Author Topic: Pop ups after possible fake adobe update alert  (Read 18623 times)

0 Members and 1 Guest are viewing this topic.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #15 on: July 18, 2013, 11:17:21 PM »
Hi Corrine,

I as you asked for Adwclearner  and JRT

Here are the logs:

# AdwCleaner v2.305 - Logfile created 07/18/2013 at 16:44:33
# Updated 11/07/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Ashley - SKAIA
# Boot Mode : Normal
# Running from : C:\Users\Ashley\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.22] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.25] : keyword = "search.conduit.com",
Deleted [l.29] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN27[...]
Deleted [l.30] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]

*************************

AdwCleaner[S1].txt - [1053 octets] - [18/07/2013 16:44:33]

########## EOF - C:\AdwCleaner[S1].txt - [1113 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 8 x64
Ran by Ashley on Thu 07/18/2013 at 16:50:52.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Ashley\appdata\local\Google\Chrome\User Data\Default\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/18/2013 at 16:53:45.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is the combofix log:

ComboFix 13-07-18.04 - Ashley 07/18/2013  17:02:18.4.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.3147 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\aff.conf
c:\program files (x86)\MyPC Backup\Config\api.ts2
c:\program files (x86)\MyPC Backup\Database\mpcb_version_queue.db
c:\program files (x86)\MyPC Backup\log\AUTH.log
c:\program files (x86)\MyPC Backup\log\CLIENT.log
c:\program files (x86)\MyPC Backup\log\LICENCE.log
c:\program files (x86)\MyPC Backup\log\REMOTING.log
c:\program files (x86)\MyPC Backup\log\REQUEST.log
c:\program files (x86)\MyPC Backup\log\SERVICE.log
c:\program files (x86)\MyPC Backup\log\UPDATER.log
c:\program files (x86)\MyPC Backup\mypcbackup.ico
c:\program files (x86)\SqueekyChocolate, LLC
c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
c:\programdata\TuneUp Software
c:\programdata\TuneUp Software\TU2013\TUProgRating.10.tudb
c:\programdata\TuneUp Software\TU2013\TUReportData.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities 2013\TTUSvclrt.tt
c:\programdata\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\scsi#disk&ven_ata&prod_hitachi_hts54505#4&4b3c5a3&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.xml
c:\programdata\TuneUp Software\TuneUp Utilities\TUProgMan.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUProgManagerCache.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUTuningIndex.10.2.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUUtilitiesSvc.13.tudb
c:\users\Ashley\AppData\Local\Updater21058
c:\users\Ashley\AppData\Local\Updater21058\Updater21058.exe
c:\users\Ashley\AppData\Roaming\TuneUp Software
c:\users\Ashley\AppData\Roaming\TuneUp Software\TU2013\Dashboard\IntegratorStates_en-US.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 00:08 . 2013-07-19 00:08   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-18 15:22 . 2013-06-27 22:04   78200   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:22 . 2013-06-27 22:04   693112   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-18 15:21 . 2013-07-18 15:21   --------   d-----w-   c:\windows\ServiceProfiles\LocalService\winhttp
2013-07-17 23:45 . 2012-09-20 09:10   2367528   ----a-w-   c:\windows\system32\WSService.dll
2013-07-17 23:45 . 2012-09-20 07:55   3265256   ----a-w-   c:\windows\system32\drivers\evbda.sys
2013-07-17 23:45 . 2012-09-20 06:33   2397184   ----a-w-   c:\windows\system32\WpcMon.exe
2013-07-17 23:45 . 2012-09-20 06:30   3847168   ----a-w-   c:\windows\system32\d2d1.dll
2013-07-17 23:45 . 2012-09-20 06:33   3964416   ----a-w-   c:\windows\system32\WinSAT.exe
2013-07-17 23:43 . 2012-09-27 07:15   301568   ----a-w-   c:\windows\system32\newdev.dll
2013-07-17 23:43 . 2012-09-27 07:17   76288   ----a-w-   c:\windows\system32\newdev.exe
2013-07-17 23:43 . 2012-09-27 07:17   75264   ----a-w-   c:\windows\system32\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:35   74240   ----a-w-   c:\windows\SysWow64\newdev.exe
2013-07-17 23:43 . 2012-09-27 06:35   73728   ----a-w-   c:\windows\SysWow64\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:34   275968   ----a-w-   c:\windows\SysWow64\newdev.dll
2013-07-17 23:43 . 2012-10-02 07:34   68608   ----a-w-   c:\windows\system32\wwanprotdim.dll
2013-07-17 23:38 . 2013-07-17 23:38   --------   d-----w-   c:\program files (x86)\VS Revo Group
2013-07-17 19:59 . 2012-10-17 04:32   1172992   ----a-w-   c:\windows\system32\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 04:32   677888   ----a-w-   c:\windows\system32\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 04:32   673280   ----a-w-   c:\windows\system32\mfmpeg2srcsnk.dll
2013-07-17 19:59 . 2012-10-17 03:57   929792   ----a-w-   c:\windows\SysWow64\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 03:57   568832   ----a-w-   c:\windows\SysWow64\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 03:57   513024   ----a-w-   c:\windows\SysWow64\mfmpeg2srcsnk.dll
2013-07-17 19:58 . 2012-10-12 06:13   109568   ----a-w-   c:\windows\system32\dskquota.dll
2013-07-17 19:58 . 2012-10-12 05:39   82944   ----a-w-   c:\windows\SysWow64\dskquota.dll
2013-07-17 19:58 . 2012-10-24 04:54   396008   ----a-w-   c:\windows\system32\hal.dll
2013-07-17 19:50 . 2012-12-04 04:21   368640   ----a-w-   c:\windows\system32\sppwinob.dll
2013-07-17 19:48 . 2012-11-20 05:24   1164800   ----a-w-   c:\windows\SysWow64\Display.dll
2013-07-17 19:47 . 2012-11-06 04:20   93696   ----a-w-   c:\windows\SysWow64\WcnApi.dll
2013-07-17 19:46 . 2013-05-15 22:35   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-14 18:56 . 2012-11-26 02:15   16114176   ----a-w-   c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:56 . 2012-11-26 02:14   15541248   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-14 02:37 . 2012-08-31 00:52   17888   ----a-w-   c:\windows\system32\msvcr100_clr0400.dll
2013-07-14 02:37 . 2012-08-31 00:53   17888   ----a-w-   c:\windows\SysWow64\msvcr100_clr0400.dll
2013-07-14 02:33 . 2013-05-15 02:25   888320   ----a-w-   c:\windows\system32\autochk.exe
2013-07-14 02:32 . 2013-05-23 23:01   1300992   ----a-w-   c:\windows\system32\gdi32.dll
2013-07-14 02:32 . 2013-05-23 22:27   1022464   ----a-w-   c:\windows\SysWow64\gdi32.dll
2013-07-14 02:26 . 2013-04-09 04:50   65024   ----a-w-   c:\windows\system32\msscntrs.dll
2013-07-13 19:18 . 2013-07-18 19:48   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-18 19:47   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 03:31 . 2012-10-24 03:25   13312   ----a-w-   c:\windows\system32\pcalua.exe
2013-07-13 03:31 . 2012-10-24 03:24   405504   ----a-w-   c:\windows\system32\pcasvc.dll
2013-07-13 03:31 . 2012-10-24 03:24   31232   ----a-w-   c:\windows\system32\pcadm.dll
2013-07-13 03:31 . 2012-10-24 03:05   11776   ----a-w-   c:\windows\system32\pcaevts.dll
2013-07-13 03:25 . 2013-03-22 03:49   2382336   ----a-w-   c:\windows\SysWow64\esent.dll
2013-07-13 03:25 . 2013-03-02 08:23   375808   ----a-w-   c:\windows\SysWow64\ReAgent.dll
2013-07-13 03:25 . 2013-03-02 02:44   1011200   ----a-w-   c:\windows\system32\reseteng.dll
2013-07-13 03:25 . 2012-12-15 04:55   443392   ----a-w-   c:\windows\system32\ReAgent.dll
2013-07-13 03:25 . 2012-11-03 05:26   132096   ----a-w-   c:\windows\system32\sysreset.exe
2013-07-13 03:25 . 2012-11-03 05:25   945152   ----a-w-   c:\windows\system32\resetengmig.dll
2013-07-13 03:25 . 2013-03-21 22:47   2851840   ----a-w-   c:\windows\system32\esent.dll
2013-07-13 03:16 . 2013-04-10 22:35   2035200   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1617920   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 03:16 . 2013-04-10 22:35   1306112   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 03:16 . 2013-04-10 22:35   1272320   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1029632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1413632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1318912   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 03:16 . 2013-04-16 02:34   1455368   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:14 . 2013-06-01 09:25   496640   ----a-w-   c:\windows\SysWow64\qedit.dll
2013-07-13 03:13 . 2013-05-04 06:59   2842112   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-13 03:12 . 2012-11-07 23:04   149264   ----a-w-   c:\program files\Windows Defender\SymSrv.dll
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
c:\users\Ashley\AppData\Local\DefineExt\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys

S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-18  17:10:45
ComboFix-quarantined-files.txt  2013-07-19 00:10
ComboFix2.txt  2013-07-18 14:39
ComboFix3.txt  2013-07-17 20:08
ComboFix4.txt  2013-07-17 17:51
.
Pre-Run: 424,339,243,008 bytes free
Post-Run: 424,014,635,008 bytes free
.
- - End Of File - - C1D9FD95965CE9F25E3770A679398B06
D41D8CD98F00B204E9800998ECF8427E


Also, previous to running these last three scans I have not seen the biz coaching popup nor the ads suggesting downloading a player or a missing plug in.

Since I uninstalled avg safe search and Norton I will make sure windows defender is running after we are all clear here.

Heading into work and will check back in in 14 hours.

Thanks again.

4

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20704
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #16 on: July 19, 2013, 12:17:05 AM »
My brain is too foggy to look at the ComboFix log tonight -- other than still seeing those same files that should be gone.  It is also interesting that AdwCleaner and JRT both found additional files even though you ran both a couple days ago.

I'll take a fresh look tomorrow. 



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #17 on: July 19, 2013, 01:11:32 AM »
Sounds good Corrine and thank you.

Time for some barge unloading! Looks like another 5 hour energy night.

4

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20704
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #18 on: July 19, 2013, 04:26:44 PM »
Let's try this again.  It appears there is a backup registry entry and folder that need to be removed.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
Folder::
c:\users\Ashley\AppData\Local\getsavin
c:\users\Ashley\AppData\Local\DefineExt
c:\program files (x86)\SqueekyChocolate, LLC

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

There is an old version of Google Chrome on the system (Google Chrome 28.0.1500.71).  To remove it, please download and run OldChromeRemoverNote:  Windows Vista/Windows 7-8 users must use “Run As Administrator.”


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #19 on: July 19, 2013, 04:48:43 PM »
Here is the combofix log:

ComboFix 13-07-18.04 - Ashley 07/19/2013  10:37:05.5.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2934 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 17:41 . 2013-07-19 17:41   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-18 15:22 . 2013-06-27 22:04   78200   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:22 . 2013-06-27 22:04   693112   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-18 15:21 . 2013-07-18 15:21   --------   d-----w-   c:\windows\ServiceProfiles\LocalService\winhttp
2013-07-17 23:45 . 2012-09-20 09:10   2367528   ----a-w-   c:\windows\system32\WSService.dll
2013-07-17 23:45 . 2012-09-20 07:55   3265256   ----a-w-   c:\windows\system32\drivers\evbda.sys
2013-07-17 23:45 . 2012-09-20 06:33   2397184   ----a-w-   c:\windows\system32\WpcMon.exe
2013-07-17 23:45 . 2012-09-20 06:30   3847168   ----a-w-   c:\windows\system32\d2d1.dll
2013-07-17 23:45 . 2012-09-20 06:33   3964416   ----a-w-   c:\windows\system32\WinSAT.exe
2013-07-17 23:43 . 2012-09-27 07:15   301568   ----a-w-   c:\windows\system32\newdev.dll
2013-07-17 23:43 . 2012-09-27 07:17   76288   ----a-w-   c:\windows\system32\newdev.exe
2013-07-17 23:43 . 2012-09-27 07:17   75264   ----a-w-   c:\windows\system32\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:35   74240   ----a-w-   c:\windows\SysWow64\newdev.exe
2013-07-17 23:43 . 2012-09-27 06:35   73728   ----a-w-   c:\windows\SysWow64\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:34   275968   ----a-w-   c:\windows\SysWow64\newdev.dll
2013-07-17 23:43 . 2012-10-02 07:34   68608   ----a-w-   c:\windows\system32\wwanprotdim.dll
2013-07-17 23:38 . 2013-07-17 23:38   --------   d-----w-   c:\program files (x86)\VS Revo Group
2013-07-17 19:59 . 2012-10-17 04:32   1172992   ----a-w-   c:\windows\system32\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 04:32   677888   ----a-w-   c:\windows\system32\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 04:32   673280   ----a-w-   c:\windows\system32\mfmpeg2srcsnk.dll
2013-07-17 19:59 . 2012-10-17 03:57   929792   ----a-w-   c:\windows\SysWow64\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 03:57   568832   ----a-w-   c:\windows\SysWow64\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 03:57   513024   ----a-w-   c:\windows\SysWow64\mfmpeg2srcsnk.dll
2013-07-17 19:58 . 2012-10-12 06:13   109568   ----a-w-   c:\windows\system32\dskquota.dll
2013-07-17 19:58 . 2012-10-12 05:39   82944   ----a-w-   c:\windows\SysWow64\dskquota.dll
2013-07-17 19:58 . 2012-10-24 04:54   396008   ----a-w-   c:\windows\system32\hal.dll
2013-07-17 19:50 . 2012-12-04 04:21   368640   ----a-w-   c:\windows\system32\sppwinob.dll
2013-07-17 19:48 . 2012-11-20 05:24   1164800   ----a-w-   c:\windows\SysWow64\Display.dll
2013-07-17 19:47 . 2012-11-06 04:20   93696   ----a-w-   c:\windows\SysWow64\WcnApi.dll
2013-07-17 19:46 . 2013-05-15 22:35   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-14 18:56 . 2012-11-26 02:15   16114176   ----a-w-   c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:56 . 2012-11-26 02:14   15541248   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-14 02:37 . 2012-08-31 00:52   17888   ----a-w-   c:\windows\system32\msvcr100_clr0400.dll
2013-07-14 02:37 . 2012-08-31 00:53   17888   ----a-w-   c:\windows\SysWow64\msvcr100_clr0400.dll
2013-07-14 02:33 . 2013-05-15 02:25   888320   ----a-w-   c:\windows\system32\autochk.exe
2013-07-14 02:32 . 2013-05-23 23:01   1300992   ----a-w-   c:\windows\system32\gdi32.dll
2013-07-14 02:32 . 2013-05-23 22:27   1022464   ----a-w-   c:\windows\SysWow64\gdi32.dll
2013-07-14 02:26 . 2013-04-09 04:50   65024   ----a-w-   c:\windows\system32\msscntrs.dll
2013-07-13 19:18 . 2013-07-18 19:48   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-18 19:47   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 03:31 . 2012-10-24 03:25   13312   ----a-w-   c:\windows\system32\pcalua.exe
2013-07-13 03:31 . 2012-10-24 03:24   405504   ----a-w-   c:\windows\system32\pcasvc.dll
2013-07-13 03:31 . 2012-10-24 03:24   31232   ----a-w-   c:\windows\system32\pcadm.dll
2013-07-13 03:31 . 2012-10-24 03:05   11776   ----a-w-   c:\windows\system32\pcaevts.dll
2013-07-13 03:25 . 2013-03-22 03:49   2382336   ----a-w-   c:\windows\SysWow64\esent.dll
2013-07-13 03:25 . 2013-03-02 08:23   375808   ----a-w-   c:\windows\SysWow64\ReAgent.dll
2013-07-13 03:25 . 2013-03-02 02:44   1011200   ----a-w-   c:\windows\system32\reseteng.dll
2013-07-13 03:25 . 2012-12-15 04:55   443392   ----a-w-   c:\windows\system32\ReAgent.dll
2013-07-13 03:25 . 2012-11-03 05:26   132096   ----a-w-   c:\windows\system32\sysreset.exe
2013-07-13 03:25 . 2012-11-03 05:25   945152   ----a-w-   c:\windows\system32\resetengmig.dll
2013-07-13 03:25 . 2013-03-21 22:47   2851840   ----a-w-   c:\windows\system32\esent.dll
2013-07-13 03:16 . 2013-04-10 22:35   2035200   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1617920   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 03:16 . 2013-04-10 22:35   1306112   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 03:16 . 2013-04-10 22:35   1272320   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1029632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1413632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1318912   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 03:16 . 2013-04-16 02:34   1455368   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:14 . 2013-06-01 09:25   496640   ----a-w-   c:\windows\SysWow64\qedit.dll
2013-07-13 03:13 . 2013-05-04 06:59   2842112   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-13 03:12 . 2012-11-07 23:04   149264   ----a-w-   c:\program files\Windows Defender\SymSrv.dll
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
c:\users\Ashley\AppData\Local\DefineExt\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys

S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-19  10:43:27
ComboFix-quarantined-files.txt  2013-07-19 17:43
ComboFix2.txt  2013-07-19 00:10
ComboFix3.txt  2013-07-18 14:39
ComboFix4.txt  2013-07-17 20:08
ComboFix5.txt  2013-07-19 17:36
.
Pre-Run: 424,413,298,688 bytes free
Post-Run: 424,095,965,184 bytes free
.
- - End Of File - - EC561C9E73147F7E1566ED92CD5B298D
D41D8CD98F00B204E9800998ECF8427E


4

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20704
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #20 on: July 19, 2013, 06:12:00 PM »
Please download OTL by Old TimerSave it to your Desktop.
  • Right click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #21 on: July 19, 2013, 06:42:25 PM »
Here are the OTL logs:

OTL logfile created on: 7/19/2013 12:18:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ashley\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 74.77% Memory free
7.38 Gb Paging File | 6.41 Gb Available in Paging File | 86.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.47 Gb Total Space | 394.96 Gb Free Space | 89.26% Space Free | Partition Type: NTFS
Drive D: | 22.52 Gb Total Space | 2.74 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
 
Computer Name: SKAIA | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/28 18:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 02:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/12 12:56:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 19:18:24 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/01 04:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 04:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/16 19:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/04 00:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/28 18:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 16:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 00:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 00:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/24 02:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 02:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/08 13:17:56 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/07/31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/03 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 23:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 19:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: RealDownloader = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
 
O1 HOSTS File: ([2013/07/18 17:08:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (GetSavin 5.0) - {B3522C04-B9DB-4C57-AA22-929092423BDD} - C:\Users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll File not found
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ashley\AppData\Local\DefineExt\temp.dat File not found
O2 - BHO: (SmileysWeLoveToolbar) - {e4ef8a64-0a30-48f5-b3fe-5fda978da775} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/19 12:16:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 10:45:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2013/07/18 16:49:25 | 000,559,341 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/18 08:22:02 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/18 08:22:02 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/17 16:45:29 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2013/07/17 16:45:20 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys
[2013/07/17 16:45:09 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcMon.exe
[2013/07/17 16:45:04 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/07/17 16:45:02 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2013/07/17 16:44:59 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys
[2013/07/17 16:44:57 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2013/07/17 16:44:52 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2013/07/17 16:44:52 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.dll
[2013/07/17 16:44:50 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/07/17 16:44:50 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll
[2013/07/17 16:44:50 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2013/07/17 16:44:49 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provcore.dll
[2013/07/17 16:44:49 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2013/07/17 16:44:45 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2013/07/17 16:44:42 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll
[2013/07/17 16:44:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2013/07/17 16:44:39 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\combase.dll
[2013/07/17 16:44:39 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsSpellCheckingFacility.dll
[2013/07/17 16:44:39 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2013/07/17 16:44:39 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2013/07/17 16:44:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013/07/17 16:44:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe
[2013/07/17 16:44:37 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinTypes.dll
[2013/07/17 16:44:36 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2013/07/17 16:44:35 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll
[2013/07/17 16:44:35 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2013/07/17 16:44:35 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll
[2013/07/17 16:44:35 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidcredprov.dll
[2013/07/17 16:44:34 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2013/07/17 16:44:34 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/07/17 16:44:34 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnprv.dll
[2013/07/17 16:44:34 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2013/07/17 16:44:33 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2013/07/17 16:44:33 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2013/07/17 16:44:32 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2013/07/17 16:44:32 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2013/07/17 16:44:32 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2013/07/17 16:44:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2013/07/17 16:44:28 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2013/07/17 16:44:27 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe
[2013/07/17 16:44:27 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2013/07/17 16:44:27 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013/07/17 16:44:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PackageStateRoaming.dll
[2013/07/17 16:44:26 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2013/07/17 16:44:26 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2013/07/17 16:44:26 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2013/07/17 16:44:24 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2013/07/17 16:44:24 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvproc.dll
[2013/07/17 16:44:24 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ProximityService.dll
[2013/07/17 16:44:24 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TpmTasks.dll
[2013/07/17 16:44:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PackageStateRoaming.dll
[2013/07/17 16:44:23 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\provcore.dll
[2013/07/17 16:44:23 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.dll
[2013/07/17 16:44:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2013/07/17 16:44:23 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avrt.dll
[2013/07/17 16:44:22 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\combase.dll
[2013/07/17 16:44:22 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2013/07/17 16:44:22 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll
[2013/07/17 16:44:22 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-kernel-power-events.dll
[2013/07/17 16:44:22 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys
[2013/07/17 16:44:21 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2013/07/17 16:44:21 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2013/07/17 16:44:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncHost.exe
[2013/07/17 16:44:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2013/07/17 16:44:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinTypes.dll
[2013/07/17 16:44:20 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll
[2013/07/17 16:44:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2013/07/17 16:44:20 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe
[2013/07/17 16:44:19 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlidcredprov.dll
[2013/07/17 16:44:17 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2013/07/17 16:44:16 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.dll
[2013/07/17 16:44:16 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2013/07/17 16:44:16 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfh264enc.dll
[2013/07/17 16:44:16 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfh264enc.dll
[2013/07/17 16:44:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvproc.dll
[2013/07/17 16:44:16 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/07/17 16:44:16 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevPropMgr.dll
[2013/07/17 16:44:16 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncHost.exe
[2013/07/17 16:44:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfnet.dll
[2013/07/17 16:44:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2013/07/17 16:44:15 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2013/07/17 16:44:15 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013/07/17 16:44:14 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/07/17 16:44:14 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/07/17 16:44:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAFWSD.dll
[2013/07/17 16:44:14 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfnet.dll
[2013/07/17 16:44:13 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/07/17 16:44:13 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013/07/17 16:44:13 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfos.dll
[2013/07/17 16:44:12 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013/07/17 16:44:11 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpremove.exe
[2013/07/17 16:44:10 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/07/17 16:44:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vsstrace.dll
[2013/07/17 16:44:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2013/07/17 16:44:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2013/07/17 16:44:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfctrs.dll
[2013/07/17 16:44:07 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfctrs.dll
[2013/07/17 16:44:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfproc.dll
[2013/07/17 16:44:06 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfproc.dll
[2013/07/17 16:44:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfos.dll
[2013/07/17 16:44:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/07/17 16:44:05 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LangCleanupSysprepAction.dll
[2013/07/17 16:44:05 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eventcls.dll
[2013/07/17 16:44:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eventcls.dll
[2013/07/17 16:44:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MUILanguageCleanup.dll
[2013/07/17 16:44:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetupproxyserv.dll
[2013/07/17 16:44:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2013/07/17 16:43:45 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2013/07/17 16:43:44 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2013/07/17 16:43:44 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2013/07/17 16:43:44 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe
[2013/07/17 16:43:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2013/07/17 16:43:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe
[2013/07/17 16:43:43 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/17 13:31:49 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/07/17 13:31:47 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/07/17 13:31:46 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/07/17 13:31:45 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/07/17 13:31:45 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/07/17 13:31:44 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/07/17 13:31:41 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/07/17 13:31:41 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/07/17 13:31:41 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/07/17 13:31:41 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/07/17 13:31:40 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/07/17 13:31:40 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/07/17 13:31:40 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/07/17 13:31:39 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/07/17 13:31:39 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2013/07/17 13:31:39 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/07/17 13:31:39 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/07/17 13:31:39 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013/07/17 13:31:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2013/07/17 13:31:37 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/07/17 13:31:36 | 000,337,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/07/17 13:31:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2013/07/17 13:31:36 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2013/07/17 13:31:35 | 000,194,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/07/17 13:31:35 | 000,125,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/07/17 13:31:34 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/07/17 12:59:02 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2013/07/17 12:59:02 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2013/07/17 12:59:02 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2013/07/17 12:59:02 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2013/07/17 12:59:02 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2013/07/17 12:59:02 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
[2013/07/17 12:58:43 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquota.dll
[2013/07/17 12:58:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquota.dll
[2013/07/17 12:58:26 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2013/07/17 12:57:43 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll
[2013/07/17 12:57:43 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/07/17 12:57:42 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2013/07/17 12:57:41 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll
[2013/07/17 12:57:41 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2013/07/17 12:57:40 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2013/07/17 12:57:36 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2013/07/17 12:57:35 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2013/07/17 12:57:35 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2013/07/17 12:57:35 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/07/17 12:57:33 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2013/07/17 12:57:33 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/07/17 12:57:32 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Storage.Compression.dll
[2013/07/17 12:57:32 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013/07/17 12:57:29 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/07/17 12:57:28 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2013/07/17 12:57:28 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/07/17 12:57:27 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SpaceControl.dll
[2013/07/17 12:57:25 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdstor.sys
[2013/07/17 12:57:25 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys
[2013/07/17 12:57:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2013/07/17 12:57:24 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Storage.Compression.dll
[2013/07/17 12:57:23 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2013/07/17 12:57:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/07/17 12:57:22 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-pdc.dll
[2013/07/17 12:57:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCPKsp.dll
[2013/07/17 12:57:20 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2013/07/17 12:57:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppxSip.dll
[2013/07/17 12:57:18 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/07/17 12:57:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSip.dll
[2013/07/17 12:57:17 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icfupgd.dll
[2013/07/17 12:57:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PCPKsp.dll
[2013/07/17 12:57:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeUISrv.exe
[2013/07/17 12:57:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfapigp.dll
[2013/07/17 12:57:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfapigp.dll
[2013/07/17 12:57:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/07/17 12:57:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdhebl3.dll
[2013/07/17 12:57:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdhebl3.dll
[2013/07/17 12:50:25 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013/07/17 12:50:14 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/17 12:50:10 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013/07/17 12:50:10 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013/07/17 12:50:09 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013/07/17 12:50:08 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013/07/17 12:50:08 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013/07/17 12:50:08 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013/07/17 12:50:07 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013/07/17 12:50:06 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013/07/17 12:50:06 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/17 12:50:06 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/17 12:50:06 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/07/17 12:50:06 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/07/17 12:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013/07/17 12:50:06 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013/07/17 12:50:06 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/17 12:50:05 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/07/17 12:50:05 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/07/17 12:50:05 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/17 12:50:05 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013/07/17 12:50:05 | 000,046,592 | ---- | C] (

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20704
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #22 on: July 19, 2013, 07:39:08 PM »
Hi, 4on4off.  The forum software only allows a certain number of characters to be posted so the logs got cut off.  Please locate where it was cut off and copy/paste the rest.

Thanks.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #23 on: July 20, 2013, 06:37:39 AM »
[2013/07/17 12:50:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013/07/17 12:50:05 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rfxvmt.dll
[2013/07/17 12:50:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013/07/17 12:48:49 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013/07/17 12:48:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013/07/17 12:48:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013/07/17 12:48:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013/07/17 12:48:47 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013/07/17 12:48:47 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013/07/17 12:48:47 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/07/17 12:48:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/07/17 12:48:47 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/07/17 12:48:46 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/07/17 12:48:27 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013/07/17 12:48:16 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013/07/17 12:48:15 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/07/17 12:48:14 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013/07/17 12:48:11 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/07/17 12:48:09 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013/07/17 12:48:05 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013/07/17 12:48:05 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013/07/17 12:48:05 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013/07/17 12:48:04 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013/07/17 12:48:03 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013/07/17 12:48:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013/07/17 12:48:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013/07/17 12:48:02 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013/07/17 12:48:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013/07/17 12:48:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013/07/17 12:48:01 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013/07/17 12:48:00 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013/07/17 12:47:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013/07/17 12:47:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013/07/17 12:47:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013/07/17 12:47:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013/07/17 12:47:58 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013/07/17 12:47:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013/07/17 12:47:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013/07/17 12:47:57 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013/07/17 12:47:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013/07/17 12:47:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013/07/17 12:47:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013/07/17 12:46:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/07/17 10:40:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/17 10:40:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/17 10:40:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/07/17 10:40:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/17 10:39:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/17 10:38:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/17 10:38:20 | 005,091,168 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/17 09:37:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/17 01:07:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/16 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/16 22:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004
[2013/07/16 21:40:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Malwarebytes
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/16 21:40:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/16 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/16 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Programs
[2013/07/16 21:38:29 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:49 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 20:39:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Youcam
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\CyberLink
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CyberLink
[2013/07/14 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Add-in Express
[2013/07/14 11:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE
[2013/07/14 11:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny Media Player
[2013/07/14 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tiny Media Player
[2013/07/14 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Pokki
[2013/07/14 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CRE
[2013/07/13 19:37:13 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll
[2013/07/13 19:37:11 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll
[2013/07/13 19:34:24 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/07/13 19:34:21 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/07/13 19:34:20 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/07/13 19:34:16 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/07/13 19:34:14 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013/07/13 19:34:13 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013/07/13 19:34:13 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/07/13 19:34:12 | 002,305,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/07/13 19:34:12 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/07/13 19:34:12 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/07/13 19:34:12 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/07/13 19:34:12 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013/07/13 19:34:12 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/07/13 19:34:11 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/07/13 19:34:10 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/07/13 19:34:10 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013/07/13 19:34:10 | 000,446,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/07/13 19:34:10 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013/07/13 19:34:10 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/07/13 19:34:10 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs
[2013/07/13 19:34:10 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs
[2013/07/13 19:34:09 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013/07/13 19:34:09 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013/07/13 19:34:09 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2013/07/13 19:34:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2013/07/13 19:34:08 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2013/07/13 19:34:08 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/07/13 19:34:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2013/07/13 19:34:08 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2013/07/13 19:34:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/07/13 19:34:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/07/13 19:34:07 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2013/07/13 19:34:07 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013/07/13 19:34:07 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013/07/13 19:34:07 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013/07/13 19:34:07 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll
[2013/07/13 19:34:07 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe
[2013/07/13 19:34:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013/07/13 19:34:07 | 000,058,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/07/13 19:34:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013/07/13 19:34:05 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/07/13 19:34:05 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/07/13 19:34:05 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/07/13 19:34:05 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/07/13 19:34:05 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll
[2013/07/13 19:34:05 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/07/13 19:34:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/07/13 19:34:04 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/07/13 19:34:04 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2013/07/13 19:34:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013/07/13 19:34:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2013/07/13 19:34:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013/07/13 19:33:43 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2013/07/13 19:33:43 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2013/07/13 19:33:43 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2013/07/13 19:33:43 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2013/07/13 19:33:41 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/07/13 19:33:27 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013/07/13 19:33:21 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/07/13 19:33:18 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/13 19:33:17 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013/07/13 19:33:17 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013/07/13 19:33:16 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/13 19:33:16 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013/07/13 19:33:15 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013/07/13 19:33:15 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/07/13 19:33:15 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013/07/13 19:33:14 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/07/13 19:33:14 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013/07/13 19:33:14 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013/07/13 19:33:11 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013/07/13 19:33:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013/07/13 19:33:11 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013/07/13 19:33:11 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013/07/13 19:33:11 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013/07/13 19:33:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013/07/13 19:33:10 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013/07/13 19:33:10 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/07/13 19:33:09 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013/07/13 19:33:09 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013/07/13 19:33:09 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013/07/13 19:33:08 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013/07/13 19:33:08 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/07/13 19:33:08 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013/07/13 19:33:08 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013/07/13 19:33:08 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013/07/13 19:33:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/07/13 19:33:08 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013/07/13 19:33:07 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013/07/13 19:33:07 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013/07/13 19:33:07 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013/07/13 19:33:07 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013/07/13 19:33:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013/07/13 19:33:06 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013/07/13 19:32:52 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/07/13 19:28:55 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/07/13 19:28:54 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/07/13 19:28:54 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/07/13 19:28:53 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/07/13 19:28:52 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/07/13 19:28:49 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/07/13 19:28:44 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/07/13 19:28:43 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/07/13 19:28:42 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/07/13 19:28:42 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/07/13 19:28:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/07/13 19:28:41 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/07/13 19:28:41 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/07/13 19:28:41 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/07/13 19:28:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/07/13 19:28:41 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/07/13 19:28:41 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/07/13 19:28:41 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/07/13 19:28:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/07/13 19:28:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/07/13 19:28:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/07/13 19:28:05 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/07/13 19:28:03 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/07/13 19:27:54 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/07/13 19:27:52 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/07/13 19:27:41 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/07/13 19:27:27 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/07/13 19:27:26 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/07/13 19:27:21 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013/07/13 19:27:14 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013/07/13 19:27:12 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/07/13 19:27:12 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013/07/13 19:27:12 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013/07/13 19:27:11 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013/07/13 19:27:11 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/07/13 19:27:09 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/07/13 19:27:09 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013/07/13 19:27:09 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/07/13 19:27:09 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/07/13 19:27:09 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013/07/13 19:27:08 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013/07/13 19:27:08 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013/07/13 19:27:07 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013/07/13 19:27:06 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013/07/13 19:27:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/07/13 19:27:05 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013/07/13 19:27:05 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/07/13 19:27:05 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rascfg.dll
[2013/07/13 19:27:04 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013/07/13 19:27:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013/07/13 19:27:04 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013/07/13 19:27:04 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013/07/13 19:27:04 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rascfg.dll
[2013/07/13 19:27:03 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/07/13 19:27:03 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013/07/13 19:27:03 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013/07/13 19:27:03 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/07/13 19:27:03 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013/07/13 19:27:03 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013/07/13 19:27:03 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013/07/13 19:27:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/07/13 19:27:03 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013/07/13 19:27:03 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013/07/13 19:27:02 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013/07/13 19:27:02 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013/07/13 19:27:02 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013/07/13 19:27:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/07/13 19:27:02 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013/07/13 19:27:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013/07/13 19:27:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013/07/13 19:27:01 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/07/13 19:27:01 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013/07/13 19:27:01 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/07/13 19:27:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013/07/13 19:27:01 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013/07/13 19:27:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhevents.dll
[2013/07/13 19:27:01 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013/07/13 19:27:00 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcfg.dll
[2013/07/13 19:27:00 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcat.dll
[2013/07/13 19:27:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013/07/13 19:27:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhmanagew.exe
[2013/07/13 19:27:00 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhshl.dll
[2013/07/13 19:27:00 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvc.dll
[2013/07/13 19:27:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013/07/13 19:27:00 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchapi.dll
[2013/07/13 19:27:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2013/07/13 19:27:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchph.dll
[2013/07/13 19:27:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhlisten.dll
[2013/07/13 19:27:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2013/07/13 19:27:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcleanup.dll
[2013/07/13 19:27:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013/07/13 19:27:00 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013/07/13 19:27:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013/07/13 19:26:58 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013/07/13 19:26:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2013/07/13 19:26:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2013/07/13 19:26:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/07/13 19:26:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhautoplay.dll
[2013/07/13 19:26:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2013/07/13 19:26:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndptsp.tsp
[2013/07/13 19:26:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013/07/13 19:26:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmxs.dll
[2013/07/13 19:26:58 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhtask.dll
[2013/07/13 19:26:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmxs.dll
[2013/07/13 19:26:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasser.dll
[2013/07/13 19:26:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasser.dll
[2013/07/13 19:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2013/07/13 19:26:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kmddsp.tsp
[2013/07/13 19:26:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvcctl.dll
[2013/07/13 19:26:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2013/07/13 19:26:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2013/07/13 19:26:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2013/07/13 19:26:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2013/07/13 19:26:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2013/07/13 19:26:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2013/07/13 19:26:53 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/07/13 19:26:52 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/07/13 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Mozilla
[2013/07/13 12:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/07/13 12:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/07/13 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
[2013/07/13 12:13:51 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/07/13 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/07/13 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Paint.NET
[2013/07/13 12:12:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/12 21:12:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/07/12 20:31:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013/07/12 20:31:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013/07/12 20:31:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013/07/12 20:25:27 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/07/12 20:25:27 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/07/12 20:25:27 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013/07/12 20:25:27 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/07/12 20:25:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/07/12 20:25:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013/07/12 20:25:26 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/07/12 20:24:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2013/07/12 20:24:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013/07/12 20:24:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/07/12 20:24:56 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/07/12 20:24:44 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/07/12 20:24:44 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/07/12 20:24:14 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/12 20:24:09 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/07/12 20:24:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/12 20:24:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/12 20:24:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/12 20:24:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/12 20:24:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/12 20:24:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/12 20:24:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/12 20:24:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/12 20:24:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/07/12 20:24:06 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/07/12 20:24:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/12 20:24:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/12 20:16:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013/07/12 20:16:07 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013/07/12 20:16:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013/07/12 20:16:06 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/07/12 20:16:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/07/12 20:15:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/07/12 20:15:58 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/07/12 20:15:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013/07/12 20:15:55 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013/07/12 20:15:42 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/07/12 20:15:31 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/12 20:15:04 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/07/12 20:15:03 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/07/12 20:15:03 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/07/12 20:15:03 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/07/12 20:14:57 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/12 20:14:57 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/12 20:14:47 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013/07/12 20:14:47 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013/07/12 20:14:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/07/12 20:14:46 | 000,488,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/07/12 20:14:46 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013/07/12 20:14:45 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013/07/12 20:14:45 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013/07/12 20:14:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013/07/12 20:14:45 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013/07/12 20:14:45 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013/07/12 20:14:45 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/07/12 20:14:45 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013/07/12 20:14:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013/07/12 20:14:45 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013/07/12 20:14:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013/07/12 20:14:44 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013/07/12 20:14:44 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013/07/12 20:14:44 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/07/12 20:14:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013/07/12 20:14:44 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013/07/12 20:14:44 | 000,021,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/07/12 20:14:44 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013/07/12 20:14:41 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/07/12 20:14:40 | 002,893,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/07/12 20:14:40 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/07/12 20:14:40 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/07/12 20:14:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/07/12 20:13:32 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/12 20:13:32 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/07/12 20:13:31 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/12 20:13:05 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/07/12 20:13:05 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/07/12 20:13:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013/07/12 20:13:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013/07/12 20:13:05 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013/07/12 20:13:05 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013/07/12 20:13:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013/07/12 20:13:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013/07/12 20:13:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013/07/12 20:13:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013/07/12 20:13:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013/07/12 20:13:05 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013/07/12 20:13:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013/07/12 20:13:05 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013/07/12 20:13:01 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/07/12 20:13:01 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/07/12 20:13:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/07/12 20:13:01 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/07/12 20:13:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/07/12 20:13:01 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/07/12 20:13:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/07/12 20:13:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/07/12 20:12:40 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013/07/12 20:12:40 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/07/12 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Adobe
[2013/07/12 12:47:04 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\hpqlog
[2013/07/12 00:03:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Skype
[2013/07/12 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/12 00:02:49 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/07/12 00:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/12 00:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/07/12 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/07/12 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\DefineExt
[2013/07/11 23:58:54 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Real
[2013/07/11 23:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\RealNetworks
[2013/07/11 23:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/07/11 23:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/07/11 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/07/11 23:58:03 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/07/11 23:58:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 23:58:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/07/11 23:58:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/07/11 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/11 23:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/07/11 23:57:39 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Real
[2013/07/11 23:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/11 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Google
[2013/07/11 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/11 23:55:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Macromedia
[2013/07/11 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/07/11 21:02:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
[2013/07/11 21:02:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Hewlett-Packard
[2013/07/11 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Hewlett-Packard
[2013/07/11 19:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CrashDumps
[2013/07/11 19:54:21 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Diagnostics
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Searches
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Contacts
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/11 19:45:04 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/11 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Adobe
[2013/07/11 19:44:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/07/11 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Synaptics
[2013/07/11 19:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Power2Go8
[2013/07/11 19:42:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/07/11 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\VirtualStore
[2013/07/11 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Packages
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Temporary Internet Files
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Templates
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Start Menu
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\SendTo
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Recent
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\PrintHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\NetHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Videos
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Pictures
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Music
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\My Documents
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Local Settings
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\History
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Cookies
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Application Data
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Application Data
[2013/07/11 19:41:01 | 000,000,000 | --SD | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Desktop
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/07/11 19:41:01 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\AppData
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Videos
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Saved Games
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Pictures
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Music
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Links
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Favorites
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Downloads
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Documents
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.system.package.metadata
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.applications.package.appdata
[2013/07/11 19:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/19 12:18:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/19 12:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 12:15:44 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/19 12:15:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 10:54:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/19 10:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/18 17:08:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/18 17:04:26 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 17:04:26 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 17:04:26 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 17:00:47 | 005,091,168 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/18 16:57:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/18 16:57:07 | 3333,857,280 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 16:49:25 | 000,559,341 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/18 16:43:53 | 000,662,345 | ---- | M] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:51 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:38:06 | 000,001,268 | ---- | M] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 09:37:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/16 23:51:28 | 000,000,173 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:38:34 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:55 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 21:31:59 | 000,891,022 | ---- | M] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | M] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/15 18:00:01 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/13 12:21:46 | 000,002,283 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/13 12:13:11 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/07/12 21:35:02 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 00:02:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/07/11 23:58:03 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/07/11 23:58:00 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 23:58:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/07/11 23:58:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/07/11 19:53:14 | 000,001,428 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/27 15:04:51 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/27 15:04:51 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/07/18 16:43:53 | 000,662,345 | ---- | C] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:42 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:44:10 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013/07/17 16:44:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/17 16:38:06 | 000,001,268 | ---- | C] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 13:31:34 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/17 10:40:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/17 10:40:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/17 10:40:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/17 10:40:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/17 10:40:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/16 23:51:07 | 000,000,173 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:31:58 | 000,891,022 | ---- | C] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | C] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/13 18:44:17 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/13 18:44:16 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/13 12:16:28 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/12 12:56:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/12 11:03:00 | 000,000,482 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/12 00:02:49 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/07/11 23:57:38 | 000,002,283 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/11 23:57:37 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 23:57:26 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 23:57:25 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/11 19:53:14 | 000,001,428 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/11 19:44:56 | 000,001,434 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/07/11 19:44:34 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/07/11 19:44:31 | 000,002,358 | ---- | C] () -- C:\Users\Public\Desktop\Walmart Photo Center.lnk
[2013/07/11 19:41:52 | 000,000,352 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/11 19:41:52 | 000,000,334 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/08 13:18:04 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/08/08 13:17:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 13:17:52 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/03 15:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012/08/17 10:48:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #24 on: July 20, 2013, 06:38:54 AM »
OTL Extras logfile created on: 7/19/2013 12:18:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ashley\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 74.77% Memory free
7.38 Gb Paging File | 6.41 Gb Available in Paging File | 86.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.47 Gb Total Space | 394.96 Gb Free Space | 89.26% Space Free | Partition Type: NTFS
Drive D: | 22.52 Gb Total Space | 2.74 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
 
Computer Name: SKAIA | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D033936-F169-49E8-9435-8505270E7ACA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{36D82B3C-31BF-488A-9463-D21377871A65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056CE0FA-7028-427F-833E-97724F53AEA3}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{0D98256F-8128-49D9-A456-BA83022CF5A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{127680ED-EED0-43EA-B31C-62E05E0CC402}" = dir=out | name=youtube now |
"{16175F0C-4FCF-49E5-813C-CB51B7A81FA5}" = dir=out | name=norton studio |
"{16C89016-2D0B-4B69-BDC6-2FE38EDD07E2}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{16E4338E-7DDC-4A99-A6B7-EFA34025748E}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{232913AE-F58A-412D-AED3-20ADB207D71D}" = dir=out | name=netflix |
"{295ED328-414E-4005-912C-245BC7C7B2C9}" = dir=out | name=microsoft mahjong |
"{2F76A184-4822-48D5-81D7-A84D44D7BCDD}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{347CE2BF-9213-4599-BEE1-B50E6CB652CE}" = dir=out | name=skype |
"{40D9FA60-0BD6-4E8E-9624-F993D6B41F4B}" = dir=out | name=hp+ |
"{4A0A2AC4-70EF-4E0C-9DAC-C42DE7094B1F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{4C0F9A9F-F358-443D-9E80-C0AC1DF1A13C}" = dir=out | name=getting started with windows 8 |
"{4D5E83E9-9AF0-467F-8FAC-A1F1FD693DEA}" = dir=out | name=hp registration |
"{4E6763C9-8735-4D26-A147-ADA76AB9D889}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E98480B-F2D3-4971-B00C-E31791C23FE4}" = dir=out | name=flow free |
"{55940E40-1247-450F-AA20-A779365BE37F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{565B39B5-FB15-4D96-9C49-E7D0300834A7}" = dir=out | name=facebook now |
"{6012208F-0ABB-41EC-8DE8-8D9D3D1A5300}" = dir=in | name=hp connected photo powered by snapfish |
"{63C8DB43-825F-41FA-8C80-E47FC6C527D5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6A12087F-EF7C-4FA8-8D1D-1F7E0231284D}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{6A5A80D1-BED8-4E13-BFAE-D49CB6AEA67D}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{7709DE49-9807-432A-873F-CE172C180B19}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{791AEA90-D417-4D6F-B3BF-98C6A684A876}" = dir=out | name=ebay |
"{7FBCA126-1DFA-4CD9-B468-FB08AF6D72EA}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85548053-3389-4EE0-9AA5-DD56253F8E81}" = dir=in | name=hp+ |
"{8917CD41-853D-4194-960D-24177F501042}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{905125E9-F051-4A7A-8388-E89DE791394E}" = dir=out | name=tumblr now |
"{91A0AFBD-155E-449B-AF3A-6583ECFB08DE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{924F7C0B-2B71-4750-8B8F-6E56E756E90A}" = dir=out | name=hp connected photo powered by snapfish |
"{BD40F4BC-C3DC-4E45-9DF6-14DDEE0DD31A}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{BFAE7A54-2261-4571-83B7-606444C94C2C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C4576725-5893-4D6C-8293-AB289C77EE71}" = dir=out | name=microsoft solitaire collection |
"{C8570DC9-4048-44F2-A224-D2F836322030}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{CFEEB326-7EEC-4BC2-8308-7646B64E0577}" = dir=out | name=iheartradio |
"{D82C70A1-2CD2-4231-A792-9D610B697590}" = dir=out | name=photo editor |
"{D9F620E2-B911-47F4-B653-06FC939E9301}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA550552-7BA1-4B35-AFD8-DC5BE1544620}" = dir=in | name=skype |
"{E4FC2A0A-F7AF-448A-BEB8-5C67F650B525}" = dir=out | name=kindle |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ECEF9D1A-3B8F-4AFD-8DD8-C812ADC2BCE1}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{F07430BF-3294-495B-B4AF-548124B97B99}" = dir=in | name=ebay |
"{F31AD9AA-5191-41A9-8D4B-C3598AFBD30E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F4454ACA-398A-453E-8A78-C90489283FA2}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{FC6AEBF5-BF0F-4C9F-AD4D-F1C824405BE1}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"TCP Query User{B37B20AD-10D8-412D-A67C-D8540B1AAE43}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{46B13E25-66B2-4607-BC4C-5FC74699A5F0}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04DB50FA-EA80-4256-85F9-540C582E280D}" = QuickShare
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}" = HP Documentation
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.95
"Tiny Media Player_is1" = Tiny Media Player v1.0
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-057d6a72-b7e1-415f-9db1-71e6a83e29f5" = Bejeweled 3
"WTA-091a783a-5159-446d-934e-b9f672c7443e" = Penguins!
"WTA-0c1fa763-77e6-44cd-b404-ce6a6e633d68" = Luxor Evolved
"WTA-0c5b3f60-1faf-46ce-a3e7-1d4108b6686d" = Polar Golfer
"WTA-132a3cad-e4c2-4486-89c4-1cf0b219d473" = Tales of Lagoona
"WTA-1a04f438-53c4-48ee-9a33-1d8c4380eb51" = Chuzzle Deluxe
"WTA-1addad0a-abf4-4def-8c9f-81e55f8f65f0" = John Deere Drive Green
"WTA-314b84d8-f288-4c11-92d5-7a997cae46ea" = Final Drive Fury
"WTA-4a14ef9b-51bf-4613-8d86-e118f006130e" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-4d0aa498-5529-40b3-8792-263b84fd14e9" = FlatOut 2
"WTA-588927c0-797c-4848-97ce-0ac53b588e86" = Hoyle Card Games
"WTA-59c7b1b0-4198-4ecf-a8b1-ea98cf2bbfd7" = Governor of Poker 2 Premium Edition
"WTA-5d4b93c3-8250-440e-a95b-07d17aa802d4" = Jewel Match 3
"WTA-617603f6-9833-4db3-873a-55bbee92c814" = Peggle Nights
"WTA-682320c0-e89f-4873-86e4-2b560303b8d4" = Build-a-lot 4 - Power Source
"WTA-742705b3-1f08-4501-a6c1-66664a0aaaa0" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-7687659f-af32-4d94-b992-685302f59a31" = 4 Elements II
"WTA-7f3180fb-394a-434b-974e-6c0e710b6da8" = Roads of Rome 3
"WTA-811f7893-7131-4281-b130-f848d1bdf1e4" = Farm Frenzy
"WTA-81799265-3f8b-4022-822e-83742c37fd27" = Polar Bowler
"WTA-9dc5d37d-eb0e-4f78-b3c1-eeb228ce1879" = Cradle Of Egypt Collector's Edition
"WTA-b28f2b65-ae87-4a02-a9be-2b45716fc3d6" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-b8ba47ee-2a35-4c89-b6f8-34baeca75aab" = FATE: The Cursed King
"WTA-bf0d4a4f-c231-4607-84f1-06d38b1c9bb0" = Vacation Quest™ - Australia
"WTA-d5e0f69e-8178-402d-8914-f41f029dfae3" = Cradle of Rome 2
"WTA-eeb3cfb2-237b-4282-9880-470303e16118" = Zuma's Revenge
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext
"Pokki" = Pokki
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/17/2013 12:27:08 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/17/2013 1:05:33 PM | Computer Name = Skaia | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16384,
 time stamp: 0x50107ee0  Faulting module name: IEFRAME.dll, version: 10.0.9200.16390,
 time stamp: 0x501b41b4  Exception code: 0xc0000005  Fault offset: 0x001f8831  Faulting
 process id: 0x78c  Faulting application start time: 0x01ce830b7221352a  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\SYSTEM32\IEFRAME.dll  Report Id: 170d2083-ef03-11e2-be7b-78e3b579eef5  Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 7/17/2013 1:14:49 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/17/2013 2:00:35 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/17/2013 4:11:32 PM | Computer Name = Skaia | Source = Application Error | ID = 1000
Description = Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp:
 0x50079e34  Faulting module name: d2d1.dll, version: 6.2.9200.16384, time stamp:
0x50108825  Exception code: 0xc0000005  Fault offset: 0x0012f269  Faulting process id:
 0x500  Faulting application start time: 0x01ce8329d03b649d  Faulting application path:
 C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe  Faulting module
 path: C:\Windows\SYSTEM32\d2d1.dll  Report Id: 1209bcc2-ef1d-11e2-be7b-78e3b579eef5
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 7/17/2013 4:12:34 PM | Computer Name = Skaia | Source = Application Error | ID = 1000
Description = Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp:
 0x50079e34  Faulting module name: d2d1.dll, version: 6.2.9200.16384, time stamp:
0x50108825  Exception code: 0xc0000005  Fault offset: 0x0012f269  Faulting process id:
 0x115c  Faulting application start time: 0x01ce8329f60b7243  Faulting application path:
 C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe  Faulting module
 path: C:\Windows\SYSTEM32\d2d1.dll  Report Id: 371f2d99-ef1d-11e2-be7b-78e3b579eef5
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 7/17/2013 7:39:26 PM | Computer Name = Skaia | Source = MsiInstaller | ID = 11721
Description =
 
Error - 7/18/2013 11:30:11 AM | Computer Name = Skaia | Source = Application Hang | ID = 1002
Description = The program lSing.exe version 1.122.0.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: b0c    Start Time:
 01ce83cb741a5cb8    Termination Time: 0    Application Path: C:\Program Files (x86)\LyricSing\lSing.exe

Report
 Id: e28986d0-efbe-11e2-be7d-78e3b579eef5    Faulting package full name:     Faulting package-relative
 application ID:   
 
Error - 7/18/2013 3:46:13 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/19/2013 1:28:55 PM | Computer Name = Skaia | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 7/18/2013 11:24:25 AM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 11:31:40 AM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 7:45:48 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 7:57:23 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 8:05:37 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 7/18/2013 8:07:31 PM | Computer Name = Skaia | Source = Application Popup | ID = 1060
Description =
 
Error - 7/18/2013 8:07:31 PM | Computer Name = Skaia | Source = Application Popup | ID = 1060
Description =
 
Error - 7/18/2013 8:08:09 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 7/19/2013 1:39:43 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 7/19/2013 1:41:33 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
 
< End of report >

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #25 on: July 20, 2013, 06:43:27 AM »
I apologize Corrine. I was so tired from staying up late after working graveyard that I forgot to preview and make sure it was all there. I know better than that as I have read many posts with the OTL logs and they always seem to need multiple posts.

I think I got it all this time.

Sorry for taking so long to get this completed. My wife woke me up after only a couple of hours sleep to get me to head out of town for a bit. We just got back.

4

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7417
  • Liverpool FC - YNWA
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #26 on: July 20, 2013, 12:47:31 PM »
Corrine messaged me that a big storm knocked out both her cable and internet last night. It may be a bit before she can return to help you ...
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #27 on: July 20, 2013, 02:18:54 PM »
Thank you Winchester.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20704
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #28 on: July 21, 2013, 04:16:48 PM »
Hi, 4on4off.

That was some storm that went through here.  Whatever happened, all Time Warner services were down (cable, internet and phone).  I'm glad we have our phone service through a different carrier and that we didn't lose power. 

Back to your niece's computer.  Please follow these instructions in the order provided.

1.  Conduit is still showing as the default search engine in Google Chrome.  To reset the Google Chrome search, please see Set your default search engine - Chrome Help.

2.  I missed something when I was having you remove questionable programs.   Your niece has RegCure Pro installed.  You need to impress on her that registry cleaner programs do more harm than good.  I would strongly encourage you to uninstall RegCure Pro.

3.  Next, let's see if OTL can remove the remnants that keep showing up.
  • Double-click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: [Select]
:Commands
[CREATERESTOREPOINT]
:OTL
O2 - BHO: (GetSavin 5.0) - {B3522C04-B9DB-4C57-AA22-929092423BDD} - C:\Users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll File not found
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ashley\AppData\Local\DefineExt\temp.dat File not found
O2 - BHO: (SmileysWeLoveToolbar) - {e4ef8a64-0a30-48f5-b3fe-5fda978da775} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll File not found
[2013/07/14 11:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE
[2013/07/13 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
[2013/07/13 12:13:51 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/07/13 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/07/13 12:13:11 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[EMPTYTEMP]
  • Click the Run Fix button.
  • OTL will now process the instructions.  Please let it run without interruption.
  • If not prompted to restart by OTL, please restart manually.
  • After restarting, the fix log will open. (The Fix log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log)
  • Copy/Paste the log in your next reply please.
4.  After posting the resulting log, please Rescan as follows:

Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #29 on: July 21, 2013, 06:35:13 PM »
 Hi Corrine,

Glad to hear you are back. Up and running.  I am at work on an extra shift for another 7 hours.

I will get this done as soon as I get home tonight.

Thank you.

4