if the computer asks for it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  6. When the program(s) have been uninstalled... Close Control Panel.


Step 3.
DDS Scan
  1. Please download DDS ... by sUBs. Save it to your desktop. Alternate download link here.
    Disable any script blocking software you have running before running DDS.
  2. Please right mouse click dds.com and select "Run As Administrator". (File name will be different if alternate download used).
    If you are using DDS.com, a black window will open with some additional instructions and comments... There is no need to change the default settings.
  3. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  4. Please post both the DDS.txt and Attach.txt files in your next reply.


Please include in your next reply:
  1. Contents of OTX.txt log
  2. Contents of DDS.txt log
  3. Contents of Attach.txt log
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby mwizz » June 19th, 2013, 5:28 am

OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKU\S-1-5-21-1829102027-1664496337-1714098150-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
C:\ProgramData\McAfee\MCLOGS\SecurityScanner\McUicnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McUicnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt\McUicnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS folder moved successfully.
C:\ProgramData\McAfee folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alison
->Temp folder emptied: 697732 bytes
->Temporary Internet Files folder emptied: 12778338 bytes
->Flash cache emptied: 1606 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mark
->Temp folder emptied: 39161071 bytes
->Temporary Internet Files folder emptied: 41936143 bytes
->FireFox cache emptied: 113763375 bytes
->Google Chrome cache emptied: 382359883 bytes
->Flash cache emptied: 6349 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1417840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 899159 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 566.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06192013_185155

Files\Folders moved on Reboot...
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\windows\temp\fb_1928.lck not found!
C:\windows\temp\FireFly(20130618170136878).log moved successfully.
C:\windows\temp\integratedoffice.exe_c2ruidll(20130618170136878).log moved successfully.
C:\windows\temp\integratedoffice.exe_streamserver(20130618170138878).log moved successfully.
File move failed. C:\windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\windows\temp\UploadUI.log moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 19th, 2013, 5:32 am

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Mark at 19:01:28 on 2013-06-19
Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.16324.14055 [GMT 9.5:30]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhostex.exe
C:\windows\notepad.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/inde ... 51AC69F814
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Lyrics Kid: {BA146CF5-1875-4EA8-AAEA-A90142FC2EC9} - C:\Program Files (x86)\LyricsKid\lkid.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: Interfaces\{4DAEF880-29E2-4B5A-AF4F-F345B1B8CFF6} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4DAEF880-29E2-4B5A-AF4F-F345B1B8CFF6}\24967605F6E646535383430303 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{D89C42DA-19E8-4186-AE96-88F8206B9154} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bntj1sm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.adelaidenow.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-01 13:33; lyricskid@mpytsoft.net; C:\Program Files (x86)\LyricsKid\FF
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\windows\System32\Drivers\gfibto.sys [2013-6-3 14456]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-8-3 645952]
R1 avkmgr;avkmgr;C:\windows\System32\Drivers\avkmgr.sys [2013-5-31 28600]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-12 92536]
R1 ElRawDisk;ElRawDisk;C:\windows\System32\Drivers\ElRawDsk.sys [2013-6-2 30752]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-5-31 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-5-31 110816]
R2 avgntflt;avgntflt;C:\windows\System32\Drivers\avgntflt.sys [2013-5-31 100712]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2012-7-27 2252600]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-16 85504]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-8-30 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-12 128896]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-6-10 1072664]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-12 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-5 701512]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-5-29 1900728]
R2 PDFsFilter;PDFsFilter;C:\windows\System32\Drivers\PDFsFilter.sys [2013-6-2 82160]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-2 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-12 364416]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2012-7-27 164152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2012-9-12 156472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2012-9-12 40248]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-6-27 110744]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-6-5 25928]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/09/11 15:38:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-17 243728]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-06-19 09:21:55 -------- d-----w- C:\_OTL
2013-06-18 13:12:19 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-15 06:45:58 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll
2013-06-15 06:45:58 14336 ----a-w- C:\windows\SysWow64\muifontsetup.dll
2013-06-12 10:00:09 -------- d-----w- C:\windows\ERUNT
2013-06-12 10:00:04 -------- d-----w- C:\JRT
2013-06-11 11:56:13 264880 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10206.bin
2013-06-10 11:16:07 2155688 ----a-w- C:\windows\System32\Incinerator64.dll
2013-06-09 12:08:12 -------- d-----w- C:\Users\Mark\AppData\Roaming\WildTangent
2013-06-05 11:38:46 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes
2013-06-05 11:38:33 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-06-05 11:38:33 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-05 11:38:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-05 11:38:17 -------- d-----w- C:\Users\Mark\AppData\Local\Programs
2013-06-03 10:15:27 -------- d-----w- C:\Users\Mark\AppData\Roaming\LavasoftStatistics
2013-06-03 10:04:00 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-06-03 10:02:32 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys
2013-06-02 11:20:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-02 11:20:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-02 05:09:53 82160 ----a-w- C:\windows\System32\drivers\PDFsFilter.sys
2013-06-02 05:09:53 69000 ----a-w- C:\windows\System32\offreg.dll
2013-06-02 05:09:53 57584 ----a-w- C:\windows\System32\iolobtdfg.exe
2013-06-02 05:09:53 56200 ----a-w- C:\windows\SysWow64\offreg.dll
2013-06-02 05:09:53 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2013-06-02 05:09:53 26184 ----a-w- C:\windows\System32\smrgdf.exe
2013-06-02 05:09:53 2097472 ----a-w- C:\windows\SysWow64\Incinerator32.dll
2013-06-02 05:09:52 -------- d-----w- C:\Program Files (x86)\iolo
2013-06-02 04:37:26 30752 ----a-w- C:\windows\System32\drivers\ElRawDsk.sys
2013-06-02 04:36:52 74703 ----a-w- C:\windows\SysWow64\mfc45.dat
2013-06-02 04:36:52 -------- d-----w- C:\Users\Mark\AppData\Roaming\iolo
2013-06-02 04:36:52 -------- d-----w- C:\ProgramData\iolo
2013-06-01 04:14:48 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-06-01 04:04:00 -------- d-----w- C:\Program Files\PC Optimizer Pro
2013-06-01 04:03:57 -------- d-----w- C:\Program Files (x86)\LyricsKid
2013-05-31 12:53:57 -------- d-----w- C:\Users\Mark\AppData\Local\Macromedia
2013-05-31 12:21:20 87392 ----a-w- C:\windows\twain.dll
2013-05-31 12:19:52 306688 ----a-w- C:\windows\IsUninst.exe
2013-05-31 12:13:22 -------- d-----w- C:\Users\Mark\AppData\Local\Adobe
2013-05-31 11:25:21 -------- d-----w- C:\Users\Mark\AppData\Roaming\Avira
2013-05-31 11:23:30 83160 ----a-w- C:\windows\System32\drivers\avnetflt.sys
2013-05-31 11:20:04 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2013-05-31 11:20:04 100712 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2013-05-31 11:20:04 -------- d-----w- C:\ProgramData\Avira
2013-05-31 11:20:04 -------- d-----w- C:\Program Files (x86)\Avira
2013-05-31 08:29:57 929792 ----a-w- C:\windows\SysWow64\mfnetsrc.dll
2013-05-31 08:29:57 677888 ----a-w- C:\windows\System32\mfnetcore.dll
2013-05-31 08:29:57 673280 ----a-w- C:\windows\System32\mfmpeg2srcsnk.dll
2013-05-31 08:29:57 568832 ----a-w- C:\windows\SysWow64\mfnetcore.dll
2013-05-31 08:29:57 513024 ----a-w- C:\windows\SysWow64\mfmpeg2srcsnk.dll
2013-05-31 08:29:57 1172992 ----a-w- C:\windows\System32\mfnetsrc.dll
2013-05-31 08:29:48 82944 ----a-w- C:\windows\SysWow64\dskquota.dll
2013-05-31 08:29:48 109568 ----a-w- C:\windows\System32\dskquota.dll
2013-05-30 12:08:01 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-05-30 12:08:01 2206208 ----a-w- C:\windows\System32\dwmcore.dll
2013-05-30 12:08:00 2380944 ----a-w- C:\windows\explorer.exe
2013-05-30 12:08:00 2115952 ----a-w- C:\windows\SysWow64\explorer.exe
2013-05-30 12:08:00 1841152 ----a-w- C:\windows\SysWow64\dwmcore.dll
2013-05-30 12:08:00 1395712 ----a-w- C:\windows\System32\Windows.UI.Immersive.dll
2013-05-30 12:02:49 368640 ----a-w- C:\windows\System32\sppwinob.dll
2013-05-30 12:01:27 11459584 ----a-w- C:\windows\System32\glcndFilter.dll
2013-05-30 12:00:56 68608 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-30 11:59:59 80896 ----a-w- C:\windows\System32\mmcss.dll
2013-05-30 11:51:25 -------- d-----w- C:\Users\Mark\AppData\Local\Apple Computer
2013-05-30 11:51:21 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2013-05-30 11:51:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-30 11:51:14 -------- d-----w- C:\Program Files\iTunes
2013-05-30 11:51:14 -------- d-----w- C:\Program Files\iPod
2013-05-30 11:51:14 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-30 11:51:10 -------- d-----w- C:\Users\Mark\AppData\Local\Apple
2013-05-30 11:41:28 69632 ----a-r- C:\Users\Mark\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
2013-05-30 11:41:28 49152 ----a-r- C:\Users\Mark\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-05-30 11:41:27 -------- d-----w- C:\Users\Mark\AppData\Local\Downloaded Installations
2013-05-30 11:38:33 -------- d-----w- C:\Users\Mark\AppData\Roaming\eIntaller
2013-05-30 09:21:19 -------- d-----w- C:\Users\Mark\AppData\Local\Google
2013-05-30 09:21:09 -------- d-----w- C:\Users\Mark\AppData\Local\Deployment
2013-05-30 09:21:09 -------- d-----w- C:\Users\Mark\AppData\Local\Apps
2013-05-30 09:08:42 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-05-30 09:08:39 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-29 13:30:53 -------- d-----w- C:\Users\Mark\AppData\Local\Hewlett-Packard
2013-05-29 13:07:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-05-29 12:33:10 564432 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-29 12:32:11 -------- d-----w- C:\Program Files\Microsoft Office 15
2013-05-29 12:21:58 1161728 ----a-w- C:\windows\System32\sppobjs.dll
2013-05-29 12:20:05 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-05-29 12:19:59 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe
2013-05-29 12:16:55 94208 ----a-w- C:\windows\System32\synceng.dll
2013-05-29 12:15:42 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-29 12:15:18 148480 ----a-w- C:\windows\System32\poqexec.exe
2013-05-29 12:15:18 144384 ----a-w- C:\windows\System32\tssdisai.dll
2013-05-29 12:15:18 135680 ----a-w- C:\windows\System32\appserverai.dll
2013-05-29 12:15:18 132608 ----a-w- C:\windows\SysWow64\poqexec.exe
2013-05-29 12:15:18 126976 ----a-w- C:\windows\System32\RDWebAI.dll
2013-05-29 12:15:18 122880 ----a-w- C:\windows\System32\VmHostAI.dll
2013-05-29 12:13:59 96256 ----a-w- C:\windows\System32\fontsub.dll
2013-05-29 12:08:46 -------- d-----w- C:\Users\Mark\AppData\Local\Broadcom
2013-05-29 12:08:43 -------- d-----w- C:\Users\Mark\AppData\Local\Power2Go8
2013-05-29 12:08:21 -------- d-----r- C:\Users\Mark\Searches
2013-05-29 12:08:21 -------- d-----r- C:\Users\Mark\Contacts
2013-05-29 12:07:36 -------- d-----w- C:\Users\Mark\AppData\Local\assembly
.
==================== Find3M ====================
.
2013-06-04 22:09:22 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-05-15 02:25:59 888320 ----a-w- C:\windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17 120736 ----a-w- C:\windows\System32\AuthHost.exe
2013-05-04 07:45:29 2233600 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-04 07:34:17 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56 39424 ----a-w- C:\windows\System32\wuapp.exe
2013-05-04 06:59:51 1483776 ----a-w- C:\windows\System32\VSSVC.exe
2013-05-04 06:59:36 812544 ----a-w- C:\windows\System32\Magnify.exe
2013-05-04 06:59:25 98304 ----a-w- C:\windows\System32\wudriver.dll
2013-05-04 06:59:25 251904 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25 141824 ----a-w- C:\windows\System32\wuwebv.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\windows\System32\wucltux.dll
2013-05-04 06:59:08 13644288 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54 328192 ----a-w- C:\windows\System32\ubpm.dll
2013-05-04 06:58:54 10116096 ----a-w- C:\windows\System32\twinui.dll
2013-05-04 06:58:49 173568 ----a-w- C:\windows\System32\storewuauth.dll
2013-05-04 06:58:49 1332736 ----a-w- C:\windows\System32\sysmain.dll
2013-05-04 06:58:48 330240 ----a-w- C:\windows\System32\stobject.dll
2013-05-04 06:58:28 93696 ----a-w- C:\windows\System32\psmsrv.dll
2013-05-04 06:58:02 470528 ----a-w- C:\windows\System32\netprofmsvc.dll
2013-05-04 06:58:02 151552 ----a-w- C:\windows\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\windows\System32\netplwiz.dll
2013-05-04 06:57:59 17408 ----a-w- C:\windows\System32\muifontsetup.dll
2013-05-04 06:57:46 560640 ----a-w- C:\windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15 501760 ----a-w- C:\windows\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\windows\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\windows\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\windows\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\windows\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53 419840 ----a-w- C:\windows\System32\intl.cpl
2013-05-04 04:58:34 34304 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-05-04 04:58:14 758784 ----a-w- C:\windows\SysWow64\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-05-04 04:58:02 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-05-04 04:57:49 10788864 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\windows\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-05-04 04:57:35 303616 ----a-w- C:\windows\SysWow64\stobject.dll
2013-05-04 04:57:04 151040 ----a-w- C:\windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- C:\windows\SysWow64\netprofm.dll
2013-05-04 04:56:48 411136 ----a-w- C:\windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14 449536 ----a-w- C:\windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- C:\windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- C:\windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-04 04:55:58 389632 ----a-w- C:\windows\SysWow64\intl.cpl
2013-05-04 04:51:38 14848 ----a-w- C:\windows\System32\rars.rs
2013-05-04 04:48:33 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
2013-05-04 04:47:02 427520 ----a-w- C:\windows\System32\drivers\rdbss.sys
2013-05-04 04:10:47 14848 ----a-w- C:\windows\SysWow64\rars.rs
2013-04-28 22:30:55 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-28 22:30:12 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-28 22:28:33 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-04-28 22:28:29 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-04-28 22:28:00 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-27 05:20:12 733184 ----a-w- C:\windows\System32\win32spl.dll
2013-04-23 23:13:53 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2013-04-23 23:12:44 1569792 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-04-23 23:12:44 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-04-23 22:56:35 1255936 ----a-w- C:\windows\System32\certutil.exe
2013-04-23 22:55:48 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-04-23 22:55:48 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-04-23 22:55:48 141312 ----a-w- C:\windows\System32\cryptnet.dll
2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\windows\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe
2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll
.
============= FINISH: 19:01:55.77 ===============
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 19th, 2013, 5:33 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 29/05/2013 9:32:31 PM
System Uptime: 19/06/2013 6:53:42 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AD5
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 2774 GiB total, 2682.378 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.425 GiB free.
E: is Removable
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 92.154 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP5: 10/06/2013 3:00:07 AM - Scheduled Checkpoint
RP6: 15/06/2013 4:41:45 PM - Windows Update
RP7: 18/06/2013 10:32:46 PM - OTL Restore Point - 18/06/2013 10:32:45 PM
.
==== Installed Programs ======================
.
4 Elements II
7 Wonders II
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Aloha TriPeaks
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bejeweled 3
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom Bluetooth Software
Build-a-lot 4 - Power Source
Chuzzle Deluxe
Cradle of Rome 2
Crazy Chicken Soccer
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
Energy Star
ESET Online Scanner v3
Farm Frenzy
Final Drive Fury
FlatOut 2
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Connected Remote
HP Customer Experience Enhancements
HP Games
HP Keyboard
HP Postscript Converter
HP Registration Service
HP Support Information
IDT Audio
Intel(R) Management Engine Components
Intel® Trusted Connect Service Client
iolo technologies' System Mechanic
iTunes
Jewel Match 3
John Deere Drive Green
Letters from Nowhere 2
Luxor Evolved
Lyrics Kid
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2013 - en-us
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NVIDIA Control Panel 305.29
NVIDIA Graphics Driver 305.29
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0613
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Qtrax Player
Recovery Manager
Roads of Rome 3
Spybot - Search & Destroy
The Treasures of Mystery Island: The Ghost Ship
Trinklit Supreme
Update Installer for WildTangent Games App
VLC media player 2.0.7
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
19/06/2013 6:56:47 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
19/06/2013 6:54:17 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 126
.
==== End Of File ===========================
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby mwizz » June 19th, 2013, 5:34 am

Logs posted above

No problems with executing instructions

Still have pop-ups
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby wannabeageek » June 20th, 2013, 12:29 am

Hi mwizz,

Still have pop-ups
Is this the "kind" of "pop-ups" you are experiencing?
I am not experiencing any redirections but I do notice that when I go into a web page there will be a few random words that are hyperlinked and when I put the cursor over them a popup appears
If this is the case you are experiencing what is referred to as IntelliTXT. They are quite annoying to say the least.

Your recent logs look clean and appear free of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Remove all used tools not removed by OTL if they remain on your desktop.
DDS..com or DDS.SCR
codecheck.exe
jrt.exe
SystemLook.exe
SecurityCheck.exe

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.224
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Avira Antivir
iolo technologies' System Mechanic

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popup Malware on my computer

Unread postby mwizz » June 21st, 2013, 8:31 am

The popups I am experiencing are not only the random words that are hyperlinked but periodically when I click on the screen anywhere at all a popup window will open in the middle of the screen. It will have Mozilla Firefox at the top of the box.

Thankyou for your help, it may be something in the Firefox browser so I might uninstall that and install it again.

mwizz
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Popup Malware on my computer

Unread postby Wingman » June 23rd, 2013, 10:00 am

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received,
please see Feedback for Our Helpers - Say "Thanks" Here
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware