TechSpot

Trojan found

By mom26gr8kids
Apr 24, 2013
  1. I already posted tonight, but that post was for my PC and this post is for my laptop. Rarely are both machines exhibiting trouble at the same time, but when I ran my Super AntiSpyware check tonight on my computer it found:
    Trojan.Agent/Gen-ImageDocFake

    I only purchased this laptop a little more than a week ago, and I am still in the process of adding all the programs I would like to it. My kids asked me to download a couple of games I had purchased in the past onto this computer, and in the process of doing that last night the program stopped working (I was trying to download from the internet). So, I closed the program and shut the computer down figuring I would try again in a couple days. However, today several times when I was using my computer I would get a message that said something about my computer having encountered an error that caused it to reboot. So, I ran a virus scan with Avast (which turned up nothing) and then the one with SAS. Now, here are the logs of the other scans I ran.

    Thanks in advance for helping me out with 2 computers at once. A couple of my kids have a really busy week this week with a big theater production, so we have several nights of rehearsals and performances. If I do not respond right away I am not ignoring you, I may just need a few days to work on this. Thanks again.
     
  2. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    MBAM log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.24.01

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16540
    Kendra :: MOMSPC [administrator]

    4/24/2013 12:41:07 AM
    mbam-log-2013-04-24 (00-41-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207982
    Time elapsed: 3 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    DDS log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537
    Run by Kendra at 0:58:36 on 2013-04-24
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5578.4241 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Elantech\ETDService.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    C:\Windows\RfBtnSvc64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\dashost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhostex.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://acer13.msn.com
    uDefault_Page_URL = hxxp://acer13.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [LManager] <no file>
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{93861460-374F-46E0-90B7-36421D29E88F} : NameServer = 8.26.56.26,156.154.70.22
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - ExtSQL: 2013-04-15 12:53; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-4-15 65336]
    R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-4-15 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-4-15 377920]
    R1 ccSet_NARA;NARA Settings Manager;C:\Windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-1-16 168608]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-1-16 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-1-16 712216]
    R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-1-16 37560]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-27 239616]
    R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-1-16 199008]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-4-15 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-4-15 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-15 45248]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-27 350544]
    R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-27 100752]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-16 2466448]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-15 3943104]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-11-2 259136]
    R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2013-1-16 98160]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-27 91648]
    R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-12-13 664288]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-12-27 331152]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-12-27 118936]
    R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2013-1-16 26736]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-1-16 343696]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-16 58536]
    S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-4-15 178624]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928]
    S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtwlane.sys [2012-6-29 1119232]
    .
    =============== Created Last 30 ================
    .
    2013-04-24 06:38:29--------d-----w-C:\Users\Kendra\AppData\Roaming\Malwarebytes
    2013-04-24 06:38:11--------d-----w-C:\ProgramData\Malwarebytes
    2013-04-24 06:38:0425928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-04-24 06:38:04--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-24 06:37:52--------d-----w-C:\Users\Kendra\AppData\Local\Programs
    2013-04-23 06:50:46--------d-----w-C:\Program Files (x86)\Build-a-lot 2 - Town of the Year
    2013-04-23 06:34:23--------d-----w-C:\ProgramData\Big Fish Games
    2013-04-23 06:34:21--------d-----w-C:\Program Files (x86)\bfgclient
    2013-04-23 06:28:05--------d-----w-C:\BigFishGamesCache
    2013-04-22 19:37:50--------d-----w-C:\Users\Kendra\AppData\Local\CrashDumps
    2013-04-19 18:21:50193200----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin
    2013-04-18 04:20:47--------d-----w-C:\ProgramData\Wild Tangent
    2013-04-17 01:13:38--------d-----w-C:\Users\Kendra\AppData\Roaming\SUPERAntiSpyware.com
    2013-04-17 01:12:47--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
    2013-04-17 01:12:47--------d-----w-C:\Program Files\SUPERAntiSpyware
    2013-04-17 00:23:2916114176----a-w-C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-04-17 00:23:2815541248----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-04-17 00:12:27--------d-----w-C:\Users\Kendra\AppData\Local\Mozilla
    2013-04-16 22:43:3386016----a-w-C:\Windows\System32\ncryptsslp.dll
    2013-04-16 22:43:3371168----a-w-C:\Windows\SysWow64\ncryptsslp.dll
    2013-04-16 22:43:27144384----a-w-C:\Windows\System32\tssdisai.dll
    2013-04-16 22:43:27135680----a-w-C:\Windows\System32\appserverai.dll
    2013-04-16 22:43:27126976----a-w-C:\Windows\System32\RDWebAI.dll
    2013-04-16 22:43:27122880----a-w-C:\Windows\System32\VmHostAI.dll
    2013-04-16 22:43:25148480----a-w-C:\Windows\System32\poqexec.exe
    2013-04-16 22:43:25132608----a-w-C:\Windows\SysWow64\poqexec.exe
    2013-04-16 22:43:204041728----a-w-C:\Windows\System32\win32k.sys
    2013-04-16 22:40:59731648----a-w-C:\Windows\System32\win32spl.dll
    2013-04-16 22:38:51622080----a-w-C:\Windows\System32\drivers\srv2.sys
    2013-04-16 22:38:51370688----a-w-C:\Windows\System32\drivers\mrxsmb.sys
    2013-04-16 22:38:51247808----a-w-C:\Windows\System32\drivers\srvnet.sys
    2013-04-16 22:38:51215552----a-w-C:\Windows\System32\drivers\mrxsmb20.sys
    2013-04-16 22:38:491690624----a-w-C:\Windows\System32\GdiPlus.dll
    2013-04-16 22:38:481437184----a-w-C:\Windows\SysWow64\GdiPlus.dll
    2013-04-16 22:38:2620992----a-w-C:\Windows\System32\drivers\usb8023.sys
    2013-04-16 22:38:19405504----a-w-C:\Windows\System32\pcasvc.dll
    2013-04-16 22:38:1931232----a-w-C:\Windows\System32\pcadm.dll
    2013-04-16 22:38:1913312----a-w-C:\Windows\System32\pcalua.exe
    2013-04-16 22:38:1911776----a-w-C:\Windows\System32\pcaevts.dll
    2013-04-16 22:35:4755272----a-w-C:\Program Files\Windows Defender\MpUXSrv.exe
    2013-04-16 22:34:591802240----a-w-C:\Windows\SysWow64\msxml6.dll
    2013-04-16 22:34:591438720----a-w-C:\Windows\SysWow64\msxml3.dll
    2013-04-16 22:34:582048----a-w-C:\Windows\SysWow64\msxml6r.dll
    2013-04-16 22:34:582048----a-w-C:\Windows\SysWow64\msxml3r.dll
    2013-04-16 22:34:582048----a-w-C:\Windows\System32\msxml6r.dll
    2013-04-16 22:34:582048----a-w-C:\Windows\System32\msxml3r.dll
    2013-04-16 22:25:5050784----a-w-C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
    2013-04-16 22:25:4217536----a-w-C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2013-04-15 19:39:34--------d-s---w-C:\ProgramData\Shared Space
    2013-04-15 19:37:59--------d-----w-C:\Program Files\COMODO
    2013-04-15 19:37:54--------d-----w-C:\ProgramData\Comodo
    2013-04-15 19:37:52--------d-----w-C:\ProgramData\Comodo Downloader
    2013-04-15 19:27:43--------d-----w-C:\Users\Kendra\AppData\Roaming\WildTangent
    2013-04-15 18:54:2270992----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2013-04-15 18:54:051025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2013-04-15 18:54:03178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
    2013-04-15 18:54:0065336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
    2013-04-15 18:53:5780816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2013-04-15 18:52:4341664----a-w-C:\Windows\avastSS.scr
    2013-04-15 18:52:21--------d-----w-C:\Program Files\AVAST Software
    2013-04-15 18:50:22--------d-----w-C:\ProgramData\AVAST Software
    2013-04-15 17:46:26--------d-----w-C:\Users\Kendra\AppData\Local\Google
    2013-04-15 17:46:07--------d-----w-C:\Users\Kendra\AppData\Local\Apps
    2013-04-15 17:46:06--------d-----w-C:\Users\Kendra\AppData\Local\Deployment
    2013-04-15 17:41:50--------d-----w-C:\Program Files\Accessory Store
    2013-04-15 17:41:42--------d-----w-C:\ProgramData\OEM_E471269A730D
    2013-04-15 17:41:36--------d-----r-C:\Users\Kendra\Searches
    2013-04-15 17:41:36--------d-----r-C:\Users\Kendra\Contacts
    2013-04-15 17:40:55--------d-----w-C:\Users\Kendra\AppData\Roaming\lm
    2013-04-15 17:39:35--------d-----w-C:\Users\Kendra\AppData\Local\VirtualStore
    2013-04-15 17:39:08--------d-----w-C:\Users\Kendra\AppData\Local\Packages
    .
    ==================== Find3M ====================
    .
    2013-04-15 17:38:5637560----a-w-C:\Windows\System32\drivers\cmdhlp.sys
    2013-04-15 17:38:55712216----a-w-C:\Windows\System32\drivers\cmdguard.sys
    2013-04-15 17:38:5523168----a-w-C:\Windows\System32\drivers\cmderd.sys
    2013-04-15 17:38:3843216----a-w-C:\Windows\System32\cmdcsr.dll
    2013-04-15 17:38:37348584----a-w-C:\Windows\SysWow64\guard32.dll
    2013-04-15 17:38:36437176----a-w-C:\Windows\System32\guard64.dll
    2013-04-15 17:38:29343760----a-w-C:\Windows\System32\cmdvrt64.dll
    2013-04-15 17:38:2845776----a-w-C:\Windows\System32\cmdkbd64.dll
    2013-04-15 17:38:25276688----a-w-C:\Windows\SysWow64\cmdvrt32.dll
    2013-04-15 17:38:2440656----a-w-C:\Windows\SysWow64\cmdkbd32.dll
    2013-04-02 22:08:0178176----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-02 22:08:01692576----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-07 06:50:566991592----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-03-02 10:57:48337128----a-w-C:\Windows\System32\drivers\USBXHCI.SYS
    2013-03-02 10:57:4677544----a-w-C:\Windows\System32\drivers\storahci.sys
    2013-03-02 10:57:46332520----a-w-C:\Windows\System32\drivers\storport.sys
    2013-03-02 10:57:46283880----a-w-C:\Windows\System32\drivers\spaceport.sys
    2013-03-02 10:45:20148712----a-w-C:\Windows\System32\drivers\tpm.sys
    2013-03-02 10:45:19194792----a-w-C:\Windows\System32\drivers\sdbus.sys
    2013-03-02 10:45:10125160----a-w-C:\Windows\System32\drivers\dumpsd.sys
    2013-03-02 10:39:39495336----a-w-C:\Windows\System32\drivers\vhdmp.sys
    2013-03-02 10:39:3869864----a-w-C:\Windows\System32\drivers\pdc.sys
    2013-03-02 10:39:32327912----a-w-C:\Windows\System32\drivers\Classpnp.sys
    2013-03-02 09:59:372231528----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-03-02 09:59:36411880----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-03-02 08:24:0834304----a-w-C:\Windows\SysWow64\wuapp.exe
    2013-03-02 08:23:4383968----a-w-C:\Windows\SysWow64\wudriver.dll
    2013-03-02 08:23:43125952----a-w-C:\Windows\SysWow64\wuwebv.dll
    2013-03-02 08:23:30893952----a-w-C:\Windows\SysWow64\winmde.dll
    2013-03-02 08:23:301338880----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
    2013-03-02 08:23:28601088----a-w-C:\Windows\SysWow64\Windows.Globalization.dll
    2013-03-02 08:23:28504320----a-w-C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
    2013-03-02 08:23:198857088----a-w-C:\Windows\SysWow64\twinui.dll
    2013-03-02 08:23:19246784----a-w-C:\Windows\SysWow64\ubpm.dll
    2013-03-02 08:23:04356352----a-w-C:\Windows\SysWow64\SettingSync.dll
    2013-03-02 08:23:04100864----a-w-C:\Windows\SysWow64\SettingSyncInfo.dll
    2013-03-02 08:23:00375808----a-w-C:\Windows\SysWow64\ReAgent.dll
    2013-03-02 08:22:36357888----a-w-C:\Windows\SysWow64\netcfgx.dll
    2013-03-02 08:22:325091840----a-w-C:\Windows\SysWow64\mstscax.dll
    2013-03-02 08:22:18361984----a-w-C:\Windows\SysWow64\MFMediaEngine.dll
    2013-03-02 08:22:17850944----a-w-C:\Windows\SysWow64\mfasfsrcsnk.dll
    2013-03-02 08:21:56550912----a-w-C:\Windows\SysWow64\drvstore.dll
    2013-03-02 08:21:5236352----a-w-C:\Windows\SysWow64\DevDispItemProvider.dll
    2013-03-02 08:21:40309760----a-w-C:\Windows\SysWow64\BCP47Langs.dll
    2013-03-02 08:21:392033664----a-w-C:\Windows\SysWow64\authui.dll
    2013-03-02 08:21:32145408----a-w-C:\Windows\SysWow64\powercfg.cpl
    2013-03-02 02:44:59448512----a-w-C:\Windows\System32\SettingSync.dll
    2013-03-02 02:44:59128512----a-w-C:\Windows\System32\SettingSyncInfo.dll
    2013-03-02 02:44:561011200----a-w-C:\Windows\System32\reseteng.dll
    2013-03-02 02:44:41455168----a-w-C:\Windows\System32\netcfgx.dll
    2013-03-02 02:44:41117248----a-w-C:\Windows\System32\NdisImPlatform.dll
    2013-03-02 02:44:385978624----a-w-C:\Windows\System32\mstscax.dll
    2013-03-02 02:44:30468992----a-w-C:\Windows\System32\MFMediaEngine.dll
    2013-03-02 02:44:291048576----a-w-C:\Windows\System32\mfasfsrcsnk.dll
    2013-03-02 02:44:08703488----a-w-C:\Windows\System32\drvstore.dll
    2013-03-02 02:44:07150016----a-w-C:\Windows\System32\discan.dll
    2013-03-02 02:44:0549152----a-w-C:\Windows\System32\DevDispItemProvider.dll
    2013-03-02 02:43:591933312----a-w-C:\Windows\System32\wbem\cimwin32.dll
    2013-03-02 02:43:56389120----a-w-C:\Windows\System32\BCP47Langs.dll
    2013-03-02 02:43:552302464----a-w-C:\Windows\System32\authui.dll
    2013-03-02 02:43:512146304----a-w-C:\Windows\System32\actxprxy.dll
    2013-03-02 02:43:50156160----a-w-C:\Windows\System32\powercfg.cpl
    2013-03-02 02:15:5326112----a-w-C:\Windows\System32\drivers\mouhid.sys
    2013-03-01 04:56:1830720----a-w-C:\Windows\System32\drivers\monitor.sys
    2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
    2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
    2013-02-21 10:15:00915968----a-w-C:\Windows\System32\uxtheme.dll
    2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
    2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-02-19 09:53:00534528----a-w-C:\Windows\SysWow64\uxtheme.dll
    2013-02-15 07:58:5939936----a-w-C:\Windows\apppatch\apppatch64\acspecfc.dll
    2013-02-15 06:35:40444416----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-02-07 01:33:01754176----a-w-C:\Windows\SysWow64\actxprxy.dll
    2013-02-02 11:19:44496872----a-w-C:\Windows\System32\drivers\usbhub.sys
    2013-02-02 11:19:44446184----a-w-C:\Windows\System32\drivers\USBHUB3.SYS
    2013-02-02 11:19:3361672----a-w-C:\Windows\System32\drivers\crashdmp.sys
    2013-02-02 10:54:541933544----a-w-C:\Windows\System32\drivers\ntfs.sys
    2013-02-02 10:28:54993512----a-w-C:\Windows\System32\drivers\ndis.sys
    2013-02-02 08:40:58375808----a-w-C:\Windows\SysWow64\wbem\WmiPrvSE.exe
    2013-02-02 08:40:5580896----a-w-C:\Windows\SysWow64\tasklist.exe
    2013-02-02 08:40:5579360----a-w-C:\Windows\SysWow64\taskkill.exe
    2013-02-02 08:40:36155136----a-w-C:\Windows\SysWow64\XpsRasterService.dll
    2013-02-02 08:40:35370688----a-w-C:\Windows\SysWow64\WWanAPI.dll
    2013-02-02 08:40:27131072----a-w-C:\Windows\SysWow64\wbem\WmiDcPrv.dll
    2013-02-02 08:40:26410624----a-w-C:\Windows\SysWow64\wlroamextension.dll
    2013-02-02 08:40:22197632----a-w-C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
    2013-02-02 08:40:2210792448----a-w-C:\Windows\SysWow64\Windows.UI.Xaml.dll
    2013-02-02 08:39:59325632----a-w-C:\Windows\SysWow64\schannel.dll
    2013-02-02 08:39:4718432----a-w-C:\Windows\SysWow64\npmproxy.dll
    2013-02-02 08:39:3455296----a-w-C:\Windows\SysWow64\nlaapi.dll
    2013-02-02 08:39:3415872----a-w-C:\Windows\SysWow64\nlmproxy.dll
    2013-02-02 08:39:3412288----a-w-C:\Windows\SysWow64\nlmsprep.dll
    2013-02-02 08:39:33115712----a-w-C:\Windows\SysWow64\netprofm.dll
    2013-02-02 08:39:15157696----a-w-C:\Windows\SysWow64\mbsmsapi.dll
    2013-02-02 08:38:54567808----a-w-C:\Windows\SysWow64\duser.dll
    2013-02-02 08:24:19107520----a-w-C:\Windows\System32\taskkill.exe
    2013-02-02 08:24:19102400----a-w-C:\Windows\System32\tasklist.exe
    .
    ============= FINISH: 1:00:30.67 ===============
     
  4. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/15/2013 11:38:53 AM
    System Uptime: 4/23/2013 11:44:27 PM (2 hours ago)
    .
    Motherboard: Gateway | | VG50_CM
    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics | Socket FT1 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 682 GiB total, 646.874 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2: 4/15/2013 12:52:01 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Agatha Christie - Death on the Nile
    Aloha TriPeaks
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Quick Stream
    AMD VISION Engine Control Center
    avast! Free Antivirus
    Backup Manager v4
    Bejeweled 3
    Big Fish Games: Game Manager
    Broadcom 802.11 Network Adapter
    Build-a-lot 2: Town of the Year
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    COMODO Internet Security
    Cradle Of Egypt Collector's Edition
    CyberLink MediaEspresso 6.5
    CyberLink PowerDVD 10
    Delicious: Emily's True Love Premium Edition
    Dora's World Adventure
    Dritek Radio Controller
    ETDWare PS/2-X64 11.6.16.003_WHQL
    Gateway Device Fast-lane
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Google Chrome
    Google Drive
    Google Update Helper
    Identity Card
    Jewel Match 3
    Launch Manager
    Live Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Office
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 20.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mystery P.I. - Curious Case of Counterfeit Cove
    Nero 12 Essentials OEM.a01
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Express
    Nero Express Help (CHM)
    Nero Launcher
    Nero Update
    Norton Online Backup
    Norton Online Backup ARA
    Peggle Nights
    Penguins!
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    Prerequisite installer
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Spotify
    SUPERAntiSpyware
    Tales of Lagoona
    Update Installer for WildTangent Games App
    WildTangent Games
    WildTangent Games App
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/23/2013 4:25:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8005bfc060, 0xfffff802119f1770, 0xfffffa800b45fc60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042313-26816-01.
    4/23/2013 11:44:31 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    4/23/2013 11:09:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}. The master browser is stopping or an election is being forced.
    4/23/2013 10:58:14 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.21. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
    4/23/2013 10:56:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8005bdb880, 0xfffff801dfbf1770, 0xfffffa8006e1c750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042313-24070-01.
    4/21/2013 6:31:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    4/21/2013 6:31:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    4/21/2013 6:30:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The System Events Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/21/2013 6:29:08 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The System Events Broker service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:31:20 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:25:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the System Events Broker service, but this action failed with the following error: An instance of the service is already running.
    4/19/2013 9:25:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The System Events Broker service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Microsoft Account Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/19/2013 9:20:17 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/19/2013 11:21:23 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x8007045a'. Restart your computer, and then restart the WMPNetworkSvc service.
    4/19/2013 11:17:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8005bdc880, 0xfffff803f0ba8760, 0xfffffa80098f3840). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041913-25038-01.
    4/19/2013 1:33:18 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/17/2013 7:28:05 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 3 time(s).
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  6. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Kendra [Admin rights]
    Mode : Remove -- Date : 04/26/2013 12:24:41
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]
    [RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]
    [RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{93861460-374F-46E0-90B7-36421D29E88F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD7500BPVT-22HXZT3 +++++
    --- User ---
    [MBR] 944be022e7c168eea5d9182c0176ef42
    [BSP] f0aa01dcb886ed30829a93b986d44bdb : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_04262013_02d1224.txt >>
    RKreport[1]_S_04262013_02d1222.txt ; RKreport[2]_D_04262013_02d1224.txt
     
  7. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.04.29.07

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16540
    Kendra :: MOMSPC [administrator]

    4/29/2013 11:36:53 AM
    mbar-log-2013-04-29 (11-36-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 6228
    Time elapsed: 21 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    system-log.txt?
     
  9. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.04.26.06

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16540
    Kendra :: MOMSPC [administrator]

    4/26/2013 1:17:07 PM
    mbar-log-2013-04-26 (13-17-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 6190
    Time elapsed: 30 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Mbar said it didn't find anything, but I posted the logs anyway. Let me know my next steps. Thanks
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
     
  12. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2013
    Ran by Kendra (administrator) on 02-05-2013 15:58:59
    Running from C:\Users\Kendra\Downloads
    Windows 8 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    (Dritek System INC.) C:\Windows\RfBtnSvc64.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Farbar) C:\Users\Kendra\Downloads\FRST64.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-10] (Realtek Semiconductor)
    HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2013-04-16] (SUPERAntiSpyware.com)
    HKLM-x32\...\Run: [LManager] [x]
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-09-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run [111216 2013-01-16] (Dritek System Inc.)
    HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    HKCU SearchScopes: DefaultScope {B277A523-F32E-4415-B0A5-C9795B9F5EFD} URL =
    SearchScopes: HKCU - {B277A523-F32E-4415-B0A5-C9795B9F5EFD} URL =
    BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}: [NameServer]8.26.56.26,156.154.70.22
    Tcpip\..\Interfaces\{93861460-374F-46E0-90B7-36421D29E88F}: [NameServer]8.26.56.26,156.154.70.22

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

    Chrome:
    =======
    CHR HomePage: hxxp://acer13.msn.com/
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    CHR Extension: (Google Docs) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (avast! WebRep) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
    CHR Extension: (Gmail) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
    R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5784472 2013-04-15] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158928 2013-04-15] (COMODO)
    S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
    R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [98160 2013-01-16] (Dritek System INC.)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()
    R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] (AVAST Software)
    R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)
    S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-20] (Advanced Micro Devices)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-01-16] (Broadcom Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-04-15] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [712216 2013-04-15] (COMODO)
    R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [37560 2013-04-15] (COMODO)
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-04-18] (COMODO)
    R3 L1C; C:\Windows\system32\DRIVERS\L1C63x64.sys [118936 2012-11-19] (Qualcomm Atheros Co., Ltd.)
    R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-16] (Dritek System Inc.)
    S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-29] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-02 15:58 - 2013-05-02 15:58 - 00000000 ____D C:\FRST
    2013-05-02 15:56 - 2013-05-02 15:56 - 01712312 ____A (Farbar) C:\Users\Kendra\Downloads\FRST64.exe
    2013-05-02 13:28 - 2013-05-02 13:32 - 00387288 ____A C:\Windows\Minidump\050213-45427-01.dmp
    2013-05-02 13:27 - 2013-05-02 13:28 - 00281088 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-04-29 11:00 - 2013-04-29 11:00 - 00000000 ____D C:\Users\Kendra\Downloads\mbar-1.05.0.1001 (1)
    2013-04-29 10:53 - 2013-04-29 10:57 - 12917756 ____A C:\Users\Kendra\Downloads\mbar-1.05.0.1001 (1).zip
    2013-04-29 10:41 - 2013-04-29 10:41 - 00000117 ____A C:\Windows\System32\netcfg-391655283.txt
    2013-04-29 10:41 - 2013-04-29 10:41 - 00000117 ____A C:\Windows\System32\netcfg-391654674.txt
    2013-04-29 10:06 - 2013-04-29 10:06 - 00000117 ____A C:\Windows\System32\netcfg-389572810.txt
    2013-04-29 10:06 - 2013-04-29 10:06 - 00000117 ____A C:\Windows\System32\netcfg-389569612.txt
    2013-04-28 21:53 - 2013-04-28 21:53 - 00000117 ____A C:\Windows\System32\netcfg-345576472.txt
    2013-04-28 21:53 - 2013-04-28 21:53 - 00000117 ____A C:\Windows\System32\netcfg-345576253.txt
    2013-04-28 21:17 - 2013-04-28 21:17 - 00000117 ____A C:\Windows\System32\netcfg-343400695.txt
    2013-04-28 21:17 - 2013-04-28 21:17 - 00000117 ____A C:\Windows\System32\netcfg-343400305.txt
    2013-04-28 21:04 - 2013-04-28 21:04 - 00000117 ____A C:\Windows\System32\netcfg-342612032.txt
    2013-04-28 21:03 - 2013-04-28 21:04 - 00000117 ____A C:\Windows\System32\netcfg-342611267.txt
    2013-04-28 13:01 - 2013-04-28 13:01 - 00000117 ____A C:\Windows\System32\netcfg-313664767.txt
    2013-04-28 13:01 - 2013-04-28 13:01 - 00000117 ____A C:\Windows\System32\netcfg-313661912.txt
    2013-04-28 00:35 - 2013-04-28 00:35 - 00000117 ____A C:\Windows\System32\netcfg-268898424.txt
    2013-04-28 00:35 - 2013-04-28 00:35 - 00000117 ____A C:\Windows\System32\netcfg-268895413.txt
    2013-04-27 11:25 - 2013-04-27 11:26 - 00000117 ____A C:\Windows\System32\netcfg-221539890.txt
    2013-04-27 11:25 - 2013-04-27 11:25 - 00000117 ____A C:\Windows\System32\netcfg-221539453.txt
    2013-04-26 23:02 - 2013-04-26 23:02 - 00000117 ____A C:\Windows\System32\netcfg-176907302.txt
    2013-04-26 23:02 - 2013-04-26 23:02 - 00000117 ____A C:\Windows\System32\netcfg-176906163.txt
    2013-04-26 19:57 - 2012-09-20 03:10 - 02367528 ____A (Microsoft Corporation) C:\Windows\System32\WSService.dll
    2013-04-26 19:57 - 2012-09-20 01:55 - 03265256 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys
    2013-04-26 19:57 - 2012-09-20 00:33 - 14259712 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2013-04-26 19:56 - 2012-09-20 02:40 - 00389360 ____A (Microsoft Corporation) C:\Windows\System32\MMDevAPI.dll
    2013-04-26 19:56 - 2012-09-20 02:31 - 00425192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
    2013-04-26 19:56 - 2012-09-20 02:28 - 01825208 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-04-26 19:56 - 2012-09-20 01:55 - 00533224 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys
    2013-04-26 19:56 - 2012-09-20 00:47 - 00307192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 03964416 ____A (Microsoft Corporation) C:\Windows\System32\WinSAT.exe
    2013-04-26 19:56 - 2012-09-20 00:33 - 02397184 ____A (Microsoft Corporation) C:\Windows\System32\WpcMon.exe
    2013-04-26 19:56 - 2012-09-20 00:33 - 01513984 ____A (Microsoft Corporation) C:\Windows\System32\vssapi.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 01304064 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00866304 ____A (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00757248 ____A (Microsoft Corporation) C:\Windows\System32\uDWM.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00573440 ____A (Microsoft Corporation) C:\Windows\System32\WinSATAPI.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00545280 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
    2013-04-26 19:56 - 2012-09-20 00:33 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\VAN.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00420352 ____A (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    2013-04-26 19:56 - 2012-09-20 00:33 - 00410624 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2013-04-26 19:56 - 2012-09-20 00:33 - 00344064 ____A (Microsoft Corporation) C:\Windows\System32\wlidcredprov.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00332800 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\wpnprv.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\WSClient.dll
    2013-04-26 19:56 - 2012-09-20 00:33 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\WSSync.dll
    2013-04-26 19:56 - 2012-09-20 00:32 - 01739264 ____A (Microsoft Corporation) C:\Windows\System32\RacEngn.dll
    2013-04-26 19:56 - 2012-09-20 00:32 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\propsys.dll
    2013-04-26 19:56 - 2012-09-20 00:32 - 01019392 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.dll
    2013-04-26 19:56 - 2012-09-20 00:32 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\provcore.dll
    2013-04-26 19:56 - 2012-09-20 00:32 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\rascfg.dll
    2013-04-26 19:56 - 2012-09-20 00:32 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00755200 ____A (Microsoft Corporation) C:\Windows\System32\fveapi.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00617984 ____A (Microsoft Corporation) C:\Windows\System32\mfsrcsnk.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00604672 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00355328 ____A (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\fveapibase.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00236544 ____A (Microsoft Corporation) C:\Windows\System32\MFPlay.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
    2013-04-26 19:56 - 2012-09-20 00:31 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\IPHLPAPI.DLL
    2013-04-26 19:56 - 2012-09-20 00:31 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\mmcss.dll
    2013-04-26 19:56 - 2012-09-20 00:30 - 03847168 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2013-04-26 19:56 - 2012-09-20 00:30 - 02219008 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2013-04-26 19:56 - 2012-09-20 00:30 - 01743872 ____A (Microsoft Corporation) C:\Windows\System32\combase.dll
    2013-04-26 19:56 - 2012-09-20 00:30 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\appwiz.cpl
    2013-04-26 19:56 - 2012-09-20 00:30 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll
    2013-04-26 19:56 - 2012-09-20 00:30 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\bcdsrv.dll
    2013-04-26 19:56 - 2012-09-20 00:30 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
    2013-04-26 19:56 - 2012-09-20 00:26 - 01409376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-04-26 19:56 - 2012-09-19 23:55 - 11875328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-04-26 19:56 - 2012-09-19 23:55 - 00995328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
    2013-04-26 19:56 - 2012-09-19 23:55 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
    2013-04-26 19:56 - 2012-09-19 23:54 - 01196032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
    2013-04-26 19:56 - 2012-09-19 23:54 - 00709632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
    2013-04-26 19:56 - 2012-09-19 23:54 - 00108544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
    2013-04-26 19:56 - 2012-09-19 23:53 - 03296256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2013-04-26 19:56 - 2012-09-19 23:53 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2013-04-26 19:56 - 2012-09-19 23:53 - 00675840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2013-04-26 19:56 - 2012-09-19 23:53 - 00119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
    2013-04-26 19:55 - 2012-09-20 03:08 - 00027280 ____A (Microsoft Corporation) C:\Windows\System32\avrt.dll
    2013-04-26 19:55 - 2012-09-20 02:04 - 00100072 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2013-04-26 19:55 - 2012-09-20 01:55 - 00120040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msgpioclx.sys
    2013-04-26 19:55 - 2012-09-20 01:03 - 00465128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-04-26 19:55 - 2012-09-20 00:48 - 00062488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
    2013-04-26 19:55 - 2012-09-20 00:33 - 01342464 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00699392 ____A (Microsoft Corporation) C:\Windows\System32\twinapi.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\lpksetup.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00588800 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00457216 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00390144 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\fhmanagew.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00117760 ____A (Microsoft Corporation) C:\Windows\System32\dwm.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00110592 ____A C:\Windows\System32\OEMLicense.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00107008 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00092672 ____A (Microsoft Corporation) C:\Windows\System32\drvinst.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\lpremove.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\TpmTasks.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\vsstrace.dll
    2013-04-26 19:55 - 2012-09-20 00:33 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\ndptsp.tsp
    2013-04-26 19:55 - 2012-09-20 00:33 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\kmddsp.tsp
    2013-04-26 19:55 - 2012-09-20 00:33 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\svchost.exe
    2013-04-26 19:55 - 2012-09-20 00:33 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\sdbinst.exe
    2013-04-26 19:55 - 2012-09-20 00:32 - 00256512 ____A (Microsoft Corporation) C:\Windows\System32\msvproc.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00228352 ____A (Microsoft Corporation) C:\Windows\System32\ProximityService.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\perfos.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00112128 ____A (Microsoft Corporation) C:\Windows\System32\PackageStateRoaming.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\RpcEpMap.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\rasdiag.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\perfctrs.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\rasmxs.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\perfproc.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\perfdisk.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\rasser.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\perfnet.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\MUILanguageCleanup.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\shimeng.dll
    2013-04-26 19:55 - 2012-09-20 00:32 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
    2013-04-26 19:55 - 2012-09-20 00:32 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00459776 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00437760 ____A (Microsoft Corporation) C:\Windows\System32\mfh264enc.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00315392 ____A (Microsoft Corporation) C:\Windows\System32\fhcfg.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00280576 ____A (Microsoft Corporation) C:\Windows\System32\fhcat.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00137728 ____A (Microsoft Corporation) C:\Windows\System32\fhshl.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00118272 ____A (Microsoft Corporation) C:\Windows\System32\DevPropMgr.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00116736 ____A (Microsoft Corporation) C:\Windows\System32\fhsvc.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\fhsrchapi.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fhevents.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\fhsrchph.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\fhlisten.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\fhautoplay.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\fhcleanup.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\fhtask.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\LangCleanupSysprepAction.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\fhsvcctl.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\eventcls.dll
    2013-04-26 19:55 - 2012-09-20 00:31 - 00008704 ____A (Microsoft Corporation) C:\Windows\System32\lpksetupproxyserv.dll
    2013-04-26 19:55 - 2012-09-20 00:30 - 02066432 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2013-04-26 19:55 - 2012-09-20 00:30 - 02016256 ____A (Microsoft Corporation) C:\Windows\System32\batmeter.dll
    2013-04-26 19:55 - 2012-09-20 00:30 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\aelupsvc.dll
    2013-04-26 19:55 - 2012-09-20 00:30 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\DAFWSD.dll
    2013-04-26 19:55 - 2012-09-20 00:30 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
    2013-04-26 19:55 - 2012-09-20 00:13 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\microsoft-windows-kernel-power-events.dll
    2013-04-26 19:55 - 2012-09-20 00:13 - 00023656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\avrt.dll
    2013-04-26 19:55 - 2012-09-20 00:12 - 09374208 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
    2013-04-26 19:55 - 2012-09-20 00:09 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
    2013-04-26 19:55 - 2012-09-20 00:09 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
    2013-04-26 19:55 - 2012-09-20 00:08 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
    2013-04-26 19:55 - 2012-09-20 00:08 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
    2013-04-26 19:55 - 2012-09-20 00:07 - 00210304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
    2013-04-26 19:55 - 2012-09-20 00:05 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
    2013-04-26 19:55 - 2012-09-19 23:55 - 00465920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00417280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00333824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    2013-04-26 19:55 - 2012-09-19 23:55 - 00267776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00265216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00263168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00239616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
    2013-04-26 19:55 - 2012-09-19 23:55 - 00166912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00083968 ____A C:\Windows\SysWOW64\OEMLicense.dll
    2013-04-26 19:55 - 2012-09-19 23:55 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
    2013-04-26 19:55 - 2012-09-19 23:55 - 00080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
    2013-04-26 19:55 - 2012-09-19 23:55 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
    2013-04-26 19:55 - 2012-09-19 23:55 - 00038912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
    2013-04-26 19:55 - 2012-09-19 23:55 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    2013-04-26 19:55 - 2012-09-19 23:55 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2013-04-26 19:55 - 2012-09-19 23:54 - 01369600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 01137152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00533504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\provcore.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00509952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00480768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00449024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00413184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00089088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfctrs.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfproc.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfos.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfdisk.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfnet.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00009216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00005632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2013-04-26 19:55 - 2012-09-19 23:54 - 00004608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2013-04-26 19:55 - 2012-09-19 23:54 - 00004608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2013-04-26 19:55 - 2012-09-19 23:53 - 02007040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
    2013-04-26 19:55 - 2012-09-19 23:53 - 01701376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2013-04-26 19:55 - 2012-09-19 23:53 - 01247232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
    2013-04-26 19:55 - 2012-09-19 23:53 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
    2013-04-26 19:55 - 2012-09-19 23:53 - 00461824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2013-04-26 19:55 - 2012-09-19 23:53 - 00366080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2013-04-26 19:55 - 2012-09-19 23:53 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2013-04-26 19:55 - 2012-09-19 23:53 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
    2013-04-26 19:55 - 2012-09-19 23:32 - 09374208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2013-04-26 19:55 - 2012-09-19 22:13 - 00098816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-04-26 19:55 - 2012-09-19 22:10 - 01126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2013-04-26 19:52 - 2012-11-19 23:24 - 01164800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
    2013-04-26 19:52 - 2012-11-19 23:17 - 01184256 ____A (Microsoft Corporation) C:\Windows\System32\Display.dll
    2013-04-26 19:52 - 2012-11-19 23:02 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
    2013-04-26 19:52 - 2012-11-19 22:59 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDKURD.DLL
    2013-04-26 19:52 - 2012-11-07 22:25 - 00523776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
    2013-04-26 19:52 - 2012-11-07 22:25 - 00143872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2013-04-26 19:52 - 2012-11-07 22:25 - 00124928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-04-26 19:52 - 2012-11-07 22:22 - 00641536 ____A (Microsoft Corporation) C:\Windows\System32\WSShared.dll
    2013-04-26 19:52 - 2012-11-07 22:22 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
    2013-04-26 19:52 - 2012-11-07 22:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-04-26 19:48 - 2012-12-03 22:21 - 00368640 ____A (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
    2013-04-26 19:48 - 2012-11-28 23:05 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
    2013-04-26 19:48 - 2012-11-28 23:05 - 00707584 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
    2013-04-26 19:48 - 2012-11-27 00:39 - 01122768 ____A (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    2013-04-26 19:48 - 2012-11-26 22:49 - 01027152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
    2013-04-26 19:48 - 2012-11-26 22:20 - 01217536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2013-04-26 19:48 - 2012-11-26 22:20 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2013-04-26 19:48 - 2012-11-26 22:20 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2013-04-26 19:48 - 2012-11-26 22:20 - 00798208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
    2013-04-26 19:48 - 2012-11-26 22:20 - 00702464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2013-04-26 19:48 - 2012-11-26 22:20 - 00680960 ____A (Microsoft Corporation) C:\Windows\System32\vds.exe
    2013-04-26 19:48 - 2012-11-26 22:20 - 00560128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
    2013-04-26 19:48 - 2012-11-26 22:20 - 00179200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
    2013-04-26 19:48 - 2012-11-26 22:20 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vds_ps.dll
    2013-04-26 19:48 - 2012-11-26 22:19 - 03245568 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2013-04-26 19:48 - 2012-11-26 22:19 - 01536512 ____A (Microsoft Corporation) C:\Windows\System32\storagewmi.dll
    2013-04-26 19:48 - 2012-11-26 22:19 - 00955904 ____A (Microsoft Corporation) C:\Windows\System32\WebcamUi.dll
    2013-04-26 19:48 - 2012-11-26 22:19 - 00631808 ____A (Microsoft Corporation) C:\Windows\System32\UserLanguagesCpl.dll
    2013-04-26 19:48 - 2012-11-26 22:19 - 00245248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2013-04-26 19:48 - 2012-11-26 22:19 - 00244736 ____A (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
    2013-04-26 19:48 - 2012-11-26 22:18 - 01071104 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
    2013-04-26 19:48 - 2012-11-26 22:18 - 00888832 ____A (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
    2013-04-26 19:48 - 2012-11-26 22:18 - 00378880 ____A (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
    2013-04-26 19:48 - 2012-11-26 22:17 - 00718848 ____A (Microsoft Corporation) C:\Windows\System32\BFE.DLL
    2013-04-26 19:48 - 2012-09-10 23:28 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\vdsldr.exe
    2013-04-26 19:48 - 2012-09-10 23:27 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\vdsutil.dll
    2013-04-26 19:48 - 2012-09-10 23:27 - 00120832 ____A (Microsoft Corporation) C:\Windows\System32\vds_ps.dll
    2013-04-26 19:30 - 2013-04-26 19:30 - 00000117 ____A C:\Windows\System32\netcfg-164235418.txt
    2013-04-26 19:30 - 2013-04-26 19:30 - 00000117 ____A C:\Windows\System32\netcfg-164234841.txt
    2013-04-26 19:30 - 2012-11-05 22:18 - 11459584 ____A (Microsoft Corporation) C:\Windows\System32\glcndFilter.dll
    2013-04-26 13:26 - 2012-11-06 01:52 - 00277736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
    2013-04-26 13:26 - 2012-11-06 01:33 - 01566432 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
    2013-04-26 13:26 - 2012-11-06 01:33 - 00522640 ____A (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
    2013-04-26 13:26 - 2012-11-06 01:33 - 00490064 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2013-04-26 13:26 - 2012-11-06 01:33 - 00447792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2013-04-26 13:26 - 2012-11-06 01:33 - 00253512 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2013-04-26 13:26 - 2012-11-05 23:00 - 00463768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2013-04-26 13:26 - 2012-11-05 23:00 - 00427568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2013-04-26 13:26 - 2012-11-05 23:00 - 00324344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2013-04-26 13:26 - 2012-11-05 22:48 - 01150160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2013-04-26 13:26 - 2012-11-05 22:20 - 00883712 ____A (Microsoft Corporation) C:\Windows\HelpPane.exe
    2013-04-26 13:26 - 2012-11-05 22:20 - 00516608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2013-04-26 13:26 - 2012-11-05 22:20 - 00386560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
    2013-04-26 13:26 - 2012-11-05 22:20 - 00375296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
    2013-04-26 13:26 - 2012-11-05 22:20 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\rdpclip.exe
    2013-04-26 13:26 - 2012-11-05 22:20 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
    2013-04-26 13:26 - 2012-11-05 22:20 - 00093696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
    2013-04-26 13:26 - 2012-11-05 22:20 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 08552448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 01451520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 01386496 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00710656 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00470016 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00466944 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00446464 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00126976 ____A (Microsoft Corporation) C:\Windows\System32\WcnApi.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00126464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\wfdprov.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\WcnEapPeerProxy.dll
    2013-04-26 13:26 - 2012-11-05 22:19 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\WcnEapAuthProxy.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 01526784 ____A (Microsoft Corporation) C:\Windows\System32\mfcore.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 01037312 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00976384 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00267264 ____A (Microsoft Corporation) C:\Windows\System32\EncDump.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00189440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
    2013-04-26 13:26 - 2012-11-05 22:18 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\MFCaptureEngine.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\fdWCN.dll
    2013-04-26 13:26 - 2012-11-05 22:18 - 00084992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
    2013-04-26 13:26 - 2012-11-05 22:17 - 00785920 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2013-04-26 13:26 - 2012-11-05 22:17 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
    2013-04-26 13:26 - 2012-11-05 22:17 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
    2013-04-26 13:26 - 2012-11-05 22:17 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\dafWCN.dll
    2013-04-26 13:26 - 2012-11-05 22:00 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\iscsilog.dll
    2013-04-26 13:26 - 2012-11-05 21:58 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
    2013-04-26 13:26 - 2012-11-05 21:56 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
    2013-04-26 13:26 - 2012-11-05 21:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
    2013-04-26 13:26 - 2012-11-05 21:55 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
    2013-04-26 13:26 - 2012-11-05 21:55 - 00088064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
    2013-04-26 13:26 - 2012-11-05 21:55 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
    2013-04-26 13:26 - 2012-11-05 21:55 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fxppm.sys
    2013-04-26 13:26 - 2012-11-05 21:54 - 00859136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
    2013-04-26 13:26 - 2012-11-05 21:53 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
    2013-04-26 13:26 - 2012-11-05 21:51 - 00665600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-04-26 12:39 - 2013-04-26 12:39 - 00000000 ____D C:\Users\Kendra\Downloads\mbar-1.05.0.1001
    2013-04-26 12:35 - 2013-04-26 12:36 - 12917756 ____A C:\Users\Kendra\Downloads\mbar-1.05.0.1001.zip
    2013-04-26 12:24 - 2013-04-26 12:24 - 00001885 ____A C:\Users\Kendra\Desktop\RKreport[2]_D_04262013_02d1224.txt
    2013-04-26 12:22 - 2013-04-26 12:22 - 00001716 ____A C:\Users\Kendra\Desktop\RKreport[1]_S_04262013_02d1222.txt
    2013-04-26 12:13 - 2013-04-26 12:23 - 00000000 ____D C:\Users\Kendra\Desktop\RK_Quarantine
    2013-04-26 12:11 - 2013-04-26 12:11 - 00816128 ____A C:\Users\Kendra\Downloads\RogueKiller.exe
    2013-04-26 12:09 - 2013-04-26 12:09 - 00000117 ____A C:\Windows\System32\netcfg-137735263.txt
    2013-04-26 12:09 - 2013-04-26 12:09 - 00000117 ____A C:\Windows\System32\netcfg-137731816.txt
    2013-04-26 11:18 - 2013-04-26 11:18 - 00000117 ____A C:\Windows\System32\netcfg-134715271.txt
    2013-04-26 11:18 - 2013-04-26 11:18 - 00000117 ____A C:\Windows\System32\netcfg-134714476.txt
    2013-04-26 02:59 - 2013-04-26 02:59 - 00000117 ____A C:\Windows\System32\netcfg-104755841.txt
    2013-04-26 02:59 - 2013-04-26 02:59 - 00000117 ____A C:\Windows\System32\netcfg-104755139.txt
    2013-04-25 14:47 - 2013-04-25 14:47 - 00000117 ____A C:\Windows\System32\netcfg-60860623.txt
    2013-04-25 14:47 - 2013-04-25 14:47 - 00000117 ____A C:\Windows\System32\netcfg-60860295.txt
    2013-04-25 13:31 - 2013-04-25 13:31 - 00000117 ____A C:\Windows\System32\netcfg-56274256.txt
    2013-04-25 13:31 - 2013-04-25 13:31 - 00000117 ____A C:\Windows\System32\netcfg-56274100.txt
    2013-04-25 11:27 - 2013-04-25 11:27 - 00000117 ____A C:\Windows\System32\netcfg-48816347.txt
    2013-04-25 11:27 - 2013-04-25 11:27 - 00000117 ____A C:\Windows\System32\netcfg-48813102.txt
    2013-04-24 21:53 - 2013-04-24 21:54 - 00390760 ____A C:\Windows\Minidump\042413-22136-01.dmp
    2013-04-24 12:30 - 2013-04-24 12:30 - 00000117 ____A C:\Windows\System32\netcfg-45948394.txt
    2013-04-24 12:30 - 2013-04-24 12:30 - 00000117 ____A C:\Windows\System32\netcfg-45948144.txt
    2013-04-24 10:29 - 2013-04-24 10:29 - 00000117 ____A C:\Windows\System32\netcfg-38713738.txt
    2013-04-24 10:29 - 2013-04-24 10:29 - 00000117 ____A C:\Windows\System32\netcfg-38713426.txt
    2013-04-24 01:00 - 2013-04-24 01:00 - 00022502 ____A C:\Users\Kendra\Desktop\dds.txt
    2013-04-24 01:00 - 2013-04-24 01:00 - 00016775 ____A C:\Users\Kendra\Desktop\attach.txt
    2013-04-24 00:53 - 2013-04-24 00:54 - 00688992 ____R (Swearware) C:\Users\Kendra\Downloads\dds.com
    2013-04-24 00:38 - 2013-04-24 00:38 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
     
  13. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    2013-04-24 00:38 - 2013-04-24 00:38 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Malwarebytes
    2013-04-24 00:38 - 2013-04-24 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-24 00:38 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-04-24 00:33 - 2013-04-24 00:34 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Kendra\Downloads\mbam-setup-1.75.0.1300.exe
    2013-04-24 00:29 - 2013-04-24 00:29 - 00000117 ____A C:\Windows\System32\netcfg-2683934.txt
    2013-04-24 00:29 - 2013-04-24 00:29 - 00000117 ____A C:\Windows\System32\netcfg-2682936.txt
    2013-04-23 23:45 - 2013-04-23 23:45 - 00000117 ____A C:\Windows\System32\netcfg-57408.txt
    2013-04-23 23:44 - 2013-04-23 23:44 - 00000117 ____A C:\Windows\System32\netcfg-2880028.txt
    2013-04-23 22:56 - 2013-04-23 22:56 - 00384696 ____A C:\Windows\Minidump\042313-24070-01.dmp
    2013-04-23 22:13 - 2013-04-23 22:13 - 00000117 ____A C:\Windows\System32\netcfg-20895429.txt
    2013-04-23 22:13 - 2013-04-23 22:13 - 00000117 ____A C:\Windows\System32\netcfg-20895007.txt
    2013-04-23 17:21 - 2013-04-23 17:21 - 00000117 ____A C:\Windows\System32\netcfg-3429947.txt
    2013-04-23 17:21 - 2013-04-23 17:21 - 00000117 ____A C:\Windows\System32\netcfg-3429104.txt
    2013-04-23 16:25 - 2013-04-23 16:25 - 00385920 ____A C:\Windows\Minidump\042313-26816-01.dmp
    2013-04-23 15:19 - 2013-04-23 15:19 - 00000117 ____A C:\Windows\System32\netcfg-6526270.txt
    2013-04-23 15:19 - 2013-04-23 15:19 - 00000117 ____A C:\Windows\System32\netcfg-6522698.txt
    2013-04-23 12:44 - 2013-04-23 12:44 - 00000117 ____A C:\Windows\System32\netcfg-4267313.txt
    2013-04-23 12:44 - 2013-04-23 12:44 - 00000117 ____A C:\Windows\System32\netcfg-4264006.txt
    2013-04-23 00:50 - 2013-04-23 00:50 - 00000000 ____D C:\Program Files (x86)\Build-a-lot 2 - Town of the Year
    2013-04-23 00:35 - 2013-04-23 00:35 - 00000970 ____A C:\Users\Public\Desktop\Game Manager.lnk
    2013-04-23 00:35 - 2013-04-23 00:35 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url
    2013-04-23 00:34 - 2013-04-23 00:34 - 00000000 ____D C:\Program Files (x86)\bfgclient
    2013-04-23 00:28 - 2013-04-23 00:50 - 00000000 ____D C:\BigFishGamesCache
    2013-04-23 00:27 - 2013-04-23 00:27 - 00235080 ____A (Big Fish Games) C:\Users\Kendra\Downloads\bigfishgames_p124488422_s1_l1.exe
    2013-04-22 16:56 - 2013-04-22 16:56 - 00000117 ____A C:\Windows\System32\netcfg-166701357.txt
    2013-04-22 16:56 - 2013-04-22 16:56 - 00000117 ____A C:\Windows\System32\netcfg-166698081.txt
    2013-04-22 13:37 - 2013-04-30 09:34 - 00000000 ____D C:\Users\Kendra\AppData\Local\CrashDumps
    2013-04-22 13:37 - 2013-04-22 13:37 - 00000117 ____A C:\Windows\System32\netcfg-154772944.txt
    2013-04-22 13:37 - 2013-04-22 13:37 - 00000117 ____A C:\Windows\System32\netcfg-154772679.txt
    2013-04-22 13:35 - 2013-04-22 13:35 - 00000117 ____A C:\Windows\System32\netcfg-154654352.txt
    2013-04-22 13:35 - 2013-04-22 13:35 - 00000117 ____A C:\Windows\System32\netcfg-154651185.txt
    2013-04-22 12:40 - 2013-04-22 12:40 - 00000117 ____A C:\Windows\System32\netcfg-151344806.txt
    2013-04-22 12:40 - 2013-04-22 12:40 - 00000117 ____A C:\Windows\System32\netcfg-151344198.txt
    2013-04-22 12:25 - 2013-04-22 12:25 - 00000117 ____A C:\Windows\System32\netcfg-150441311.txt
    2013-04-22 12:25 - 2013-04-22 12:25 - 00000117 ____A C:\Windows\System32\netcfg-150438284.txt
    2013-04-22 12:24 - 2013-04-22 12:24 - 00000117 ____A C:\Windows\System32\netcfg-150400095.txt
    2013-04-22 12:24 - 2013-04-22 12:24 - 00000117 ____A C:\Windows\System32\netcfg-150399674.txt
    2013-04-22 11:56 - 2013-04-22 11:56 - 00000117 ____A C:\Windows\System32\netcfg-148702118.txt
    2013-04-22 11:56 - 2013-04-22 11:56 - 00000117 ____A C:\Windows\System32\netcfg-148701463.txt
    2013-04-22 08:46 - 2013-04-22 08:46 - 00000117 ____A C:\Windows\System32\netcfg-137281347.txt
    2013-04-22 08:46 - 2013-04-22 08:46 - 00000117 ____A C:\Windows\System32\netcfg-137281129.txt
    2013-04-22 08:37 - 2013-04-22 08:37 - 00000117 ____A C:\Windows\System32\netcfg-136737777.txt
    2013-04-22 08:37 - 2013-04-22 08:37 - 00000117 ____A C:\Windows\System32\netcfg-136737465.txt
    2013-04-21 22:08 - 2013-04-21 22:08 - 00000117 ____A C:\Windows\System32\netcfg-99016673.txt
    2013-04-21 22:08 - 2013-04-21 22:08 - 00000117 ____A C:\Windows\System32\netcfg-99013460.txt
    2013-04-21 21:14 - 2013-04-21 21:14 - 00358912 ____A C:\Users\Kendra\Downloads\75off.ppt
    2013-04-21 20:02 - 2013-04-21 20:02 - 00000117 ____A C:\Windows\System32\netcfg-91484508.txt
    2013-04-21 20:02 - 2013-04-21 20:02 - 00000117 ____A C:\Windows\System32\netcfg-91484181.txt
    2013-04-21 16:48 - 2013-04-21 16:48 - 00000117 ____A C:\Windows\System32\netcfg-79815181.txt
    2013-04-21 16:48 - 2013-04-21 16:48 - 00000117 ____A C:\Windows\System32\netcfg-79815025.txt
    2013-04-21 16:38 - 2013-04-21 16:38 - 00000117 ____A C:\Windows\System32\netcfg-79213282.txt
    2013-04-21 16:38 - 2013-04-21 16:38 - 00000117 ____A C:\Windows\System32\netcfg-79212892.txt
    2013-04-20 21:04 - 2013-04-20 21:04 - 00000117 ____A C:\Windows\System32\netcfg-8775430.txt
    2013-04-20 21:04 - 2013-04-20 21:04 - 00000117 ____A C:\Windows\System32\netcfg-8774619.txt
    2013-04-20 18:37 - 2013-04-20 18:37 - 00000326 ____A C:\Windows\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}.job
    2013-04-19 21:15 - 2013-04-19 21:15 - 00000117 ____A C:\Windows\System32\netcfg-35480742.txt
    2013-04-19 21:15 - 2013-04-19 21:15 - 00000117 ____A C:\Windows\System32\netcfg-35478230.txt
    2013-04-19 21:08 - 2013-04-19 21:08 - 00000117 ____A C:\Windows\System32\netcfg-35084718.txt
    2013-04-19 21:08 - 2013-04-19 21:08 - 00000117 ____A C:\Windows\System32\netcfg-35083798.txt
    2013-04-19 17:02 - 2013-04-19 17:02 - 00000117 ____A C:\Windows\System32\netcfg-20313280.txt
    2013-04-19 17:02 - 2013-04-19 17:02 - 00000117 ____A C:\Windows\System32\netcfg-20310128.txt
    2013-04-19 16:55 - 2013-04-19 16:55 - 00000117 ____A C:\Windows\System32\netcfg-19892155.txt
    2013-04-19 16:55 - 2013-04-19 16:55 - 00000117 ____A C:\Windows\System32\netcfg-19891593.txt
    2013-04-19 16:38 - 2013-04-19 16:38 - 00000117 ____A C:\Windows\System32\netcfg-18863250.txt
    2013-04-19 16:38 - 2013-04-19 16:38 - 00000117 ____A C:\Windows\System32\netcfg-18859943.txt
    2013-04-19 15:06 - 2013-04-19 15:06 - 00000117 ____A C:\Windows\System32\netcfg-13329068.txt
    2013-04-19 15:06 - 2013-04-19 15:06 - 00000117 ____A C:\Windows\System32\netcfg-13328772.txt
    2013-04-19 14:29 - 2013-04-19 14:29 - 00000117 ____A C:\Windows\System32\netcfg-11156193.txt
    2013-04-19 14:29 - 2013-04-19 14:29 - 00000117 ____A C:\Windows\System32\netcfg-11152948.txt
    2013-04-19 14:19 - 2013-04-19 14:19 - 00000117 ____A C:\Windows\System32\netcfg-10539162.txt
    2013-04-19 14:19 - 2013-04-19 14:19 - 00000117 ____A C:\Windows\System32\netcfg-10538897.txt
    2013-04-19 11:25 - 2013-04-19 11:26 - 00000128 ____A C:\Windows\System32\netcfg-124379.txt
    2013-04-19 11:25 - 2013-04-19 11:25 - 00000117 ____A C:\Windows\System32\netcfg-96783.txt
    2013-04-19 11:23 - 2013-04-19 11:23 - 00000117 ____A C:\Windows\System32\netcfg-372389.txt
    2013-04-19 11:17 - 2013-05-02 13:28 - 00000000 ____D C:\Windows\Minidump
    2013-04-19 11:17 - 2013-05-02 13:27 - 425527236 ____A C:\Windows\MEMORY.DMP
    2013-04-19 11:17 - 2013-04-19 11:17 - 00385920 ____A C:\Windows\Minidump\041913-25038-01.dmp
    2013-04-17 21:14 - 2013-04-17 21:14 - 00017920 __ASH C:\Users\Kendra\Downloads\Thumbs.db
    2013-04-17 21:04 - 2013-04-17 21:04 - 00000000 ____A C:\Users\Kendra\Downloads\ouam2.htm
    2013-04-17 21:03 - 2013-04-17 21:03 - 00000000 ____A C:\Users\Kendra\Downloads\ouam.htm
    2013-04-16 21:39 - 2013-04-16 21:39 - 00113152 ____A C:\Users\Kendra\Downloads\Mentor Appreciation 2.pub
    2013-04-16 19:13 - 2013-04-16 19:13 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\SUPERAntiSpyware.com
    2013-04-16 19:12 - 2013-04-16 19:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-04-16 19:12 - 2013-04-16 19:12 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2013-04-16 18:57 - 2013-04-16 19:04 - 21235504 ____A (SUPERAntiSpyware.com) C:\Users\Kendra\Downloads\SUPERAntiSpyware.exe
    2013-04-16 18:12 - 2013-04-16 18:12 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Mozilla
    2013-04-16 18:12 - 2013-04-16 18:12 - 00000000 ____D C:\Users\Kendra\AppData\Local\Mozilla
    2013-04-16 18:06 - 2013-04-01 19:58 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-04-16 18:05 - 2013-04-16 18:05 - 00000117 ____A C:\Windows\System32\netcfg-101624214.txt
    2013-04-16 18:05 - 2013-04-16 18:05 - 00000117 ____A C:\Windows\System32\netcfg-101621484.txt
    2013-04-16 16:59 - 2013-01-09 19:53 - 00028904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msgpiowin32.sys
    2013-04-16 16:59 - 2013-01-09 19:40 - 01448168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-04-16 16:59 - 2013-01-09 19:40 - 00303848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-04-16 16:59 - 2013-01-09 19:29 - 00785504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2013-04-16 16:59 - 2013-01-09 19:29 - 00091880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2013-04-16 16:59 - 2013-01-09 17:26 - 01752064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
    2013-04-16 16:59 - 2013-01-09 17:26 - 01611776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
    2013-04-16 16:59 - 2013-01-09 17:26 - 00890880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2013-04-16 16:59 - 2013-01-09 17:26 - 00436736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2013-04-16 16:59 - 2013-01-09 17:26 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
    2013-04-16 16:59 - 2013-01-09 17:26 - 00261120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
    2013-04-16 16:59 - 2013-01-09 17:26 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
    2013-04-16 16:59 - 2013-01-09 17:26 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2013-04-16 16:59 - 2013-01-09 17:23 - 02094592 ____A (Microsoft Corporation) C:\Windows\System32\mmc.exe
    2013-04-16 16:59 - 2013-01-09 17:23 - 01964544 ____A (Microsoft Corporation) C:\Windows\System32\wlidsvc.dll
    2013-04-16 16:59 - 2013-01-09 17:23 - 01886208 ____A (Microsoft Corporation) C:\Windows\System32\setupapi.dll
    2013-04-16 16:59 - 2013-01-09 17:23 - 00728064 ____A (Microsoft Corporation) C:\Windows\System32\samsrv.dll
    2013-04-16 16:59 - 2013-01-09 17:23 - 00594944 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
    2013-04-16 16:59 - 2013-01-09 17:23 - 00406016 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
    2013-04-16 16:59 - 2013-01-09 17:23 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\WSDMon.dll
    2013-04-16 16:59 - 2013-01-09 17:23 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\wiaacmgr.exe
    2013-04-16 16:59 - 2013-01-09 17:22 - 01120768 ____A (Microsoft Corporation) C:\Windows\System32\msctf.dll
    2013-04-16 16:59 - 2013-01-09 17:22 - 00894464 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2013-04-16 16:59 - 2013-01-09 17:22 - 00666112 ____A (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
    2013-04-16 16:59 - 2013-01-09 17:22 - 00438272 ____A (Microsoft Corporation) C:\Windows\System32\lsm.dll
    2013-04-16 16:59 - 2013-01-09 17:22 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\inetpp.dll
    2013-04-16 16:59 - 2013-01-08 21:59 - 00341504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
    2013-04-16 16:59 - 2012-11-01 23:19 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\ncbservice.dll
    2013-04-16 16:59 - 2012-11-01 23:18 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\httpprxm.dll
    2013-04-16 16:59 - 2012-11-01 23:18 - 00062464 ____A (Microsoft Corporation) C:\Windows\System32\adhsvc.dll
    2013-04-16 16:59 - 2012-11-01 23:18 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\adhapi.dll
    2013-04-16 16:59 - 2012-11-01 23:18 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\httpprxp.dll
    2013-04-16 16:59 - 2012-11-01 23:18 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\keepaliveprovider.dll
    2013-04-16 16:58 - 2013-03-02 05:02 - 00058288 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2013-04-16 16:58 - 2013-03-02 04:57 - 00337128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
    2013-04-16 16:58 - 2013-03-02 04:57 - 00332520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
    2013-04-16 16:58 - 2013-03-02 04:57 - 00283880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
    2013-04-16 16:58 - 2013-03-02 04:57 - 00077544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
    2013-04-16 16:58 - 2013-03-02 04:45 - 00194792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
    2013-04-16 16:58 - 2013-03-02 04:45 - 00148712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
    2013-04-16 16:58 - 2013-03-02 04:45 - 00125160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
    2013-04-16 16:58 - 2013-03-02 04:39 - 00495336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
    2013-04-16 16:58 - 2013-03-02 04:39 - 00327912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
    2013-04-16 16:58 - 2013-03-02 04:39 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
    2013-04-16 16:58 - 2013-03-02 03:59 - 02231528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-04-16 16:58 - 2013-03-02 03:59 - 00411880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-04-16 16:58 - 2013-03-02 02:24 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2013-04-16 16:58 - 2013-03-02 02:23 - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 01338880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00893952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00601088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00504320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
    2013-04-16 16:58 - 2013-03-02 02:23 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2013-04-16 16:58 - 2013-03-02 02:22 - 05091840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-04-16 16:58 - 2013-03-02 02:22 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
    2013-04-16 16:58 - 2013-03-02 02:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
    2013-04-16 16:58 - 2013-03-02 02:21 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-04-16 16:58 - 2013-03-02 02:21 - 00550912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
    2013-04-16 16:58 - 2013-03-02 02:21 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
    2013-04-16 16:58 - 2013-03-02 02:21 - 00145408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
    2013-04-16 16:58 - 2013-03-02 02:21 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 19748864 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 03240448 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 01627648 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 01161728 ____A (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 01149952 ____A (Microsoft Corporation) C:\Windows\System32\winmde.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 01101824 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00951808 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00645120 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\usbmon.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00171008 ____A (Microsoft Corporation) C:\Windows\System32\TimeBrokerServer.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-04-16 16:58 - 2013-03-01 20:45 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\taskhostex.exe
    2013-04-16 16:58 - 2013-03-01 20:45 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\WSDPrintProxy.DLL
    2013-04-16 16:58 - 2013-03-01 20:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2013-04-16 16:58 - 2013-03-01 20:45 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2013-04-16 16:58 - 2013-03-01 20:44 - 05978624 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 01048576 ____A (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 00455168 ____A (Microsoft Corporation) C:\Windows\System32\netcfgx.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 00150016 ____A (Microsoft Corporation) C:\Windows\System32\discan.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSyncInfo.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\NdisImPlatform.dll
    2013-04-16 16:58 - 2013-03-01 20:44 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
    2013-04-16 16:58 - 2013-03-01 20:43 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-04-16 16:58 - 2013-03-01 20:43 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
    2013-04-16 16:58 - 2013-03-01 20:43 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
    2013-04-16 16:58 - 2013-03-01 20:43 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\powercfg.cpl
    2013-04-16 16:58 - 2013-03-01 20:15 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
    2013-04-16 16:58 - 2013-02-28 22:56 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
    2013-04-16 16:58 - 2013-02-20 17:08 - 00387867 ____A C:\Windows\System32\ApnDatabase.xml
    2013-04-16 16:58 - 2013-02-06 19:33 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2013-04-16 16:58 - 2012-11-05 22:20 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2013-04-16 16:58 - 2012-11-05 22:20 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\wuaext.dll
    2013-04-16 16:58 - 2012-11-05 22:00 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\wushareduxresources.dll
    2013-04-16 16:58 - 2012-09-20 01:55 - 00212200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
    2013-04-16 16:46 - 2013-02-21 04:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-04-16 16:46 - 2013-02-21 04:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-04-16 16:46 - 2013-02-21 04:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-04-16 16:46 - 2013-02-21 04:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-04-16 16:46 - 2013-02-21 04:15 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
    2013-04-16 16:46 - 2013-02-21 04:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-04-16 16:46 - 2013-02-21 04:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-04-16 16:46 - 2013-02-21 04:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-04-16 16:46 - 2013-02-19 03:53 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2013-04-16 16:46 - 2013-01-15 18:35 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2013-04-16 16:46 - 2013-01-15 18:31 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
    2013-04-16 16:46 - 2013-01-03 23:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-04-16 16:46 - 2013-01-03 22:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-04-16 16:46 - 2012-11-07 22:20 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-04-16 16:46 - 2012-11-07 22:20 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-04-16 16:43 - 2013-03-19 16:19 - 04041728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-04-16 16:43 - 2012-11-25 22:21 - 00071168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2013-04-16 16:43 - 2012-11-25 22:20 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll
    2013-04-16 16:43 - 2012-11-09 22:23 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
    2013-04-16 16:43 - 2012-11-09 22:23 - 00132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2013-04-16 16:43 - 2012-11-09 22:22 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
    2013-04-16 16:43 - 2012-11-09 22:22 - 00126976 ____A (Microsoft Corporation) C:\Windows\System32\RDWebAI.dll
    2013-04-16 16:43 - 2012-11-09 22:22 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\VmHostAI.dll
    2013-04-16 16:43 - 2012-11-09 22:20 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\appserverai.dll
    2013-04-16 16:41 - 2013-03-07 00:50 - 06991592 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-04-16 16:41 - 2013-03-02 02:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
    2013-04-16 16:41 - 2013-03-02 02:22 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2013-04-16 16:41 - 2013-03-01 20:44 - 01011200 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
    2013-04-16 16:41 - 2013-03-01 20:44 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
    2013-04-16 16:41 - 2013-02-02 05:19 - 00496872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
    2013-04-16 16:41 - 2013-02-02 05:19 - 00446184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
    2013-04-16 16:41 - 2013-02-02 04:54 - 01933544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-16 16:41 - 2013-02-02 04:28 - 00993512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2013-04-16 16:41 - 2013-02-02 02:40 - 10792448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2013-04-16 16:41 - 2013-02-02 02:40 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
    2013-04-16 16:41 - 2013-02-02 02:39 - 00325632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-04-16 16:41 - 2013-02-02 02:38 - 00567808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
    2013-04-16 16:41 - 2013-02-02 02:23 - 13643264 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
    2013-04-16 16:41 - 2013-02-02 02:23 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\wlroamextension.dll
    2013-04-16 16:41 - 2013-02-02 02:23 - 00475136 ____A (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
    2013-04-16 16:41 - 2013-02-02 02:23 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
    2013-04-16 16:41 - 2013-02-02 02:22 - 00416256 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-04-16 16:41 - 2013-02-02 02:21 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
    2013-04-16 16:41 - 2013-02-02 02:21 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2013-04-16 16:41 - 2013-02-02 02:20 - 00729600 ____A (Microsoft Corporation) C:\Windows\System32\duser.dll
    2013-04-16 16:41 - 2013-02-02 02:20 - 00260096 ____A (Microsoft Corporation) C:\Windows\System32\hotspotauth.dll
    2013-04-16 16:41 - 2012-12-14 22:55 - 00443392 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll
    2013-04-16 16:41 - 2012-11-08 22:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-04-16 16:41 - 2012-11-08 22:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-04-16 16:41 - 2012-11-02 23:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\sysreset.exe
    2013-04-16 16:41 - 2012-11-02 23:25 - 00945152 ____A (Microsoft Corporation) C:\Windows\System32\resetengmig.dll
    2013-04-16 16:41 - 2012-10-23 21:25 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\ReAgentc.exe
    2013-04-16 16:41 - 2012-10-23 20:48 - 00024064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
    2013-04-16 16:41 - 2012-09-20 01:55 - 00488168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
    2013-04-16 16:40 - 2013-02-02 05:19 - 00061672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
    2013-04-16 16:40 - 2013-02-02 02:40 - 00370688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
    2013-04-16 16:40 - 2013-02-02 02:40 - 00197632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
    2013-04-16 16:40 - 2013-02-02 02:40 - 00155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
    2013-04-16 16:40 - 2013-02-02 02:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
    2013-04-16 16:40 - 2013-02-02 02:40 - 00079360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
    2013-04-16 16:40 - 2013-02-02 02:39 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
    2013-04-16 16:40 - 2013-02-02 02:39 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
    2013-04-16 16:40 - 2013-02-02 02:39 - 00055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2013-04-16 16:40 - 2013-02-02 02:39 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
    2013-04-16 16:40 - 2013-02-02 02:39 - 00015872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
    2013-04-16 16:40 - 2013-02-02 02:39 - 00012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
    2013-04-16 16:40 - 2013-02-02 02:24 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\taskkill.exe
    2013-04-16 16:40 - 2013-02-02 02:24 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\tasklist.exe
    2013-04-16 16:40 - 2013-02-02 02:23 - 00731648 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-04-16 16:40 - 2013-02-02 02:23 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
    2013-04-16 16:40 - 2013-02-02 02:23 - 00228352 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
    2013-04-16 16:40 - 2013-02-02 02:23 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\wersvc.dll
    2013-04-16 16:40 - 2013-02-02 02:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll
    2013-04-16 16:40 - 2013-02-02 01:25 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
    2013-04-16 16:40 - 2013-02-02 01:25 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
    2013-04-16 16:40 - 2013-02-02 01:25 - 00037632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
    2013-04-16 16:40 - 2012-11-26 21:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BtaMPM.sys
    2013-04-16 16:40 - 2012-11-26 21:55 - 00029952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthhfHid.sys
    2013-04-16 16:40 - 2012-11-19 22:56 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
    2013-04-16 16:40 - 2012-11-19 22:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidi2c.sys
    2013-04-16 16:40 - 2012-09-20 01:55 - 00079080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
    2013-04-16 16:40 - 2012-09-20 01:55 - 00021736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
    2013-04-16 16:40 - 2012-09-20 00:32 - 00356352 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2013-04-16 16:40 - 2012-09-20 00:32 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2013-04-16 16:40 - 2012-09-20 00:09 - 00032256 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
    2013-04-16 16:38 - 2013-02-11 18:17 - 00020992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
    2013-04-16 16:38 - 2013-02-05 16:31 - 00622080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-04-16 16:38 - 2013-02-05 16:29 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2013-04-16 16:38 - 2013-02-05 16:28 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-04-16 16:38 - 2013-02-05 16:28 - 00215552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2013-04-16 16:38 - 2013-02-01 23:41 - 01437184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2013-04-16 16:38 - 2013-02-01 23:31 - 01690624 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
    2013-04-16 16:38 - 2012-10-23 21:25 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\pcalua.exe
    2013-04-16 16:38 - 2012-10-23 21:24 - 00405504 ____A (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
    2013-04-16 16:38 - 2012-10-23 21:24 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\pcadm.dll
    2013-04-16 16:38 - 2012-10-23 21:05 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
    2013-04-16 16:37 - 2012-12-16 02:28 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2013-04-16 16:37 - 2012-12-16 02:20 - 00035328 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2013-04-16 16:37 - 2012-12-16 02:08 - 00362496 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2013-04-16 16:37 - 2012-12-16 01:57 - 00300032 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2013-04-16 16:37 - 2012-11-07 22:24 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2013-04-16 16:37 - 2012-11-07 22:24 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2013-04-16 16:37 - 2012-11-07 22:20 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
    2013-04-16 16:37 - 2012-11-07 22:20 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll
    2013-04-16 16:37 - 2012-11-07 22:02 - 00003072 ____A (Microsoft Corporation) C:\Windows\System32\lpk.dll
    2013-04-16 16:37 - 2012-11-07 22:01 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2013-04-16 16:37 - 2012-11-02 23:26 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
    2013-04-16 16:37 - 2012-11-02 23:26 - 00032256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
    2013-04-16 16:37 - 2012-11-02 23:24 - 00463872 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2013-04-16 16:37 - 2012-11-02 23:24 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2013-04-16 16:37 - 2012-11-02 23:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll
    2013-04-16 16:37 - 2012-11-02 23:24 - 00058880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
    2013-04-16 16:37 - 2012-11-02 23:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhupnp.dll
    2013-04-16 16:37 - 2012-11-02 23:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhpast.dll
    2013-04-16 16:37 - 2012-11-02 23:24 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
    2013-04-16 16:37 - 2012-11-02 23:24 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
    2013-04-16 16:37 - 2012-11-02 23:04 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dpnlobby.dll
    2013-04-16 16:37 - 2012-11-02 23:04 - 00003584 ____A (Microsoft Corporation) C:\Windows\System32\dpnaddr.dll
    2013-04-16 16:37 - 2012-11-02 23:00 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
    2013-04-16 16:37 - 2012-11-02 23:00 - 00002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
    2013-04-16 16:35 - 2013-01-28 19:57 - 00035232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
    2013-04-16 16:35 - 2013-01-28 17:08 - 00230904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
    2013-04-16 16:35 - 2012-10-31 22:40 - 02361344 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-04-16 16:35 - 2012-10-31 22:40 - 01836032 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-04-16 16:34 - 2012-10-31 22:41 - 01802240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-04-16 16:34 - 2012-10-31 22:41 - 01438720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-04-16 16:34 - 2012-10-31 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
    2013-04-16 16:34 - 2012-10-31 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2013-04-16 16:34 - 2012-10-31 22:20 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2013-04-16 16:34 - 2012-10-31 22:20 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2013-04-16 03:35 - 2013-04-16 03:35 - 00000117 ____A C:\Windows\System32\netcfg-502229.txt
    2013-04-16 03:32 - 2013-04-16 03:32 - 00000117 ____A C:\Windows\System32\netcfg-335760.txt
    2013-04-15 20:32 - 2013-04-15 20:32 - 00000000 ____D C:\Users\Kendra\Documents\Fax
    2013-04-15 20:30 - 2013-04-15 20:30 - 01007304 ____A C:\Users\Kendra\Documents\Modern Photo Letter.oxps
    2013-04-15 19:51 - 2013-04-15 19:51 - 00000117 ____A C:\Windows\System32\netcfg-21557887.txt
    2013-04-15 19:50 - 2013-04-15 19:51 - 00000117 ____A C:\Windows\System32\netcfg-21557731.txt
    2013-04-15 19:19 - 2013-04-15 19:19 - 00000117 ____A C:\Windows\System32\netcfg-19671242.txt
    2013-04-15 19:19 - 2013-04-15 19:19 - 00000117 ____A C:\Windows\System32\netcfg-19668075.txt
    2013-04-15 18:46 - 2013-04-15 18:46 - 00000117 ____A C:\Windows\System32\netcfg-17679796.txt
    2013-04-15 18:46 - 2013-04-15 18:46 - 00000117 ____A C:\Windows\System32\netcfg-17678688.txt
    2013-04-15 18:41 - 2013-04-15 18:41 - 00000117 ____A C:\Windows\System32\netcfg-17416466.txt
    2013-04-15 18:41 - 2013-04-15 18:41 - 00000117 ____A C:\Windows\System32\netcfg-17416279.txt
    2013-04-15 16:14 - 2013-04-15 16:14 - 00000117 ____A C:\Windows\System32\netcfg-8570554.txt
    2013-04-15 16:14 - 2013-04-15 16:14 - 00000117 ____A C:\Windows\System32\netcfg-8569899.txt
    2013-04-15 13:52 - 2013-04-15 13:52 - 00000117 ____A C:\Windows\System32\netcfg-50045.txt
    2013-04-15 13:51 - 2013-04-15 13:51 - 00000117 ____A C:\Windows\System32\netcfg-2679535.txt
    2013-04-15 13:39 - 2013-04-20 18:37 - 00001838 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000600 ____A C:\Users\Public\Desktop\Shared Space.lnk
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000167 ____A C:\Windows\System32\netcfg-1974099.txt
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000117 ____A C:\Windows\System32\netcfg-1978794.txt
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000117 ____A C:\Windows\System32\netcfg-1975690.txt
    2013-04-15 13:37 - 2013-04-15 13:37 - 00000000 ____D C:\Program Files\COMODO
    2013-04-15 13:27 - 2013-04-17 22:17 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\WildTangent
    2013-04-15 13:25 - 2013-04-15 13:32 - 51053584 ____A (COMODO) C:\Users\Kendra\Downloads\cfw_installer_x64.exe
    2013-04-15 13:08 - 2013-04-15 13:08 - 00000117 ____A C:\Windows\System32\netcfg-102009.txt
    2013-04-15 13:06 - 2013-04-15 13:06 - 00000117 ____A C:\Windows\System32\netcfg-6076909.txt
    2013-04-15 12:58 - 2013-04-15 12:58 - 00000000 ____D C:\Users\Kendra\AppData\LocalGoogle
    2013-04-15 12:54 - 2013-04-15 12:54 - 00001929 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-04-15 12:54 - 2013-03-06 16:33 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2013-04-15 12:54 - 2013-03-06 16:33 - 00377920 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2013-04-15 12:54 - 2013-03-06 16:33 - 00178624 ____A C:\Windows\System32\Drivers\aswVmm.sys
    2013-04-15 12:54 - 2013-03-06 16:33 - 00070992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2013-04-15 12:54 - 2013-03-06 16:33 - 00068920 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-04-15 12:54 - 2013-03-06 16:33 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
    2013-04-15 12:54 - 2013-03-06 16:33 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2013-04-15 12:53 - 2013-04-15 12:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-04-15 12:53 - 2013-03-06 16:33 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-04-15 12:53 - 2013-03-06 16:32 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-04-15 12:52 - 2013-04-15 12:52 - 00000000 ____D C:\Program Files\AVAST Software
    2013-04-15 12:52 - 2013-03-06 16:32 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-04-15 12:19 - 2013-04-15 12:32 - 115054456 ____A C:\Users\Kendra\Downloads\avast_free_antivirus_setup.exe
    2013-04-15 11:55 - 2013-04-15 11:55 - 00001158 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-04-15 11:55 - 2013-04-15 11:55 - 00000117 ____A C:\Windows\System32\netcfg-1847176.txt
    2013-04-15 11:55 - 2013-04-15 11:55 - 00000117 ____A C:\Windows\System32\netcfg-1846661.txt
    2013-04-15 11:54 - 2013-04-15 11:55 - 08623428 ____A C:\Users\Kendra\Downloads\Unconfirmed 608854.crdownload
    2013-04-15 11:54 - 2013-04-15 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-04-15 11:54 - 2013-04-15 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-15 11:52 - 2013-04-15 11:52 - 00002266 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-04-15 11:46 - 2013-05-02 13:28 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-04-15 11:46 - 2013-05-02 12:51 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-04-15 11:46 - 2013-04-15 12:58 - 00000000 ____D C:\Users\Kendra\AppData\Local\Google
    2013-04-15 11:46 - 2013-04-15 12:58 - 00000000 ____D C:\Program Files (x86)\Google
    2013-04-15 11:46 - 2013-04-15 11:46 - 00000000 ____D C:\Users\Kendra\AppData\Local\Deployment
    2013-04-15 11:46 - 2013-04-15 11:46 - 00000000 ____D C:\Users\Kendra\AppData\Local\Apps\2.0
    2013-04-15 11:45 - 2013-04-15 11:45 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Macromedia
    2013-04-15 11:41 - 2013-04-15 11:41 - 00001967 ____A C:\Users\Public\Desktop\Netflix.lnk
    2013-04-15 11:41 - 2013-04-15 11:41 - 00001742 ____A C:\Users\Public\Desktop\Buy Online.lnk
    2013-04-15 11:41 - 2013-04-15 11:41 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Adobe
    2013-04-15 11:41 - 2013-04-15 11:41 - 00000000 ____D C:\Program Files\Accessory Store
    2013-04-15 11:40 - 2013-04-15 11:40 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\lm
    2013-04-15 11:39 - 2013-04-26 19:34 - 00000000 ____D C:\Users\Kendra\AppData\Local\Packages
    2013-04-15 11:39 - 2013-04-15 11:39 - 00000000 ____D C:\Users\Kendra\AppData\Local\VirtualStore
    2013-04-15 11:38 - 2013-05-02 12:48 - 01480225 ____A C:\Windows\WindowsUpdate.log
    2013-04-15 11:38 - 2013-04-15 11:41 - 00000000 ____D C:\users\Kendra
    2013-04-15 11:38 - 2013-04-15 11:38 - 00000020 ___SH C:\Users\Kendra\ntuser.ini
    2013-04-15 11:33 - 2013-04-15 11:33 - 00000117 ____A C:\Windows\System32\netcfg-505193.txt

    ==================== One Month Modified Files and Folders =======

    2013-05-02 15:58 - 2013-05-02 15:58 - 00000000 ____D C:\FRST
    2013-05-02 15:56 - 2013-05-02 15:56 - 01712312 ____A (Farbar) C:\Users\Kendra\Downloads\FRST64.exe
    2013-05-02 15:53 - 2013-04-15 11:38 - 01480225 ____A C:\Windows\WindowsUpdate.log
    2013-05-02 15:53 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\System32\sru
    2013-05-02 13:37 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\System32\NDF
    2013-05-02 13:32 - 2013-05-02 13:28 - 00387288 ____A C:\Windows\Minidump\050213-45427-01.dmp
    2013-05-02 13:28 - 2013-05-02 13:27 - 00281088 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-02 13:28 - 2013-04-19 11:17 - 00000000 ____D C:\Windows\Minidump
    2013-05-02 13:28 - 2013-04-15 11:46 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-02 13:28 - 2012-07-26 01:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-02 13:27 - 2013-04-19 11:17 - 425527236 ____A C:\Windows\MEMORY.DMP
    2013-05-02 13:27 - 2012-12-27 03:02 - 00720174 ____A C:\Windows\PFRO.log
    2013-05-02 12:51 - 2013-04-15 11:46 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-02 11:29 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2013-04-30 09:34 - 2013-04-22 13:37 - 00000000 ____D C:\Users\Kendra\AppData\Local\CrashDumps
    2013-04-29 12:27 - 2012-07-26 01:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-29 12:16 - 2012-07-25 23:26 - 00262144 __ASH C:\Windows\System32\config\BBI
    2013-04-29 12:15 - 2012-07-26 02:12 - 00000000 ___RD C:\Windows\ToastData
    2013-04-29 12:15 - 2012-07-26 02:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2013-04-29 12:15 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\System32\oobe
    2013-04-29 12:14 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\WinStore
    2013-04-29 11:00 - 2013-04-29 11:00 - 00000000 ____D C:\Users\Kendra\Downloads\mbar-1.05.0.1001 (1)
    2013-04-29 10:57 - 2013-04-29 10:53 - 12917756 ____A C:\Users\Kendra\Downloads\mbar-1.05.0.1001 (1).zip
    2013-04-29 10:41 - 2013-04-29 10:41 - 00000117 ____A C:\Windows\System32\netcfg-391655283.txt
    2013-04-29 10:41 - 2013-04-29 10:41 - 00000117 ____A C:\Windows\System32\netcfg-391654674.txt
    2013-04-29 10:06 - 2013-04-29 10:06 - 00000117 ____A C:\Windows\System32\netcfg-389572810.txt
    2013-04-29 10:06 - 2013-04-29 10:06 - 00000117 ____A C:\Windows\System32\netcfg-389569612.txt
    2013-04-28 21:53 - 2013-04-28 21:53 - 00000117 ____A C:\Windows\System32\netcfg-345576472.txt
    2013-04-28 21:53 - 2013-04-28 21:53 - 00000117 ____A C:\Windows\System32\netcfg-345576253.txt
    2013-04-28 21:17 - 2013-04-28 21:17 - 00000117 ____A C:\Windows\System32\netcfg-343400695.txt
    2013-04-28 21:17 - 2013-04-28 21:17 - 00000117 ____A C:\Windows\System32\netcfg-343400305.txt
    2013-04-28 21:04 - 2013-04-28 21:04 - 00000117 ____A C:\Windows\System32\netcfg-342612032.txt
    2013-04-28 21:04 - 2013-04-28 21:03 - 00000117 ____A C:\Windows\System32\netcfg-342611267.txt
    2013-04-28 13:01 - 2013-04-28 13:01 - 00000117 ____A C:\Windows\System32\netcfg-313664767.txt
    2013-04-28 13:01 - 2013-04-28 13:01 - 00000117 ____A C:\Windows\System32\netcfg-313661912.txt
    2013-04-28 00:35 - 2013-04-28 00:35 - 00000117 ____A C:\Windows\System32\netcfg-268898424.txt
    2013-04-28 00:35 - 2013-04-28 00:35 - 00000117 ____A C:\Windows\System32\netcfg-268895413.txt
    2013-04-27 11:26 - 2013-04-27 11:25 - 00000117 ____A C:\Windows\System32\netcfg-221539890.txt
    2013-04-27 11:25 - 2013-04-27 11:25 - 00000117 ____A C:\Windows\System32\netcfg-221539453.txt
    2013-04-26 23:02 - 2013-04-26 23:02 - 00000117 ____A C:\Windows\System32\netcfg-176907302.txt
    2013-04-26 23:02 - 2013-04-26 23:02 - 00000117 ____A C:\Windows\System32\netcfg-176906163.txt
    2013-04-26 19:34 - 2013-04-15 11:39 - 00000000 ____D C:\Users\Kendra\AppData\Local\Packages
    2013-04-26 19:30 - 2013-04-26 19:30 - 00000117 ____A C:\Windows\System32\netcfg-164235418.txt
    2013-04-26 19:30 - 2013-04-26 19:30 - 00000117 ____A C:\Windows\System32\netcfg-164234841.txt
    2013-04-26 13:17 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
    2013-04-26 12:39 - 2013-04-26 12:39 - 00000000 ____D C:\Users\Kendra\Downloads\mbar-1.05.0.1001
    2013-04-26 12:36 - 2013-04-26 12:35 - 12917756 ____A C:\Users\Kendra\Downloads\mbar-1.05.0.1001.zip
     
  14. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    2013-04-26 12:24 - 2013-04-26 12:24 - 00001885 ____A C:\Users\Kendra\Desktop\RKreport[2]_D_04262013_02d1224.txt
    2013-04-26 12:23 - 2013-04-26 12:13 - 00000000 ____D C:\Users\Kendra\Desktop\RK_Quarantine
    2013-04-26 12:22 - 2013-04-26 12:22 - 00001716 ____A C:\Users\Kendra\Desktop\RKreport[1]_S_04262013_02d1222.txt
    2013-04-26 12:11 - 2013-04-26 12:11 - 00816128 ____A C:\Users\Kendra\Downloads\RogueKiller.exe
    2013-04-26 12:09 - 2013-04-26 12:09 - 00000117 ____A C:\Windows\System32\netcfg-137735263.txt
    2013-04-26 12:09 - 2013-04-26 12:09 - 00000117 ____A C:\Windows\System32\netcfg-137731816.txt
    2013-04-26 11:18 - 2013-04-26 11:18 - 00000117 ____A C:\Windows\System32\netcfg-134715271.txt
    2013-04-26 11:18 - 2013-04-26 11:18 - 00000117 ____A C:\Windows\System32\netcfg-134714476.txt
    2013-04-26 02:59 - 2013-04-26 02:59 - 00000117 ____A C:\Windows\System32\netcfg-104755841.txt
    2013-04-26 02:59 - 2013-04-26 02:59 - 00000117 ____A C:\Windows\System32\netcfg-104755139.txt
    2013-04-25 14:47 - 2013-04-25 14:47 - 00000117 ____A C:\Windows\System32\netcfg-60860623.txt
    2013-04-25 14:47 - 2013-04-25 14:47 - 00000117 ____A C:\Windows\System32\netcfg-60860295.txt
    2013-04-25 13:31 - 2013-04-25 13:31 - 00000117 ____A C:\Windows\System32\netcfg-56274256.txt
    2013-04-25 13:31 - 2013-04-25 13:31 - 00000117 ____A C:\Windows\System32\netcfg-56274100.txt
    2013-04-25 11:27 - 2013-04-25 11:27 - 00000117 ____A C:\Windows\System32\netcfg-48816347.txt
    2013-04-25 11:27 - 2013-04-25 11:27 - 00000117 ____A C:\Windows\System32\netcfg-48813102.txt
    2013-04-24 21:54 - 2013-04-24 21:53 - 00390760 ____A C:\Windows\Minidump\042413-22136-01.dmp
    2013-04-24 12:30 - 2013-04-24 12:30 - 00000117 ____A C:\Windows\System32\netcfg-45948394.txt
    2013-04-24 12:30 - 2013-04-24 12:30 - 00000117 ____A C:\Windows\System32\netcfg-45948144.txt
    2013-04-24 10:29 - 2013-04-24 10:29 - 00000117 ____A C:\Windows\System32\netcfg-38713738.txt
    2013-04-24 10:29 - 2013-04-24 10:29 - 00000117 ____A C:\Windows\System32\netcfg-38713426.txt
    2013-04-24 01:00 - 2013-04-24 01:00 - 00022502 ____A C:\Users\Kendra\Desktop\dds.txt
    2013-04-24 01:00 - 2013-04-24 01:00 - 00016775 ____A C:\Users\Kendra\Desktop\attach.txt
    2013-04-24 00:54 - 2013-04-24 00:53 - 00688992 ____R (Swearware) C:\Users\Kendra\Downloads\dds.com
    2013-04-24 00:38 - 2013-04-24 00:38 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-24 00:38 - 2013-04-24 00:38 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Malwarebytes
    2013-04-24 00:38 - 2013-04-24 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-24 00:34 - 2013-04-24 00:33 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Kendra\Downloads\mbam-setup-1.75.0.1300.exe
    2013-04-24 00:29 - 2013-04-24 00:29 - 00000117 ____A C:\Windows\System32\netcfg-2683934.txt
    2013-04-24 00:29 - 2013-04-24 00:29 - 00000117 ____A C:\Windows\System32\netcfg-2682936.txt
    2013-04-23 23:45 - 2013-04-23 23:45 - 00000117 ____A C:\Windows\System32\netcfg-57408.txt
    2013-04-23 23:44 - 2013-04-23 23:44 - 00000117 ____A C:\Windows\System32\netcfg-2880028.txt
    2013-04-23 22:56 - 2013-04-23 22:56 - 00384696 ____A C:\Windows\Minidump\042313-24070-01.dmp
    2013-04-23 22:13 - 2013-04-23 22:13 - 00000117 ____A C:\Windows\System32\netcfg-20895429.txt
    2013-04-23 22:13 - 2013-04-23 22:13 - 00000117 ____A C:\Windows\System32\netcfg-20895007.txt
    2013-04-23 17:21 - 2013-04-23 17:21 - 00000117 ____A C:\Windows\System32\netcfg-3429947.txt
    2013-04-23 17:21 - 2013-04-23 17:21 - 00000117 ____A C:\Windows\System32\netcfg-3429104.txt
    2013-04-23 16:25 - 2013-04-23 16:25 - 00385920 ____A C:\Windows\Minidump\042313-26816-01.dmp
    2013-04-23 15:19 - 2013-04-23 15:19 - 00000117 ____A C:\Windows\System32\netcfg-6526270.txt
    2013-04-23 15:19 - 2013-04-23 15:19 - 00000117 ____A C:\Windows\System32\netcfg-6522698.txt
    2013-04-23 12:44 - 2013-04-23 12:44 - 00000117 ____A C:\Windows\System32\netcfg-4267313.txt
    2013-04-23 12:44 - 2013-04-23 12:44 - 00000117 ____A C:\Windows\System32\netcfg-4264006.txt
    2013-04-23 00:50 - 2013-04-23 00:50 - 00000000 ____D C:\Program Files (x86)\Build-a-lot 2 - Town of the Year
    2013-04-23 00:50 - 2013-04-23 00:28 - 00000000 ____D C:\BigFishGamesCache
    2013-04-23 00:35 - 2013-04-23 00:35 - 00000970 ____A C:\Users\Public\Desktop\Game Manager.lnk
    2013-04-23 00:35 - 2013-04-23 00:35 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url
    2013-04-23 00:34 - 2013-04-23 00:34 - 00000000 ____D C:\Program Files (x86)\bfgclient
    2013-04-23 00:27 - 2013-04-23 00:27 - 00235080 ____A (Big Fish Games) C:\Users\Kendra\Downloads\bigfishgames_p124488422_s1_l1.exe
    2013-04-22 16:56 - 2013-04-22 16:56 - 00000117 ____A C:\Windows\System32\netcfg-166701357.txt
    2013-04-22 16:56 - 2013-04-22 16:56 - 00000117 ____A C:\Windows\System32\netcfg-166698081.txt
    2013-04-22 13:37 - 2013-04-22 13:37 - 00000117 ____A C:\Windows\System32\netcfg-154772944.txt
    2013-04-22 13:37 - 2013-04-22 13:37 - 00000117 ____A C:\Windows\System32\netcfg-154772679.txt
    2013-04-22 13:35 - 2013-04-22 13:35 - 00000117 ____A C:\Windows\System32\netcfg-154654352.txt
    2013-04-22 13:35 - 2013-04-22 13:35 - 00000117 ____A C:\Windows\System32\netcfg-154651185.txt
    2013-04-22 12:40 - 2013-04-22 12:40 - 00000117 ____A C:\Windows\System32\netcfg-151344806.txt
    2013-04-22 12:40 - 2013-04-22 12:40 - 00000117 ____A C:\Windows\System32\netcfg-151344198.txt
    2013-04-22 12:25 - 2013-04-22 12:25 - 00000117 ____A C:\Windows\System32\netcfg-150441311.txt
    2013-04-22 12:25 - 2013-04-22 12:25 - 00000117 ____A C:\Windows\System32\netcfg-150438284.txt
    2013-04-22 12:24 - 2013-04-22 12:24 - 00000117 ____A C:\Windows\System32\netcfg-150400095.txt
    2013-04-22 12:24 - 2013-04-22 12:24 - 00000117 ____A C:\Windows\System32\netcfg-150399674.txt
    2013-04-22 11:56 - 2013-04-22 11:56 - 00000117 ____A C:\Windows\System32\netcfg-148702118.txt
    2013-04-22 11:56 - 2013-04-22 11:56 - 00000117 ____A C:\Windows\System32\netcfg-148701463.txt
    2013-04-22 08:46 - 2013-04-22 08:46 - 00000117 ____A C:\Windows\System32\netcfg-137281347.txt
    2013-04-22 08:46 - 2013-04-22 08:46 - 00000117 ____A C:\Windows\System32\netcfg-137281129.txt
    2013-04-22 08:37 - 2013-04-22 08:37 - 00000117 ____A C:\Windows\System32\netcfg-136737777.txt
    2013-04-22 08:37 - 2013-04-22 08:37 - 00000117 ____A C:\Windows\System32\netcfg-136737465.txt
    2013-04-21 22:08 - 2013-04-21 22:08 - 00000117 ____A C:\Windows\System32\netcfg-99016673.txt
    2013-04-21 22:08 - 2013-04-21 22:08 - 00000117 ____A C:\Windows\System32\netcfg-99013460.txt
    2013-04-21 21:14 - 2013-04-21 21:14 - 00358912 ____A C:\Users\Kendra\Downloads\75off.ppt
    2013-04-21 20:02 - 2013-04-21 20:02 - 00000117 ____A C:\Windows\System32\netcfg-91484508.txt
    2013-04-21 20:02 - 2013-04-21 20:02 - 00000117 ____A C:\Windows\System32\netcfg-91484181.txt
    2013-04-21 16:48 - 2013-04-21 16:48 - 00000117 ____A C:\Windows\System32\netcfg-79815181.txt
    2013-04-21 16:48 - 2013-04-21 16:48 - 00000117 ____A C:\Windows\System32\netcfg-79815025.txt
    2013-04-21 16:38 - 2013-04-21 16:38 - 00000117 ____A C:\Windows\System32\netcfg-79213282.txt
    2013-04-21 16:38 - 2013-04-21 16:38 - 00000117 ____A C:\Windows\System32\netcfg-79212892.txt
    2013-04-20 21:04 - 2013-04-20 21:04 - 00000117 ____A C:\Windows\System32\netcfg-8775430.txt
    2013-04-20 21:04 - 2013-04-20 21:04 - 00000117 ____A C:\Windows\System32\netcfg-8774619.txt
    2013-04-20 18:37 - 2013-04-20 18:37 - 00000326 ____A C:\Windows\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}.job
    2013-04-20 18:37 - 2013-04-15 13:39 - 00001838 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2013-04-19 21:15 - 2013-04-19 21:15 - 00000117 ____A C:\Windows\System32\netcfg-35480742.txt
    2013-04-19 21:15 - 2013-04-19 21:15 - 00000117 ____A C:\Windows\System32\netcfg-35478230.txt
    2013-04-19 21:08 - 2013-04-19 21:08 - 00000117 ____A C:\Windows\System32\netcfg-35084718.txt
    2013-04-19 21:08 - 2013-04-19 21:08 - 00000117 ____A C:\Windows\System32\netcfg-35083798.txt
    2013-04-19 17:02 - 2013-04-19 17:02 - 00000117 ____A C:\Windows\System32\netcfg-20313280.txt
    2013-04-19 17:02 - 2013-04-19 17:02 - 00000117 ____A C:\Windows\System32\netcfg-20310128.txt
    2013-04-19 16:55 - 2013-04-19 16:55 - 00000117 ____A C:\Windows\System32\netcfg-19892155.txt
    2013-04-19 16:55 - 2013-04-19 16:55 - 00000117 ____A C:\Windows\System32\netcfg-19891593.txt
    2013-04-19 16:38 - 2013-04-19 16:38 - 00000117 ____A C:\Windows\System32\netcfg-18863250.txt
    2013-04-19 16:38 - 2013-04-19 16:38 - 00000117 ____A C:\Windows\System32\netcfg-18859943.txt
    2013-04-19 15:06 - 2013-04-19 15:06 - 00000117 ____A C:\Windows\System32\netcfg-13329068.txt
    2013-04-19 15:06 - 2013-04-19 15:06 - 00000117 ____A C:\Windows\System32\netcfg-13328772.txt
    2013-04-19 14:29 - 2013-04-19 14:29 - 00000117 ____A C:\Windows\System32\netcfg-11156193.txt
    2013-04-19 14:29 - 2013-04-19 14:29 - 00000117 ____A C:\Windows\System32\netcfg-11152948.txt
    2013-04-19 14:19 - 2013-04-19 14:19 - 00000117 ____A C:\Windows\System32\netcfg-10539162.txt
    2013-04-19 14:19 - 2013-04-19 14:19 - 00000117 ____A C:\Windows\System32\netcfg-10538897.txt
    2013-04-19 11:26 - 2013-04-19 11:25 - 00000128 ____A C:\Windows\System32\netcfg-124379.txt
    2013-04-19 11:25 - 2013-04-19 11:25 - 00000117 ____A C:\Windows\System32\netcfg-96783.txt
    2013-04-19 11:23 - 2013-04-19 11:23 - 00000117 ____A C:\Windows\System32\netcfg-372389.txt
    2013-04-19 11:22 - 2012-07-26 02:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2013-04-19 11:19 - 2012-07-26 02:12 - 00000000 ____D C:\Program Files\Windows Defender
    2013-04-19 11:19 - 2012-07-26 02:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-04-19 11:17 - 2013-04-19 11:17 - 00385920 ____A C:\Windows\Minidump\041913-25038-01.dmp
    2013-04-18 11:02 - 2013-01-16 20:51 - 00118400 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
    2013-04-17 22:17 - 2013-04-15 13:27 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\WildTangent
    2013-04-17 22:17 - 2012-12-27 03:47 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2013-04-17 21:14 - 2013-04-17 21:14 - 00017920 __ASH C:\Users\Kendra\Downloads\Thumbs.db
    2013-04-17 21:04 - 2013-04-17 21:04 - 00000000 ____A C:\Users\Kendra\Downloads\ouam2.htm
    2013-04-17 21:03 - 2013-04-17 21:03 - 00000000 ____A C:\Users\Kendra\Downloads\ouam.htm
    2013-04-16 21:39 - 2013-04-16 21:39 - 00113152 ____A C:\Users\Kendra\Downloads\Mentor Appreciation 2.pub
    2013-04-16 19:26 - 2013-04-16 19:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-04-16 19:13 - 2013-04-16 19:13 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\SUPERAntiSpyware.com
    2013-04-16 19:12 - 2013-04-16 19:12 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2013-04-16 19:04 - 2013-04-16 18:57 - 21235504 ____A (SUPERAntiSpyware.com) C:\Users\Kendra\Downloads\SUPERAntiSpyware.exe
    2013-04-16 18:12 - 2013-04-16 18:12 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Mozilla
    2013-04-16 18:12 - 2013-04-16 18:12 - 00000000 ____D C:\Users\Kendra\AppData\Local\Mozilla
    2013-04-16 18:05 - 2013-04-16 18:05 - 00000117 ____A C:\Windows\System32\netcfg-101624214.txt
    2013-04-16 18:05 - 2013-04-16 18:05 - 00000117 ____A C:\Windows\System32\netcfg-101621484.txt
    2013-04-16 03:35 - 2013-04-16 03:35 - 00000117 ____A C:\Windows\System32\netcfg-502229.txt
    2013-04-16 03:32 - 2013-04-16 03:32 - 00000117 ____A C:\Windows\System32\netcfg-335760.txt
    2013-04-15 20:32 - 2013-04-15 20:32 - 00000000 ____D C:\Users\Kendra\Documents\Fax
    2013-04-15 20:30 - 2013-04-15 20:30 - 01007304 ____A C:\Users\Kendra\Documents\Modern Photo Letter.oxps
    2013-04-15 19:51 - 2013-04-15 19:51 - 00000117 ____A C:\Windows\System32\netcfg-21557887.txt
    2013-04-15 19:51 - 2013-04-15 19:50 - 00000117 ____A C:\Windows\System32\netcfg-21557731.txt
    2013-04-15 19:19 - 2013-04-15 19:19 - 00000117 ____A C:\Windows\System32\netcfg-19671242.txt
    2013-04-15 19:19 - 2013-04-15 19:19 - 00000117 ____A C:\Windows\System32\netcfg-19668075.txt
    2013-04-15 18:46 - 2013-04-15 18:46 - 00000117 ____A C:\Windows\System32\netcfg-17679796.txt
    2013-04-15 18:46 - 2013-04-15 18:46 - 00000117 ____A C:\Windows\System32\netcfg-17678688.txt
    2013-04-15 18:41 - 2013-04-15 18:41 - 00000117 ____A C:\Windows\System32\netcfg-17416466.txt
    2013-04-15 18:41 - 2013-04-15 18:41 - 00000117 ____A C:\Windows\System32\netcfg-17416279.txt
    2013-04-15 16:14 - 2013-04-15 16:14 - 00000117 ____A C:\Windows\System32\netcfg-8570554.txt
    2013-04-15 16:14 - 2013-04-15 16:14 - 00000117 ____A C:\Windows\System32\netcfg-8569899.txt
    2013-04-15 13:52 - 2013-04-15 13:52 - 00000117 ____A C:\Windows\System32\netcfg-50045.txt
    2013-04-15 13:51 - 2013-04-15 13:51 - 00000117 ____A C:\Windows\System32\netcfg-2679535.txt
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000600 ____A C:\Users\Public\Desktop\Shared Space.lnk
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000167 ____A C:\Windows\System32\netcfg-1974099.txt
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000117 ____A C:\Windows\System32\netcfg-1978794.txt
    2013-04-15 13:39 - 2013-04-15 13:39 - 00000117 ____A C:\Windows\System32\netcfg-1975690.txt
    2013-04-15 13:37 - 2013-04-15 13:37 - 00000000 ____D C:\Program Files\COMODO
    2013-04-15 13:32 - 2013-04-15 13:25 - 51053584 ____A (COMODO) C:\Users\Kendra\Downloads\cfw_installer_x64.exe
    2013-04-15 13:27 - 2012-12-27 03:47 - 00002654 ____N C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    2013-04-15 13:08 - 2013-04-15 13:08 - 00000117 ____A C:\Windows\System32\netcfg-102009.txt
    2013-04-15 13:06 - 2013-04-15 13:06 - 00000117 ____A C:\Windows\System32\netcfg-6076909.txt
    2013-04-15 13:03 - 2012-07-26 02:12 - 00000000 ___HD C:\Windows\ELAMBKUP
    2013-04-15 13:03 - 2012-07-25 23:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
    2013-04-15 12:58 - 2013-04-15 12:58 - 00000000 ____D C:\Users\Kendra\AppData\LocalGoogle
    2013-04-15 12:58 - 2013-04-15 11:46 - 00000000 ____D C:\Users\Kendra\AppData\Local\Google
    2013-04-15 12:58 - 2013-04-15 11:46 - 00000000 ____D C:\Program Files (x86)\Google
    2013-04-15 12:54 - 2013-04-15 12:54 - 00001929 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-04-15 12:53 - 2013-04-15 12:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-04-15 12:52 - 2013-04-15 12:52 - 00000000 ____D C:\Program Files\AVAST Software
    2013-04-15 12:52 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\System32\restore
    2013-04-15 12:32 - 2013-04-15 12:19 - 115054456 ____A C:\Users\Kendra\Downloads\avast_free_antivirus_setup.exe
    2013-04-15 11:55 - 2013-04-15 11:55 - 00001158 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-04-15 11:55 - 2013-04-15 11:55 - 00000117 ____A C:\Windows\System32\netcfg-1847176.txt
    2013-04-15 11:55 - 2013-04-15 11:55 - 00000117 ____A C:\Windows\System32\netcfg-1846661.txt
    2013-04-15 11:55 - 2013-04-15 11:54 - 08623428 ____A C:\Users\Kendra\Downloads\Unconfirmed 608854.crdownload
    2013-04-15 11:54 - 2013-04-15 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-04-15 11:54 - 2013-04-15 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-15 11:52 - 2013-04-15 11:52 - 00002266 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-04-15 11:46 - 2013-04-15 11:46 - 00000000 ____D C:\Users\Kendra\AppData\Local\Deployment
    2013-04-15 11:46 - 2013-04-15 11:46 - 00000000 ____D C:\Users\Kendra\AppData\Local\Apps\2.0
    2013-04-15 11:45 - 2013-04-15 11:45 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Macromedia
    2013-04-15 11:42 - 2012-12-27 02:53 - 00000000 ___HD C:\OEM
    2013-04-15 11:41 - 2013-04-15 11:41 - 00001967 ____A C:\Users\Public\Desktop\Netflix.lnk
    2013-04-15 11:41 - 2013-04-15 11:41 - 00001742 ____A C:\Users\Public\Desktop\Buy Online.lnk
    2013-04-15 11:41 - 2013-04-15 11:41 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\Adobe
    2013-04-15 11:41 - 2013-04-15 11:41 - 00000000 ____D C:\Program Files\Accessory Store
    2013-04-15 11:41 - 2013-04-15 11:38 - 00000000 ____D C:\users\Kendra
    2013-04-15 11:40 - 2013-04-15 11:40 - 00000000 ____D C:\Users\Kendra\AppData\Roaming\lm
    2013-04-15 11:39 - 2013-04-15 11:39 - 00000000 ____D C:\Users\Kendra\AppData\Local\VirtualStore
    2013-04-15 11:38 - 2013-04-15 11:38 - 00000020 ___SH C:\Users\Kendra\ntuser.ini
    2013-04-15 11:38 - 2013-01-24 23:43 - 00437176 ____A (COMODO) C:\Windows\System32\guard64.dll
    2013-04-15 11:38 - 2013-01-24 23:43 - 00348584 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
    2013-04-15 11:38 - 2013-01-24 23:43 - 00043216 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
    2013-04-15 11:38 - 2013-01-24 23:42 - 00343760 ____A (COMODO) C:\Windows\System32\cmdvrt64.dll
    2013-04-15 11:38 - 2013-01-24 23:42 - 00276688 ____A (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
    2013-04-15 11:38 - 2013-01-24 23:42 - 00045776 ____A (COMODO) C:\Windows\System32\cmdkbd64.dll
    2013-04-15 11:38 - 2013-01-24 23:42 - 00040656 ____A (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
    2013-04-15 11:38 - 2013-01-16 20:51 - 00712216 ____A (COMODO) C:\Windows\System32\Drivers\cmdguard.sys
    2013-04-15 11:38 - 2013-01-16 20:51 - 00037560 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
    2013-04-15 11:38 - 2013-01-16 20:51 - 00023168 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
    2013-04-15 11:33 - 2013-04-15 11:33 - 00000117 ____A C:\Windows\System32\netcfg-505193.txt
    2013-04-04 14:50 - 2013-04-24 00:38 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-04-02 16:08 - 2012-07-26 02:14 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-04-02 16:08 - 2012-07-26 02:14 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2012-12-27 03:02

    ==================== End Of Log ============================
     
  15. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Here is the attachment of addition.txt. The instructions said to attach it, but if you would rather I copy and paste let me know
     

    Attached Files:

  16. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Is it all right to run my regular weekly virus scans (Avast and Super AntiSpyware) as well as install Comodo updates or would you like me to still wait on that?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It's fine. Make sure your security programs are always up to date.

    FRST log looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    # AdwCleaner v2.300 - Logfile created 05/05/2013 at 22:15:47
    # Updated 28/04/2013 by Xplode
    # Operating system : Windows 8 (64 bits)
    # User : Kendra - MOMSPC
    # Boot Mode : Normal
    # Running from : C:\Users\Kendra\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\boost_interprocess

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0.1 (en-US)

    File : C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [965 octets] - [05/05/2013 22:07:10]
    AdwCleaner[S1].txt - [902 octets] - [05/05/2013 22:15:47]

    ########## EOF - C:\AdwCleaner[S1].txt - [961 octets] ##########
     
  19. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.3 (04.29.2013:2)
    OS: Windows 8 x64
    Ran by Kendra on Sun 05/05/2013 at 22:33:45.48
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\big fish games"
    Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 05/05/2013 at 22:59:00.33
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  20. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    OTL logfile created on: 5/5/2013 11:07:46 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kendra\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.45 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 79.39% Memory free
    10.95 Gb Paging File | 9.53 Gb Available in Paging File | 87.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 682.19 Gb Total Space | 642.72 Gb Free Space | 94.21% Space Free | Partition Type: NTFS

    Computer Name: MOMSPC | User Name: Kendra | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/05/05 23:03:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kendra\Downloads\OTL.exe
    PRC - [2013/04/15 11:46:30 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    PRC - [2013/03/06 16:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/03/06 16:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/01/16 12:23:36 | 000,111,216 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    PRC - [2012/12/10 02:39:14 | 000,475,984 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2012/12/10 02:39:10 | 001,192,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2012/12/10 02:39:10 | 000,350,544 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2012/11/02 18:36:52 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    PRC - [2012/11/02 18:36:40 | 000,624,192 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    PRC - [2012/09/19 18:07:44 | 000,995,856 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    PRC - [2011/11/25 18:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/02 18:38:02 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/04/24 18:30:16 | 005,784,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2013/04/15 11:38:20 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2013/03/06 16:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2013/02/02 02:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/01/28 19:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/12/13 15:45:06 | 000,664,288 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2012/11/20 04:48:38 | 000,100,752 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
    SRV:64bit: - [2012/11/16 16:07:20 | 000,469,648 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
    SRV:64bit: - [2012/11/05 22:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/09/20 03:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 00:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/09/17 12:38:00 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/07/11 12:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV - [2013/04/10 00:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/16 12:23:36 | 000,098,160 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
    SRV - [2012/12/10 02:39:10 | 000,350,544 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2012/11/02 18:36:52 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2012/09/12 21:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2012/08/15 13:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2011/11/25 18:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/15 11:38:55 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2013/03/06 16:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/03/06 16:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/03/06 16:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/03/06 16:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/03/06 16:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/03/06 16:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/03/06 16:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/03/06 16:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2013/03/02 04:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2013/03/02 04:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2013/03/02 04:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2013/03/02 04:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2013/02/02 05:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2013/02/02 01:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2013/01/28 19:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2013/01/28 17:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2013/01/16 12:28:05 | 006,835,784 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
    DRV:64bit: - [2013/01/16 12:23:36 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
    DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/20 04:48:40 | 000,331,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/19 03:34:56 | 000,118,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
    DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 01:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/09/20 01:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 01:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/18 20:40:38 | 000,343,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2012/09/17 14:15:48 | 010,316,800 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/09/17 12:12:42 | 000,370,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/08/28 06:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2012/08/20 22:56:38 | 000,091,648 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/25 23:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/06/29 20:00:53 | 001,119,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
    DRV:64bit: - [2012/06/23 08:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
    DRV:64bit: - [2012/05/25 18:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)
    DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{B277A523-F32E-4415-B0A5-C9795B9F5EFD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{B277A523-F32E-4415-B0A5-C9795B9F5EFD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2205581236-1962149331-2801561248-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    IE - HKU\S-1-5-21-2205581236-1962149331-2801561248-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
    IE - HKU\S-1-5-21-2205581236-1962149331-2801561248-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2205581236-1962149331-2801561248-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/15 12:53:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/15 11:54:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/04/16 18:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Extensions
    [2013/04/15 11:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/04/10 00:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/04/10 00:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/04/10 00:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://acer13.msn.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - Extension: Google Docs = C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: avast! WebRep = C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
    CHR - Extension: Gmail = C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [LManager] File not found
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [RadioController] C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2205581236-1962149331-2801561248-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93861460-374F-46E0-90B7-36421D29E88F}: NameServer = 8.26.56.26,156.154.70.22
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/05 22:33:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/05/05 22:33:10 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/05/05 21:59:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/05/02 15:58:52 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/05/02 13:38:16 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Diagnostics
    [2013/04/26 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\Kendra\Desktop\RK_Quarantine
    [2013/04/24 00:38:29 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Malwarebytes
    [2013/04/24 00:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/04/24 00:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/04/24 00:38:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/04/24 00:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/04/24 00:37:52 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Programs
    [2013/04/23 00:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build-a-lot 2 - Town of the Year
    [2013/04/23 00:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Build-a-lot 2 - Town of the Year
    [2013/04/23 00:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
    [2013/04/23 00:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
    [2013/04/23 00:28:05 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
    [2013/04/22 13:37:50 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\CrashDumps
    [2013/04/19 11:17:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013/04/17 22:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
    [2013/04/16 19:13:38 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\SUPERAntiSpyware.com
    [2013/04/16 19:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/04/16 19:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/04/16 19:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/04/16 18:12:27 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Mozilla
    [2013/04/16 18:12:27 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Mozilla
    [2013/04/15 20:32:30 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Documents\Scanned Documents
    [2013/04/15 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\Kendra\Documents\Fax
    [2013/04/15 13:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2013/04/15 13:39:34 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
    [2013/04/15 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2013/04/15 13:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2013/04/15 13:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2013/04/15 13:27:43 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\WildTangent
    [2013/04/15 12:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2013/04/15 12:54:25 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2013/04/15 12:54:25 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2013/04/15 12:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2013/04/15 12:54:22 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2013/04/15 12:54:21 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2013/04/15 12:54:05 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2013/04/15 12:53:57 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2013/04/15 12:53:56 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2013/04/15 12:52:43 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/04/15 12:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/04/15 12:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/04/15 11:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/04/15 11:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/04/15 11:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/04/15 11:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/04/15 11:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2013/04/15 11:46:26 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Google
    [2013/04/15 11:46:07 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Apps
    [2013/04/15 11:46:06 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Deployment
    [2013/04/15 11:45:28 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Macromedia
    [2013/04/15 11:42:20 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gateway
    [2013/04/15 11:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Accessory Store
    [2013/04/15 11:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
    [2013/04/15 11:41:36 | 000,000,000 | R--D | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/04/15 11:41:36 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Searches
    [2013/04/15 11:41:36 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Contacts
    [2013/04/15 11:41:36 | 000,000,000 | R--D | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/04/15 11:41:36 | 000,000,000 | -H-D | C] -- C:\Users\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/04/15 11:41:29 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Adobe
    [2013/04/15 11:40:55 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\lm
    [2013/04/15 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\VirtualStore
    [2013/04/15 11:39:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
    [2013/04/15 11:39:08 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Packages
    [2013/04/15 11:38:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/04/15 11:38:39 | 000,000,000 | --SD | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Videos
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Saved Games
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Pictures
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Music
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Links
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Favorites
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Downloads
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Documents
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\Desktop
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/04/15 11:38:39 | 000,000,000 | R--D | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\AppData\Local\Temporary Internet Files
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Templates
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Start Menu
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\SendTo
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Recent
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\PrintHood
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\NetHood
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Documents\My Videos
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Documents\My Pictures
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Documents\My Music
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\My Documents
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Local Settings
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\AppData\Local\History
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Cookies
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\Application Data
    [2013/04/15 11:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Kendra\AppData\Local\Application Data
    [2013/04/15 11:38:39 | 000,000,000 | -H-D | C] -- C:\Users\Kendra\AppData
    [2013/04/15 11:38:39 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Temp
    [2013/04/15 11:38:39 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Microsoft
    [2013/04/15 11:38:39 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

    ========== Files - Modified Within 30 Days ==========

    [2013/05/05 22:51:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/05/05 22:26:49 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/05/05 22:19:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/05 22:16:56 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/05/05 22:16:49 | 384,409,599 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/05 22:16:07 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/05/02 19:55:27 | 396,935,344 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/05/02 13:28:04 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/04/29 12:27:00 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/04/29 12:27:00 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/04/29 12:27:00 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/04/24 00:38:13 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/23 08:04:10 | 000,437,176 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
    [2013/04/23 08:04:10 | 000,348,048 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
    [2013/04/23 00:35:29 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
    [2013/04/23 00:35:29 | 000,000,231 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.url
    [2013/04/20 18:37:29 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2013/04/20 18:37:29 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}.job
    [2013/04/16 19:12:50 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/04/15 20:30:49 | 001,007,304 | ---- | M] () -- C:\Users\Kendra\Documents\Modern Photo Letter.oxps
    [2013/04/15 13:39:53 | 000,000,600 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
    [2013/04/15 13:27:59 | 000,002,654 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    [2013/04/15 13:08:26 | 000,002,290 | ---- | M] () -- C:\Users\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/04/15 12:54:26 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/04/15 12:53:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/04/15 11:55:02 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/04/15 11:52:06 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/04/15 11:45:18 | 000,001,435 | ---- | M] () -- C:\Users\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/04/15 11:41:50 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\Buy Online.lnk
    [2013/04/15 11:41:43 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
    [2013/04/15 11:38:55 | 000,023,168 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
    [2013/04/15 11:38:38 | 000,043,216 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
    [2013/04/15 11:38:29 | 000,343,760 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
    [2013/04/15 11:38:28 | 000,045,776 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
    [2013/04/15 11:38:25 | 000,276,688 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
    [2013/04/15 11:38:24 | 000,040,656 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
     
  21. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    OTL logfile created on: 5/5/2013 11:07:46 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kendra\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.45 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 79.39% Memory free
    10.95 Gb Paging File | 9.53 Gb Available in Paging File | 87.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 682.19 Gb Total Space | 642.72 Gb Free Space | 94.21% Space Free | Partition Type: NTFS

    Computer Name: MOMSPC | User Name: Kendra | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/05/05 23:03:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kendra\Downloads\OTL.exe
    PRC - [2013/04/15 11:46:30 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    PRC - [2013/03/06 16:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/03/06 16:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/01/16 12:23:36 | 000,111,216 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    PRC - [2012/12/10 02:39:14 | 000,475,984 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2012/12/10 02:39:10 | 001,192,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2012/12/10 02:39:10 | 000,350,544 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2012/11/02 18:36:52 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    PRC - [2012/11/02 18:36:40 | 000,624,192 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    PRC - [2012/09/19 18:07:44 | 000,995,856 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    PRC - [2011/11/25 18:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/02 18:38:02 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/04/24 18:30:16 | 005,784,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2013/04/15 11:38:20 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2013/03/06 16:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2013/02/02 02:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/01/28 19:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/12/13 15:45:06 | 000,664,288 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)


    ========== Files Created - No Company Name ==========

    [2013/05/05 22:15:53 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/05/02 13:27:55 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/04/26 19:55:31 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
    [2013/04/26 19:55:31 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
    [2013/04/24 00:38:12 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/23 00:35:29 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
    [2013/04/23 00:35:29 | 000,000,231 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.url
    [2013/04/23 00:34:27 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
    [2013/04/23 00:34:27 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
    [2013/04/20 18:37:29 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}.job
    [2013/04/19 11:17:39 | 396,935,344 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/04/16 19:12:50 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/04/16 16:58:27 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
    [2013/04/15 20:30:49 | 001,007,304 | ---- | C] () -- C:\Users\Kendra\Documents\Modern Photo Letter.oxps
    [2013/04/15 13:39:55 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2013/04/15 13:39:53 | 000,000,600 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
    [2013/04/15 12:54:26 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/04/15 12:54:03 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2013/04/15 12:54:00 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2013/04/15 12:53:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2013/04/15 11:55:01 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/04/15 11:55:00 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/04/15 11:52:06 | 000,002,290 | ---- | C] () -- C:\Users\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/04/15 11:52:05 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/04/15 11:46:33 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/15 11:46:32 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/15 11:45:18 | 000,001,435 | ---- | C] () -- C:\Users\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/04/15 11:41:50 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\Buy Online.lnk
    [2013/04/15 11:41:43 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
    [2013/04/15 11:41:29 | 000,001,441 | ---- | C] () -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/04/15 11:38:39 | 000,000,352 | ---- | C] () -- C:\Users\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/04/15 11:38:39 | 000,000,334 | ---- | C] () -- C:\Users\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/01/16 12:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/12/27 02:55:03 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/12/27 02:55:03 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/12/27 02:55:02 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2012/05/10 18:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/03/01 20:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/03/02 02:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/04/15 11:40:56 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\lm
    [2013/04/17 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\WildTangent

    ========== Purity Check ==========



    < End of report >
     
  22. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Sorry, started posting the OTL file twice
     
  23. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    OTL Extras logfile created on: 5/5/2013 11:07:46 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kendra\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.45 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 79.39% Memory free
    10.95 Gb Paging File | 9.53 Gb Available in Paging File | 87.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 682.19 Gb Total Space | 642.72 Gb Free Space | 94.21% Space Free | Partition Type: NTFS

    Computer Name: MOMSPC | User Name: Kendra | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2205581236-1962149331-2801561248-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{261EE935-8E78-4E97-9BB5-ADF0D625DA52}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{2AADDED0-8283-4BF0-B290-08EAE80F70BB}" = rport=138 | protocol=17 | dir=out | app=system |
    "{33D1690F-E7F1-47FA-8D24-22818A8A2180}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3B91111F-B7DE-42AA-B3B7-CFE9BE283BD2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{535CC225-F66C-4AE0-AA55-30026365AB75}" = lport=445 | protocol=6 | dir=in | app=system |
    "{5417CD53-EDAE-4A98-BDDC-F0E2DFADB046}" = lport=137 | protocol=17 | dir=in | app=system |
    "{67BBA478-9D2E-4F00-A452-35C37F1DECEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{71B11B4A-9F8C-44D2-A84F-5ED650F306CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8251A93F-6AFD-469D-BF71-E6F1524A5F5B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8B5A6E1B-6D73-4A75-90B5-8FA3361FBA87}" = lport=138 | protocol=17 | dir=in | app=system |
    "{945B3111-D5BA-48C7-83B8-B45CC36968A9}" = rport=137 | protocol=17 | dir=out | app=system |
    "{97B8760E-8E9D-4C47-A63C-F07E7C784B12}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9E51A0B3-28AE-4F1F-9068-9F8CDBA0AF0A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B9FC1F4D-E281-41EC-AEB8-A77216F5A48E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C2208179-2876-4084-9E25-716AB0EF789F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C5B6F296-4164-44CD-B7CA-A89E96F11987}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CD14E4FC-8643-4E1E-AFEA-35FAC9597B61}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E6CB3C6D-AF5D-49A9-BADE-A003E36F434C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F2698CB8-5734-49DA-AA8E-B9E9CE0EDCCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F2A99D58-4416-411B-B063-B46C794511F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FB71D433-B71C-4C65-BE28-9D3F4C8440BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{018A5477-4AB1-46B9-8E1B-B3442B2B89DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{01B9A786-F156-4813-90D0-8B68ED287D69}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{01E7BC76-873E-41DF-8E0E-C2B349BDE190}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{02F6213F-6EE6-43C5-AD58-19144AC29251}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{0F0D358E-3EF2-49CB-ADA1-3F9C9DFF90C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{111FE535-CAE8-49AD-9184-4741BA66198B}" = dir=out | name=kindle |
    "{1271C074-0F01-434C-A72E-8DF995150FF6}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{13563AA8-2A22-485E-8F80-B3E7FABB4C25}" = dir=in | name=amazon |
    "{18365ABE-18F3-4FFE-9AFF-C44B676DBD2A}" = dir=out | name=chacha |
    "{1AC50C7C-3BB1-4BBD-B032-9A5821E3394F}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "{1C716353-26CB-421D-B8A5-BE801A802AD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1D6E9CA0-B82C-4544-8212-957ADA43EA95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2047AA9C-E507-4EF1-AFD4-B1D8117EEF97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{222C5BF7-7FCF-4EAD-A881-9E35C912752A}" = dir=in | name=ebay |
    "{23550645-31D8-416B-A69F-ED499E1D1C3B}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{24ACE8BB-4C3F-4C2F-8158-67D5C631BF6B}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{2B3E7DFB-114B-414D-8C4F-D6E4B2C317C3}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{2D055B19-94B5-4771-99C1-CA024D93833C}" = protocol=6 | dir=out | app=system |
    "{3D211474-4F5C-4996-B60E-62E95D262966}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{434F3A33-6191-4F62-AA63-CEC3752B4DD3}" = dir=in | app=c:\program files (x86)\nti\gateway mybackup\fileexplorer.exe |
    "{472661FF-ED87-4530-B03B-2E116496EE72}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "{477E70FF-FDE9-49D7-AD64-6F8D6F84F7A1}" = dir=out | name=merriam-webster dictionary |
    "{4C1EFB16-520A-47DD-ADF5-AF8C92F93090}" = dir=out | name=gateway explorer |
    "{4DB2DFF7-94E1-4CAA-84C2-995B75DC090A}" = dir=out | name=shark dash |
    "{50A8523F-13E6-4BAA-BF24-9B5C5891B658}" = dir=out | name=hulu plus |
    "{53591CB2-D765-4A0F-934F-2EC4B53315EA}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{5431BA0C-8B7C-4937-8EBF-4F85B76BD2A2}" = dir=out | name=7digital music store |
    "{5E410BA7-5685-4E41-9436-83C79B03F268}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5F62D60E-4E3D-46EA-BC97-7D7A3E9334F9}" = dir=out | name=encyclopaedia britannica |
    "{6E044BBE-353E-4BBF-8ACC-6699466F5154}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{72FADAA0-B781-4B1E-95E8-41B88899D46D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{774CA6FE-8F8C-40A7-8377-FB44C39A2877}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
    "{7A129757-E04A-466D-884B-0464EFB9AF68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7D0DCECD-EB76-4C4F-BC0B-CE12521F4F1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{7FB60FBB-2A52-4E2C-852C-2D2E3E54A16A}" = dir=in | name=evernote |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{8A4C49C6-7781-4441-8818-FC10219A8A10}" = dir=out | name=icookbook se |
    "{8B8A8369-1AF3-4FB8-8831-5E9FB9DAE2B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8BB00B9B-14CF-46AC-9334-FEBAE53C6D66}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{91FA92E6-5516-4B82-8130-80123D231D8A}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    "{9214B946-2D99-4768-A7B2-F4F3A648F7B9}" = dir=out | name=netflix |
    "{9DB13A2C-8C7E-4B09-B87F-275778DC140E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9DB4C700-262E-48B6-9F1F-D126AC69839B}" = dir=out | name=zinio |
    "{A80033EC-0D49-4B1D-825D-08F8A90D2BBB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{AB863499-24AC-482A-ACEB-82CF6F14E9C8}" = dir=in | name=gateway explorer |
    "{B246EC2F-3CC3-49DE-AF16-6758B0EA9CC9}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{B6CD034C-AA2E-42DA-9A79-096FEE16F843}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{B81DDB46-6289-4FD7-B154-78BBF0D501E1}" = dir=out | name=amazon |
    "{BABFD725-19D7-4435-8AE9-0CDF005FE0A2}" = dir=out | name=newsxpresso |
    "{BACFAEB5-0630-407A-92DF-8FE24C4774EB}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{BC49484D-0A1F-4E1A-98E4-4FE630090BC4}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{BCDB160F-B709-406E-8A72-1F0B7D6EF2E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BE39E341-DE96-4183-8A60-E475B49B342B}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{C1D506FC-EE76-4514-9345-4668308CF756}" = dir=out | name=tunein radio |
    "{C1FFFC8A-16F9-4441-BD7D-E3592DB468DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C3DF09E2-0575-4809-8649-9D41C217ACAE}" = dir=out | name=- games app - |
    "{C4B5A796-C9F9-4E66-8D77-C05C90BE5EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CABB5078-7AEE-49F8-B541-7898A148B837}" = dir=in | app=c:\program files (x86)\nti\gateway mybackup\ischedulesvc.exe |
    "{CE625821-12DF-4CD5-8F55-1B1F77A2762A}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{D044D2FE-2A0F-47D7-BFF5-73B2879CF355}" = dir=in | app=c:\program files (x86)\nti\gateway mybackup\backupmanager.exe |
    "{D1426375-3D7F-41BA-8336-D104B709B895}" = dir=out | name=windows_ie_ac_001 |
    "{D288FE11-41CB-47F3-820C-79793C39230F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D8DE39DB-74B4-4FD4-ABDF-3B5887E3710C}" = dir=out | name=ebay |
    "{DAF1D744-E6C0-4190-8DEB-83852D7E9B93}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{E73217B2-A12A-4913-8BD3-1B26DC0FBCEF}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{E84087E3-AB4E-49E2-9250-6B521B113DD9}" = dir=out | name=video web camera |
    "{E91FFF1C-42B8-415D-A5C8-142A9F72EC25}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{EC84196F-635F-4B9E-9AC9-F1518CBD4A63}" = dir=out | name=social networks |
    "{ECBBC95D-BAC4-47A3-AFE3-C3705D677687}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
    "{EDCA8EC6-A92B-4AE3-9824-EF2E11DFD6F4}" = dir=out | name=evernote |
    "{FA5F2FEF-6B1F-40DA-96DB-E17F00E5F3F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{FD930813-C0EC-488E-A419-1ECE5344DA76}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Gateway Recovery Management
    "{1109461B-E8C8-EE08-0219-5711383B03DF}" = AMD Catalyst Install Manager
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Gateway Device Fast-lane
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{54FCB760-9F8C-A969-2BB7-88D129B9201F}" = ccc-utility64
    "{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
    "{C92C06FE-AB02-32E9-04CB-AE726C681727}" = AMD Accelerated Video Transcoding
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{E438A632-CADC-49E4-9492-C9F50F9AE37F}" = Gateway Power Management
    "{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
    "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
    "Elantech" = ETDWare PS/2-X64 11.6.16.003_WHQL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
    "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
    "{1417495E-B9EE-417A-ADF0-769FFA5E4B84}" = Catalyst Control Center - Branding
    "{18F0F265-C8B3-A0BF-C250-5771F1768295}" = CCC Help Swedish
    "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{317DB319-6F27-311F-1AB1-05E8CBF9F364}" = CCC Help Dutch
    "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
    "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{43BFC6AA-F45F-9AAA-CD5E-9F06FC24AEFF}" = CCC Help Czech
    "{4BEDF860-0CCB-B7CC-5CBC-1553463F79C0}" = CCC Help German
    "{50F67EAC-1961-D405-474F-972809B55DE5}" = CCC Help Chinese Standard
    "{5AE71944-7EE4-43C0-5DB3-BE8922147EC9}" = CCC Help Chinese Traditional
    "{5DAF4A34-5F23-E9C4-E20A-27E4491579CC}" = CCC Help Thai
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6EE59459-CEC6-F96F-02FD-3C788553800B}" = CCC Help Greek
    "{6F4B96CC-06CA-5812-04B3-209ACBE386FE}" = AMD VISION Engine Control Center
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
    "{866111FE-425E-5835-F7CE-5DC83F11658A}" = CCC Help Norwegian
    "{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
    "{959208B6-B610-72D1-FDC7-0664CA3048F8}" = Catalyst Control Center Graphics Previews Common
    "{9A27C636-5FA8-706B-3B92-766DF63E2A1B}" = CCC Help Danish
    "{9AD653C3-535B-8A6A-612B-E1B59E323562}" = CCC Help Spanish
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01
    "{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
    "{A2C5B578-68B0-655F-FEAB-8C29DA2EE78F}" = CCC Help Turkish
    "{A2DEA438-24F3-3951-5BD3-964752AD9F8E}" = CCC Help Finnish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
    "{B10B6305-BD15-5586-F944-D8276F87403E}" = CCC Help Polish
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
    "{C045142A-7475-B5D3-55D7-16B5A6CD43E8}" = CCC Help French
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C4EFC586-6547-6807-4EB2-90399D37470D}" = CCC Help Italian
    "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
    "{D36738CB-7661-4641-BECB-D2FB49F70FF3}" = CCC Help English
    "{DC07C80B-6E57-F510-DAC6-0E52B87F0208}" = CCC Help Russian
    "{DDE7C223-313A-25B0-42B2-88622741C396}" = Catalyst Control Center Localization All
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E0BB1FAE-03BF-34DF-65BC-A2F1510FD3EB}" = CCC Help Hungarian
    "{E2FDC3E7-66AD-EEC5-A3B1-3E5C582F9DA9}" = CCC Help Korean
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
    "{E5942F4B-C8EE-ADA7-16F7-7D674D2C1EA3}" = CCC Help Portuguese
    "{E5D11268-4543-B6C0-545A-8BCDD7B841D2}" = Catalyst Control Center InstallProxy
    "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F19F47A7-DBE2-7146-A7AC-E40C45AA32DD}" = CCC Help Japanese
    "avast" = avast! Free Antivirus
    "BFG-Build-a-lot 2 - Town of the Year" = Build-a-lot 2: Town of the Year
    "BFGC" = Big Fish Games: Game Manager
    "Google Chrome" = Google Chrome
    "InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Gateway MyBackup
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NARA" = Norton Online Backup ARA
    "RadioController" = Dritek Radio Controller
    "Spotify" = Spotify
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "WTA-1afa0902-c082-466f-ad9b-d089d8704508" = Polar Golfer
    "WTA-1f103f65-2bb3-4cfc-a4d9-c1cb18b18de8" = Mystery P.I. - Curious Case of Counterfeit Cove
    "WTA-38078cdc-4c31-48de-85c7-bce45403b0fb" = Cradle Of Egypt Collector's Edition
    "WTA-41cbf37d-ddf8-4ffb-804e-e177f3a1b0b0" = Dora's World Adventure
    "WTA-4d1abc35-b8f3-4332-be92-393b08dcc88d" = Agatha Christie - Death on the Nile
    "WTA-5d3914b3-a345-4601-aa8b-727a08f0feac" = Penguins!
    "WTA-65c0e001-cc0d-4521-9b78-b6e6f87427ff" = Jewel Match 3
    "WTA-6eaec060-e299-4a5a-b226-6ef41a3bbba6" = Peggle Nights
    "WTA-8390bfab-ae0a-41e4-af34-963d6b327a56" = Aloha TriPeaks
    "WTA-a6d339dd-6cd2-477e-81b9-2fee1e5be574" = Bejeweled 3
    "WTA-ad4dec1b-def7-49a8-ad5a-1152f077f414" = Delicious: Emily's True Love Premium Edition
    "WTA-b105710d-b02e-4645-8fed-8387f6b2bf5b" = Polar Bowler
    "WTA-f123f944-7ed2-4d11-a47c-f5fd30959726" = Plants vs. Zombies - Game of the Year
    "WTA-f7b6798f-0f59-4d7b-8c27-2b22ab45803a" = Zuma's Revenge
    "WTA-fdd01d14-d2a8-4402-a080-837d5755666d" = Tales of Lagoona

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/19/2013 12:24:34 PM | Computer Name = MomsPC | Source = Software Protection Platform Service | ID = 16385
    Description = Failed to schedule Software Protection service for re-start at 2113-03-26T16:24:34Z.
    Error Code: 0x80040154.

    Error - 4/19/2013 12:25:04 PM | Computer Name = MomsPC | Source = Software Protection Platform Service | ID = 16385
    Description = Failed to schedule Software Protection service for re-start at 2113-03-26T16:25:04Z.
    Error Code: 0x80040154.

    Error - 4/19/2013 3:33:16 PM | Computer Name = MomsPC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_AeLookupSvc, version: 6.2.9200.16384,
    time stamp: 0x50108897 Faulting module name: ntdll.dll, version: 6.2.9200.16384,
    time stamp: 0x5010acd2 Exception code: 0xc0000409 Fault offset: 0x000000000001f60f
    Faulting
    process id: 0x188 Faulting application start time: 0x01ce3d22c56c7b0b Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: faebd664-a927-11e2-be72-208984566be4 Faulting package full name: Faulting package-relative
    application ID:

    Error - 4/19/2013 11:20:13 PM | Computer Name = MomsPC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_AeLookupSvc, version: 6.2.9200.16384,
    time stamp: 0x50108897 Faulting module name: ntdll.dll, version: 6.2.9200.16384,
    time stamp: 0x5010acd2 Exception code: 0xc0000374 Fault offset: 0x00000000000ea2b9
    Faulting
    process id: 0xc9c Faulting application start time: 0x01ce3d34bed33cf2 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 36677fdd-a969-11e2-be72-208984566be4 Faulting package full name: Faulting package-relative
    application ID:

    Error - 4/19/2013 11:31:18 PM | Computer Name = MomsPC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_AeLookupSvc, version: 6.2.9200.16384,
    time stamp: 0x50108897 Faulting module name: ntdll.dll, version: 6.2.9200.16384,
    time stamp: 0x5010acd2 Exception code: 0xc0000374 Fault offset: 0x00000000000ea2b9
    Faulting
    process id: 0x91c Faulting application start time: 0x01ce3d75fb4b903e Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: c2b3c38c-a96a-11e2-be72-208984566be4 Faulting package full name: Faulting package-relative
    application ID:

    Error - 4/20/2013 11:12:21 AM | Computer Name = MomsPC | Source = Customer Experience Improvement Program | ID = 1006
    Description =

    Error - 4/21/2013 8:29:05 PM | Computer Name = MomsPC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_AeLookupSvc, version: 6.2.9200.16384,
    time stamp: 0x50108897 Faulting module name: ntdll.dll, version: 6.2.9200.16384,
    time stamp: 0x5010acd2 Exception code: 0xc0000008 Fault offset: 0x0000000000004c19
    Faulting
    process id: 0x1b0 Faulting application start time: 0x01ce3e2891e6f7e0 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: a3233b9a-aae3-11e2-be73-208984566be4 Faulting package full name: Faulting package-relative
    application ID:

    Error - 4/21/2013 10:29:17 PM | Computer Name = MomsPC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 4/22/2013 3:37:17 PM | Computer Name = MomsPC | Source = Application Error | ID = 1000
    Description = Faulting application name: taskhost.exe, version: 6.2.9200.16547,
    time stamp: 0x51301b14 Faulting module name: KERNELBASE.dll, version: 6.2.9200.16384,
    time stamp: 0x5010ab2d Exception code: 0xe06d7363 Fault offset: 0x00000000000189cc
    Faulting
    process id: 0xd0 Faulting application start time: 0x01ce3f90cabf02c4 Faulting application
    path: C:\Windows\system32\taskhost.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: 09d7c107-ab84-11e2-be73-208984566be4 Faulting package full name: Faulting package-relative
    application ID:

    Error - 4/23/2013 2:11:47 PM | Computer Name = MomsPC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    [ System Events ]
    Error - 5/1/2013 10:08:18 PM | Computer Name = MomsPC | Source = bowser | ID = 8003
    Description =

    Error - 5/1/2013 10:23:05 PM | Computer Name = MomsPC | Source = bowser | ID = 8003
    Description =

    Error - 5/1/2013 11:43:42 PM | Computer Name = MomsPC | Source = Service Control Manager | ID = 7031
    Description = The avast! Antivirus service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
    Restart the service.

    Error - 5/1/2013 11:47:10 PM | Computer Name = MomsPC | Source = bowser | ID = 8003
    Description =

    Error - 5/2/2013 12:17:05 AM | Computer Name = MomsPC | Source = Service Control Manager | ID = 7031
    Description = The Application Experience service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 5/2/2013 12:17:05 AM | Computer Name = MomsPC | Source = Service Control Manager | ID = 7034
    Description = The Application Information service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 5/2/2013 12:17:05 AM | Computer Name = MomsPC | Source = Service Control Manager | ID = 7031
    Description = The Background Intelligent Transfer Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 5/2/2013 12:17:05 AM | Computer Name = MomsPC | Source = Service Control Manager | ID = 7031
    Description = The Computer Browser service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
    Restart the service.

    Error - 5/2/2013 12:17:05 AM | Computer Name = MomsPC | Source = Service Control Manager | ID = 7031
    Description = The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 5/2/2013 12:17:05 AM | Computer Name = MomsPC | Source = Service Control Manager | ID = 7031
    Description = The IP Helper service terminated unexpectedly. It has done this 1
    time(s). The following corrective action will be taken in 120000 milliseconds:
    Restart the service.


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF - user.js - File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [LManager] File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LManager deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kendra
    ->Temp folder emptied: 45813360 bytes
    ->Temporary Internet Files folder emptied: 143651505 bytes
    ->FireFox cache emptied: 25095885 bytes
    ->Google Chrome cache emptied: 97167007 bytes
    ->Flash cache emptied: 768 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4672969 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 96176 bytes
    RecycleBin emptied: 6029 bytes

    Total Files Cleaned = 302.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Kendra

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Kendra
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05082013_213234

    Files\Folders moved on Reboot...
    C:\Users\Kendra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Kendra\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\lm\Kendra\aipflib.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\lm\Kendra\LMutilps32.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\lm\dsiwmis.log scheduled to be moved on reboot.
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...