Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Malware 32 Gen affect a 64 bit Win 8.1 machine?


  • This topic is locked This topic is locked
21 replies to this topic

#1 darrenj1471

darrenj1471

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 11 March 2014 - 09:29 AM

Hello

 

So, I have a Surface pro running Win 8.1 64bit and protected with Avast.  I recently extracted some files from a .tar package and Avast threw up a nice message saying it had detected 'Win32: Malware-gen' and quarantined it to the chest.

 

Now my 2 questions are:

 

1. Am I safe now that its in quarantine and appears to be have been detected at point of install?

2. Can something which appears to be aimed at Win32 effect a 64bit machine with the same bad stuff ? (I dont really know the differences between 'bits')

 

Please note that I then did a FULL scan with Avast and it also found Win32:VBCrypt-CSL [Trj] whatever that is?  Its also quarantined that.....

Scan again and everything seems fine.

 

Thanks in advance



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 11 March 2014 - 09:39 AM


:welcome:

Hello darrenj1471,

my name is Jo and I will help you with your computer problems.


1) we can check if your pc is clean.
2) there are many 32 bit programs on every pc with a 64 bit windows.

Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 11 March 2014 - 04:59 PM

First one:

 


 Results of screen317's Security Check version 0.99.80  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

Edited by darrenj1471, 11 March 2014 - 05:00 PM.


#4 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 11 March 2014 - 05:08 PM

OTL logfile created on: 11/03/2014 22:03:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Darren\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 64.67% Memory free
4.89 Gb Paging File | 3.28 Gb Available in Paging File | 67.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110.38 Gb Total Space | 67.86 Gb Free Space | 61.48% Space Free | Partition Type: NTFS
 
Computer Name: ULLRSPC | User Name: Darren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Darren\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Darren\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\NookClient.exe (Barnesandnoble.com llc)
PRC - C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Darren\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud.1553bc1e#\8f840a59c1f25dd08984252630915c00\Nook.Cloud.NativeServices.ni.dll ()
MOD - C:\Users\Darren\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\1186610703e36f98640197deefaf312a\NotificationsExtensions.ni.dll ()
MOD - C:\Users\Darren\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud\9b380dfa65f768d2d2a662b0348ddd89\Nook.Cloud.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\f867cb52dc4fcc5ebaa80ffbd2976b3e\Windows.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\d5b9aa521932d0e448fcec4c8a7668ee\Windows.Globalization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\c9f5748b453ed1334d500ba0f8cd893b\Windows.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\a89efd02ed532244af2618bd2258658d\Windows.System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\ae4e23764df4e166aae70ec4bfa75616\Windows.Storage.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\19a8d1fd6ba18245c4dde13875b6e1d3\Windows.Networking.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\944bf33aded9f0e78c282767583019d9\Windows.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\7afc662c6dd9522510958dd7b23baad7\Windows.ApplicationModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4946d643ed8c96ecda72bacf7b61430f\Windows.UI.Xaml.ni.dll ()
MOD - C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\Nook.Cloud.NativeServices.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (mvbtradio) -- C:\WINDOWS\SysNative\mvbtrcsvcx64.exe (Marvell Semiconductors, Inc.)
SRV:64bit: - (Marvell Bluetooth Radio Control Service) -- C:\Windows\SysNative\mvbtrcsvcx64.exe (Marvell Semiconductors, Inc.)
SRV:64bit: - (Marvell AVASTAR Bluetooth Radio Adapter) -- C:\WINDOWS\SysNative\mvbtrcsvcx64.exe (Marvell Semiconductors, Inc.)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\WINDOWS\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mwlu97w8) -- C:\Windows\SysNative\drivers\mwlu97w8x64.sys (Marvell Semiconductors, Inc.)
DRV:64bit: - (LcUvcUpper) -- C:\Windows\SysNative\drivers\LcUvcUpper.sys (Microsoft Corporation)
DRV:64bit: - (SurfaceTypeCover) -- C:\Windows\SysNative\drivers\SurfaceTypeCover.sys (Microsoft Corporation)
DRV:64bit: - (SurfaceAccessoryDevice) -- C:\Windows\SysNative\drivers\SurfaceAccessoryDevice.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (kbfilter) -- C:\Windows\SysNative\drivers\SurfaceTouchCover.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F FB 62 72 0F 34 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/22 13:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" File not found
O4:64bit: - HKLM..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe" File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Users\Darren\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03E95A17-EB07-429E-AFAD-9FCDEC9F44DD}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/11 11:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2014/03/11 11:56:40 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\AVS4YOU
[2014/03/11 11:56:33 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2014/03/11 11:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2014/03/11 11:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2014/03/11 11:55:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2014/03/11 11:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2014/03/10 21:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/03/10 21:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/03/10 10:35:47 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\ICAClient
[2014/03/10 10:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2014/03/10 10:34:52 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Citrix
[2014/03/10 10:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2014/03/10 10:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2014/03/07 18:04:04 | 000,000,000 | R--D | C] -- C:\WINDOWS\BrowserChoice
[2014/03/03 23:02:41 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\vlc
[2014/03/01 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Darren\.swt
[2014/03/01 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Azureus
[2014/03/01 18:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2014/03/01 18:11:56 | 000,000,000 | ---D | C] -- C:\Users\Darren\Documents\Vuze Downloads
[2014/03/01 18:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/03/01 18:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/01 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\AVAST Software
[2014/03/01 18:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/03/01 18:02:38 | 001,038,072 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2014/03/01 18:02:38 | 000,421,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys
[2014/03/01 18:02:38 | 000,334,136 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014/03/01 18:02:38 | 000,092,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014/03/01 18:02:38 | 000,080,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2014/03/01 18:02:38 | 000,078,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014/03/01 18:02:36 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/03/01 18:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/01 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/03/01 17:54:57 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\BitTorrent
[2014/03/01 15:06:10 | 000,000,000 | R--D | C] -- C:\Users\Darren\SkyDrive
[2014/03/01 15:04:55 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Identities
[2014/03/01 14:56:07 | 000,000,000 | --SD | C] -- C:\Users\Darren\AppData\Roaming\Microsoft
[2014/03/01 14:56:07 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/03/01 14:56:07 | 000,000,000 | R--D | C] -- C:\Users\Darren\Favorites
[2014/03/01 14:56:07 | 000,000,000 | R--D | C] -- C:\Users\Darren\Desktop
[2014/03/01 14:56:07 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/03/01 14:56:07 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/03/01 14:56:07 | 000,000,000 | -H-D | C] -- C:\Users\Darren\AppData
[2014/03/01 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Temp
[2014/03/01 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Microsoft
[2014/03/01 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/03/01 14:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2014/03/01 14:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2014/03/01 14:53:49 | 000,062,784 | R--- | C] (Intel Corporation) -- C:\WINDOWS\SysNative\drivers\HECIx64.sys
[2014/03/01 14:53:48 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2014/03/01 14:53:48 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2014/03/01 14:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/03/01 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/03/01 14:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/03/01 14:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Firmware
[2014/03/01 14:53:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/03/01 14:53:00 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/03/01 14:53:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/03/01 14:52:26 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/03/01 14:52:25 | 000,570,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdrm.dll
[2014/03/01 14:52:23 | 000,075,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2014/03/01 14:52:21 | 001,113,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/03/01 14:52:21 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll
[2014/03/01 14:52:20 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2014/03/01 14:52:20 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2014/03/01 14:52:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcaui.exe
[2014/03/01 14:52:20 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pcaui.exe
[2014/03/01 14:52:18 | 003,395,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2014/03/01 14:52:18 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014/03/01 14:52:18 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014/03/01 14:52:18 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/03/01 14:52:18 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll
[2014/03/01 14:52:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/03/01 14:52:18 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll
[2014/03/01 14:52:18 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe
[2014/03/01 14:52:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2014/03/01 14:52:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2014/03/01 14:52:02 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014/03/01 14:52:02 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2014/03/01 14:52:02 | 000,240,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2014/03/01 14:51:52 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/03/01 14:51:52 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/03/01 14:51:52 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/03/01 14:51:52 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/03/01 14:51:52 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/03/01 14:51:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/03/01 14:51:52 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/03/01 14:51:52 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/03/01 14:51:52 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/03/01 14:51:52 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014/03/01 14:51:52 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014/03/01 14:51:52 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014/03/01 14:51:52 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2014/03/01 14:51:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014/03/01 14:51:52 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014/03/01 14:51:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014/03/01 14:51:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll
[2014/03/01 14:51:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014/03/01 14:51:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014/03/01 14:51:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014/03/01 14:51:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014/03/01 14:51:15 | 013,209,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/03/01 14:51:15 | 011,702,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/03/01 14:51:15 | 007,416,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/03/01 14:51:15 | 004,961,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/03/01 14:51:15 | 001,462,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/03/01 14:51:15 | 001,105,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/03/01 14:51:07 | 004,217,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/03/01 14:51:07 | 002,804,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014/03/01 14:51:07 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/03/01 14:51:07 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/03/01 14:51:07 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/03/01 14:51:07 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/03/01 14:51:07 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll
[2014/03/01 14:51:07 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014/03/01 14:51:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll
[2014/03/01 14:50:57 | 004,604,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2014/03/01 14:50:57 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2014/03/01 14:50:40 | 018,577,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/03/01 14:50:40 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/03/01 14:50:40 | 003,210,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2014/03/01 14:50:40 | 002,804,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2014/03/01 14:50:40 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/03/01 14:50:40 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/03/01 14:50:40 | 002,142,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/03/01 14:50:40 | 002,131,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/03/01 14:50:40 | 001,928,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2014/03/01 14:50:40 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/03/01 14:50:40 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014/03/01 14:50:40 | 001,374,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014/03/01 14:50:40 | 001,371,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2014/03/01 14:50:40 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2014/03/01 14:50:40 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014/03/01 14:50:40 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2014/03/01 14:50:40 | 000,809,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2014/03/01 14:50:40 | 000,764,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/03/01 14:50:40 | 000,745,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2014/03/01 14:50:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014/03/01 14:50:40 | 000,669,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/03/01 14:50:40 | 000,663,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2014/03/01 14:50:40 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014/03/01 14:50:40 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2014/03/01 14:50:40 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014/03/01 14:50:40 | 000,513,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2014/03/01 14:50:40 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014/03/01 14:50:40 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfds.dll
[2014/03/01 14:50:40 | 000,461,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/03/01 14:50:40 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfds.dll
[2014/03/01 14:50:40 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/03/01 14:50:40 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msieftp.dll
[2014/03/01 14:50:40 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2014/03/01 14:50:40 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msieftp.dll
[2014/03/01 14:50:40 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.dll
[2014/03/01 14:50:40 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2014/03/01 14:50:40 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.dll
[2014/03/01 14:50:40 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceregistration.dll
[2014/03/01 14:50:40 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014/03/01 14:50:40 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2014/03/01 14:50:40 | 000,032,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2014/03/01 14:50:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bi.dll
[2014/03/01 14:50:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys
[2014/03/01 14:49:52 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/03/01 14:49:52 | 002,896,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014/03/01 14:49:52 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2014/03/01 14:49:52 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014/03/01 14:49:52 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014/03/01 14:49:52 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014/03/01 14:49:52 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014/03/01 14:49:52 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014/03/01 14:49:52 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014/03/01 14:49:52 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014/03/01 14:49:52 | 001,756,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2014/03/01 14:49:52 | 001,642,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014/03/01 14:49:52 | 001,506,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014/03/01 14:49:52 | 001,476,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2014/03/01 14:49:52 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2014/03/01 14:49:52 | 001,345,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2014/03/01 14:49:52 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014/03/01 14:49:52 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014/03/01 14:49:52 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2014/03/01 14:49:52 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2014/03/01 14:49:52 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2014/03/01 14:49:52 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014/03/01 14:49:52 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appmgr.dll
[2014/03/01 14:49:52 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/03/01 14:49:52 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2014/03/01 14:49:52 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appmgr.dll
[2014/03/01 14:49:52 | 000,358,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014/03/01 14:49:52 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2014/03/01 14:49:52 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014/03/01 14:49:52 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014/03/01 14:49:52 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014/03/01 14:49:52 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2014/03/01 14:49:52 | 000,086,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2014/03/01 14:49:52 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2014/03/01 14:49:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014/03/01 14:49:52 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014/02/28 18:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/02/28 18:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/02/28 18:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/02/28 18:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/28 18:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/28 18:01:37 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Google
[2014/02/28 17:51:13 | 000,000,000 | ---D | C] -- C:\sources
[2014/02/28 13:52:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2014/02/28 13:43:21 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\rars.rs
[2014/02/28 13:43:21 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\rars.rs
[2014/02/27 22:58:39 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Macromedia
[2014/02/27 22:52:37 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/02/27 22:52:37 | 000,000,000 | R--D | C] -- C:\Users\Darren\Searches
[2014/02/27 22:52:37 | 000,000,000 | R--D | C] -- C:\Users\Darren\Contacts
[2014/02/27 22:52:37 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/02/27 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Adobe
[2014/02/27 22:52:22 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\VirtualStore
[2014/02/27 22:52:20 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Packages
[2014/02/27 22:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/02/27 22:52:12 | 000,000,000 | R--D | C] -- C:\Users\Darren\Videos
[2014/02/27 22:52:12 | 000,000,000 | R--D | C] -- C:\Users\Darren\Saved Games
[2014/02/27 22:52:12 | 000,000,000 | R--D | C] -- C:\Users\Darren\Pictures
[2014/02/27 22:52:12 | 000,000,000 | R--D | C] -- C:\Users\Darren\Music
[2014/02/27 22:52:12 | 000,000,000 | R--D | C] -- C:\Users\Darren\Links
[2014/02/27 22:52:12 | 000,000,000 | R--D | C] -- C:\Users\Darren\Downloads
[2014/02/27 22:52:12 | 000,000,000 | R--D | C] -- C:\Users\Darren\Documents
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/11 22:00:57 | 000,818,732 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/03/11 22:00:57 | 000,700,636 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/03/11 22:00:57 | 000,132,036 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/03/11 21:58:25 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/11 21:58:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/11 21:56:37 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/11 21:56:23 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/11 21:56:21 | 3338,452,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/11 19:06:52 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/11 14:32:08 | 000,335,816 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/11 11:56:23 | 000,001,228 | ---- | M] () -- C:\Users\Darren\Desktop\AVS Video Editor.lnk
[2014/03/07 18:04:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/03/01 22:05:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/03/01 18:12:13 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2014/03/01 18:09:14 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/03/01 18:06:21 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/01 18:03:01 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/01 18:02:37 | 000,080,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2014/03/01 18:02:36 | 001,038,072 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2014/03/01 18:02:36 | 000,421,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys
[2014/03/01 18:02:36 | 000,334,136 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014/03/01 18:02:36 | 000,207,904 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014/03/01 18:02:36 | 000,092,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014/03/01 18:02:36 | 000,078,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014/03/01 18:02:36 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014/03/01 18:02:36 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/03/01 15:45:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/01 14:58:27 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/03/01 14:58:27 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/03/01 14:58:20 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/03/01 14:53:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
[2014/03/01 14:53:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsServiceDriver_01_11_00.Wdf
[2014/03/01 14:53:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsHIDClassDriver_01_11_00.Wdf
[2014/03/01 14:52:26 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/03/01 14:52:25 | 000,570,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdrm.dll
[2014/03/01 14:52:23 | 000,075,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2014/03/01 14:52:21 | 001,113,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/03/01 14:52:21 | 000,787,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll
[2014/03/01 14:52:20 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2014/03/01 14:52:20 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2014/03/01 14:52:20 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcaui.exe
[2014/03/01 14:52:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pcaui.exe
[2014/03/01 14:52:18 | 003,395,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2014/03/01 14:52:18 | 000,848,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014/03/01 14:52:18 | 000,695,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014/03/01 14:52:18 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/03/01 14:52:18 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll
[2014/03/01 14:52:18 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/03/01 14:52:18 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll
[2014/03/01 14:52:18 | 000,138,240 | ---- | M] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/03/01 14:52:18 | 000,103,936 | ---- | M] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/01 14:52:18 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe
[2014/03/01 14:52:05 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2014/03/01 14:52:05 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2014/03/01 14:52:02 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014/03/01 14:52:02 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2014/03/01 14:52:02 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2014/03/01 14:51:52 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/03/01 14:51:52 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/03/01 14:51:52 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/03/01 14:51:52 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/03/01 14:51:52 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/03/01 14:51:52 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/03/01 14:51:52 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/03/01 14:51:52 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/03/01 14:51:52 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/03/01 14:51:52 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014/03/01 14:51:52 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014/03/01 14:51:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014/03/01 14:51:52 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2014/03/01 14:51:52 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014/03/01 14:51:52 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014/03/01 14:51:52 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014/03/01 14:51:52 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll
[2014/03/01 14:51:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014/03/01 14:51:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014/03/01 14:51:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014/03/01 14:51:52 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014/03/01 14:51:15 | 013,209,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/03/01 14:51:15 | 011,702,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/03/01 14:51:15 | 007,416,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/03/01 14:51:15 | 004,961,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/03/01 14:51:15 | 001,462,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/03/01 14:51:15 | 001,105,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/03/01 14:51:15 | 000,009,701 | ---- | M] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/03/01 14:51:15 | 000,009,701 | ---- | M] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014/03/01 14:51:07 | 004,217,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/03/01 14:51:07 | 002,804,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014/03/01 14:51:07 | 000,919,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/03/01 14:51:07 | 000,870,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/03/01 14:51:07 | 000,720,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/03/01 14:51:07 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/03/01 14:51:07 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll
[2014/03/01 14:51:07 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014/03/01 14:51:07 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll
[2014/03/01 14:50:57 | 004,604,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2014/03/01 14:50:57 | 002,397,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2014/03/01 14:50:40 | 018,577,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/03/01 14:50:40 | 013,925,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/03/01 14:50:40 | 003,210,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2014/03/01 14:50:40 | 002,804,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2014/03/01 14:50:40 | 002,617,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/03/01 14:50:40 | 002,295,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/03/01 14:50:40 | 002,142,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/03/01 14:50:40 | 002,131,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/03/01 14:50:40 | 001,928,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2014/03/01 14:50:40 | 001,415,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/03/01 14:50:40 | 001,399,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014/03/01 14:50:40 | 001,374,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014/03/01 14:50:40 | 001,371,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2014/03/01 14:50:40 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2014/03/01 14:50:40 | 001,204,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014/03/01 14:50:40 | 000,980,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2014/03/01 14:50:40 | 000,809,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2014/03/01 14:50:40 | 000,764,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/03/01 14:50:40 | 000,745,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2014/03/01 14:50:40 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014/03/01 14:50:40 | 000,669,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/03/01 14:50:40 | 000,663,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2014/03/01 14:50:40 | 000,637,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014/03/01 14:50:40 | 000,589,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2014/03/01 14:50:40 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014/03/01 14:50:40 | 000,513,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2014/03/01 14:50:40 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014/03/01 14:50:40 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfds.dll
[2014/03/01 14:50:40 | 000,461,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/03/01 14:50:40 | 000,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfds.dll
[2014/03/01 14:50:40 | 000,385,614 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/03/01 14:50:40 | 000,336,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/03/01 14:50:40 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msieftp.dll
[2014/03/01 14:50:40 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2014/03/01 14:50:40 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msieftp.dll
[2014/03/01 14:50:40 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.dll
[2014/03/01 14:50:40 | 000,263,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2014/03/01 14:50:40 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.dll
[2014/03/01 14:50:40 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceregistration.dll
[2014/03/01 14:50:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014/03/01 14:50:40 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2014/03/01 14:50:40 | 000,032,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2014/03/01 14:50:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bi.dll
[2014/03/01 14:50:40 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys
[2014/03/01 14:49:52 | 007,399,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/03/01 14:49:52 | 002,896,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014/03/01 14:49:52 | 002,570,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2014/03/01 14:49:52 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014/03/01 14:49:52 | 002,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014/03/01 14:49:52 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014/03/01 14:49:52 | 001,843,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014/03/01 14:49:52 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014/03/01 14:49:52 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014/03/01 14:49:52 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014/03/01 14:49:52 | 001,756,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2014/03/01 14:49:52 | 001,642,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014/03/01 14:49:52 | 001,506,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014/03/01 14:49:52 | 001,476,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2014/03/01 14:49:52 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2014/03/01 14:49:52 | 001,345,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2014/03/01 14:49:52 | 001,302,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014/03/01 14:49:52 | 000,922,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014/03/01 14:49:52 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2014/03/01 14:49:52 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2014/03/01 14:49:52 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2014/03/01 14:49:52 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014/03/01 14:49:52 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appmgr.dll
[2014/03/01 14:49:52 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/03/01 14:49:52 | 000,372,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2014/03/01 14:49:52 | 000,366,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appmgr.dll
[2014/03/01 14:49:52 | 000,358,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014/03/01 14:49:52 | 000,325,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2014/03/01 14:49:52 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014/03/01 14:49:52 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014/03/01 14:49:52 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014/03/01 14:49:52 | 000,146,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2014/03/01 14:49:52 | 000,086,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2014/03/01 14:49:52 | 000,039,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2014/03/01 14:49:52 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014/03/01 14:49:52 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014/02/28 18:30:34 | 000,002,374 | ---- | M] () -- C:\Users\Darren\Desktop\Sky Go Desktop.lnk
[2014/02/17 21:00:34 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/02/17 21:00:34 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/03/11 11:56:23 | 000,001,228 | ---- | C] () -- C:\Users\Darren\Desktop\AVS Video Editor.lnk
[2014/03/07 18:04:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/03/01 22:05:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/03/01 18:12:13 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2014/03/01 18:12:13 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2014/03/01 18:09:14 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/03/01 18:06:21 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/01 18:03:01 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/01 18:02:38 | 000,207,904 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014/03/01 18:02:38 | 000,065,776 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014/03/01 15:45:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/01 15:04:55 | 000,001,453 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/01 14:58:20 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/03/01 14:56:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/03/01 14:56:10 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/03/01 14:56:10 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/03/01 14:53:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
[2014/03/01 14:53:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsServiceDriver_01_11_00.Wdf
[2014/03/01 14:53:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsHIDClassDriver_01_11_00.Wdf
[2014/03/01 14:52:18 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/03/01 14:52:18 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/01 14:51:15 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/03/01 14:51:15 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014/03/01 14:50:40 | 000,385,614 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/02/28 18:30:34 | 000,002,404 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Desktop.lnk
[2014/02/28 18:30:34 | 000,002,374 | ---- | C] () -- C:\Users\Darren\Desktop\Sky Go Desktop.lnk
[2014/02/28 18:02:25 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/28 18:01:44 | 000,000,914 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/28 18:01:44 | 000,000,910 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/27 21:13:08 | 000,287,744 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/08/27 21:13:02 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/08/27 21:13:02 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/01 14:50:40 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/01 14:50:40 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/03/01 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\AVAST Software
[2014/03/11 12:01:24 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Azureus
[2014/03/11 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\BitTorrent
[2014/03/10 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\ICAClient
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Darren\SkyDrive:ms-properties
 
< End of report >


#5 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 11 March 2014 - 05:09 PM

OTL Extras logfile created on: 11/03/2014 22:03:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Darren\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 64.67% Memory free
4.89 Gb Paging File | 3.28 Gb Available in Paging File | 67.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110.38 Gb Total Space | 67.86 Gb Free Space | 61.48% Space Free | Partition Type: NTFS
 
Computer Name: ULLRSPC | User Name: Darren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32265CE0-3ED7-42DD-A369-75F5A80DCC3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3C7F16C0-B835-48B2-834F-5B9511F6FBE0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{65BF7789-49FB-45D8-A730-E5D7BF664683}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{869234EB-14C3-446F-B927-45E7C858ABC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C305BF8-7622-4542-930C-251B5490F74A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5D651C9-1C95-4E0A-8437-6C6AF689A2F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF9DD402-8BBC-4223-8703-1266A692D04E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E9FACFE9-DB2D-484E-AA99-C03FAF3BFD0B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F7BD222A-FE02-4939-A1EE-62C09D557CB5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023D6A70-ECD5-4B18-BF55-56AA40735A5A}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{03C8324D-7FAA-4255-8671-CCF1DBE19709}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{0B072091-1281-4A95-944A-69FA5ECE265B}" = protocol=17 | dir=in | app=c:\users\darren\appdata\roaming\bittorrent\bittorrent.exe | 
"{0F14E1DA-C357-46D1-8CBE-25B70C37F9ED}" = protocol=6 | dir=in | app=c:\users\darren\downloads\bittorrent.exe | 
"{126AD101-31BC-4D8C-A76A-9B815B149E6C}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{13BBC72F-7867-4E70-882D-5E4135A50478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18AAFE48-824E-4FA0-BB11-30976CBDED5D}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{1C7F0DF6-ED18-4158-8B01-3C6332C193BF}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{20545799-3FCE-40E0-BE81-559856845A54}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2331DF11-F4F1-4498-B66B-611DA06780D6}" = dir=in | name=sonicwall mobile connect | 
"{28DB45F4-307B-464E-9118-69ACE7FA22C7}" = protocol=6 | dir=out | app=system | 
"{2B3351FB-BE73-47AF-8AE8-5BC1915D39D5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{354D9A0D-5AE7-4C05-985C-95CF6DF866B4}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{3C6DA6A9-7B0B-4FE9-B937-15CC97FAC977}" = dir=out | name=windows_ie_ac_001 | 
"{3CF116FD-9AE8-4A56-9132-C6AE01B9F048}" = dir=out | name=audible - audiobooks and more | 
"{4280C559-37C0-4731-B9B5-3B3569A0276B}" = dir=in | name=adobe photoshop express | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4A53ABFA-C231-4140-862A-CA97A770A06D}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{4F4034B3-10BB-4B82-9934-C191B7D42261}" = dir=out | name=onenote | 
"{530FD201-14FB-49BA-BB2F-66A2D8E399DC}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{5398A823-8C4F-4807-A3BB-9D51D9FC61C0}" = dir=out | name=@{barnesnoble.nook_1.8.0.6307_x86__ahnzqzva31enc?ms-resource://barnesnoble.nook/resources/application_title} | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5684CD00-057B-4004-9656-E77F8353EE47}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{58000002-90C7-4527-B14A-808063739555}" = dir=in | name=@{ccf4e74b.londontubemap_1.3.0.2_neutral__j4aab6nt662jr?ms-resource://ccf4e74b.londontubemap/resources/app_name} | 
"{5C562EA5-2A97-497F-81A3-BA460F4C30ED}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{5E61BDF7-FBEC-4CAD-A798-EA6E12ABFAB0}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.236_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{5F992458-473C-4168-80C2-055CCAFCA156}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6085099A-63B7-4D66-AFBA-9806F18FFCE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{66E94C75-9252-4168-90F6-1C8B1A94BF73}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{69427E89-A501-49F7-AAB7-9F3CC0B45C0B}" = protocol=17 | dir=in | app=c:\users\darren\downloads\bittorrent.exe | 
"{6F8145AA-FC58-4C05-B7AA-D0E538B745C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7086E43B-C18F-484F-8517-D002174E57F4}" = dir=out | name=adobe photoshop express | 
"{7380922D-2AC9-4021-AC2C-5F0EF918180A}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{73E28D3D-4A0C-4E8A-A228-B9EDD8721810}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{789ADD3A-5AAB-474B-80C4-D1A3A742D18A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7D446F0F-3215-4190-A8A3-E8EF9974D041}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8072E45F-4B85-4470-9180-8A2AB6F54C0D}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{82E22060-D425-43A0-93C5-F8FA4C2021BE}" = dir=out | name=dropbox | 
"{839D8883-0FF5-4F0F-A101-6722942E944E}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{84AB4241-32ED-4DE2-B417-552783C499CF}" = dir=out | name=@{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{86858F27-CB68-433C-BC87-2BD9F58D4B4E}" = dir=in | name=skype | 
"{8B4B8844-CA6D-436B-96EE-450EAACF4ADD}" = dir=out | name=kindle | 
"{8BFC93DF-1B6B-412E-A8E3-6DCFBF01075E}" = dir=out | name=windows_ie_ac_001 | 
"{91803DD0-D890-41D7-B5A4-494DE6916242}" = dir=out | name=check point vpn | 
"{91EA686A-9945-4F5A-82EF-3F1E647D408A}" = dir=in | name=f5 vpn | 
"{92D21693-0A28-4E9D-B488-A1ACE26DF1BA}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{971B8791-E011-4DB1-B39E-AD05F8F2831D}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{9B26DD32-F3C2-4D1D-AD6A-CFD4DB37C636}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9FBA5627-FD68-4CE9-B005-390043AA869C}" = dir=out | name=@{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{A40524A9-49E8-4FFB-84CF-58D2268F534B}" = dir=out | name=@{microsoft.zunevideo_1.5.704.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{A9566867-80DF-46E3-B772-D730B2C0313F}" = dir=out | name=windows_ie_ac_001 | 
"{AF046848-2A87-4F0E-85D9-D4841877F239}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{B6E2B0FB-68E0-4C7B-95D2-8817B03C8004}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{BCAF4452-B48E-42C0-A938-06D3CBA0418A}" = dir=out | name=@{ccf4e74b.londontubemap_1.3.0.2_neutral__j4aab6nt662jr?ms-resource://ccf4e74b.londontubemap/resources/app_name} | 
"{C1739FDB-58FA-41B0-9154-5A100C298866}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{C335D805-4C5E-4806-AB1E-827B91FF2C8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4EE5621-AB40-47D8-AD14-7825AA57FA8A}" = dir=out | name=juniper networks junos pulse | 
"{C9C16FC0-AE8A-41F3-B66F-FE0641E660B5}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{D2F3ED8A-C38B-421E-96E3-7F9A130493E9}" = dir=out | name=skype | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DA4487CE-65C0-4DF0-B785-49D8BE196500}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DC5FAF80-F5D7-4AB2-B826-4A33F7660D31}" = dir=out | name=f5 vpn | 
"{DCD5CDF9-09CB-4658-A1D5-CDCA6291B854}" = dir=in | name=check point vpn | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E85A1A3D-DB77-4DC6-8EB4-BEC6CD9B91CF}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EF2A2A10-76FC-4A0D-845D-950D8B436422}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F012B105-A237-4707-8FBA-60A2B6C87530}" = dir=out | name=facebook | 
"{F0727E63-F5FA-4CDF-AD15-0435B3483B51}" = dir=in | name=juniper networks junos pulse | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F99ED985-B026-44AB-9CEF-5C8E880C350B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCBC61B5-D9C6-4B3E-8365-C2372E521177}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{FCCAC516-EA44-4EE0-BACD-95A386BA284E}" = dir=out | name=sonicwall mobile connect | 
"{FD63EBB7-97D2-49B8-9CF1-0FCFAF541FA1}" = protocol=6 | dir=in | app=c:\users\darren\appdata\roaming\bittorrent\bittorrent.exe | 
"{FFB5AB9F-9FDB-471B-B6DD-6C8D36BE89CE}" = dir=in | name=onenote | 
"TCP Query User{8E3BA576-7535-4229-AC8D-20CE3D74CFEC}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"UDP Query User{FE005613-E12A-47B5-845C-DE17CF53299E}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"CCleaner" = CCleaner
"VLC media player" = VLC media player 2.1.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)
"{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)
"{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
"{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"8461-7759-5462-8226" = Vuze
"Avast" = avast! Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Google Chrome" = Google Chrome
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"4260181029.go.sky.com" = Sky Go Desktop
"BitTorrent" = BitTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/03/2014 06:49:58 | Computer Name = UllrsPC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Citrix\ICA
 Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files (x86)\Citrix\ICA
 Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.  Component identity found in manifest
 does not match the identity of the component requested.  Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
 is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
 use sxstrace.exe for detailed diagnosis.
 
Error - 10/03/2014 07:06:58 | Computer Name = UllrsPC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10/03/2014 07:26:21 | Computer Name = UllrsPC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Citrix\ICA
 Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files (x86)\Citrix\ICA
 Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.  Component identity found in manifest
 does not match the identity of the component requested.  Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
 is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
 use sxstrace.exe for detailed diagnosis.
 
Error - 10/03/2014 07:39:31 | Computer Name = UllrsPC | Source = Application Error | ID = 1000
Description = Faulting application name: LogonUI.exe, version: 6.3.9600.16384, time
 stamp: 0x5215f6c5  Faulting module name: ntdll.dll, version: 6.3.9600.16408, time
 stamp: 0x523d5305  Exception code: 0xc000000d  Fault offset: 0x00000000000fee54  Faulting
 process ID: 0x58c  Faulting application start time: 0x01cf3c549f1eff3a  Faulting application
 path: C:\WINDOWS\system32\LogonUI.exe  Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report
 ID: a46dae06-a848-11e3-be7b-6045bdef0069  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/03/2014 11:08:57 | Computer Name = UllrsPC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Citrix\ICA
 Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files (x86)\Citrix\ICA
 Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.  Component identity found in manifest
 does not match the identity of the component requested.  Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
 is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
 use sxstrace.exe for detailed diagnosis.
 
Error - 10/03/2014 11:08:57 | Computer Name = UllrsPC | Source = Application Error | ID = 1000
Description = Faulting application name: wfcrun32.exe, version: 13.0.0.6685, time
 stamp: 0x4e440312  Faulting module name: ntdll.dll, version: 6.3.9600.16408, time
 stamp: 0x523d45fa  Exception code: 0xc0000005  Fault offset: 0x0001780a  Faulting process
 ID: 0x1044  Faulting application start time: 0x01cf3c72a8fd515a  Faulting application
 path: C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe  Faulting module path:
 C:\WINDOWS\SYSTEM32\ntdll.dll  Report ID: e6d76cf9-a865-11e3-be7c-6045bdef0069  Faulting
 package full name:   Faulting package-relative application ID: 
 
Error - 10/03/2014 16:06:53 | Computer Name = UllrsPC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10/03/2014 18:02:32 | Computer Name = UllrsPC | Source = Application Error | ID = 1000
Description = Faulting application name: LogonUI.exe, version: 6.3.9600.16384, time
 stamp: 0x5215f6c5  Faulting module name: ntdll.dll, version: 6.3.9600.16408, time
 stamp: 0x523d5305  Exception code: 0xc000000d  Fault offset: 0x00000000000fee54  Faulting
 process ID: 0x17c0  Faulting application start time: 0x01cf3ca85c977c11  Faulting application
 path: C:\WINDOWS\system32\LogonUI.exe  Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report
 ID: ad520d30-a89f-11e3-be7c-6045bdef0069  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 11/03/2014 07:25:03 | Computer Name = UllrsPC | Source = Application Error | ID = 1000
Description = Faulting application name: LogonUI.exe, version: 6.3.9600.16384, time
 stamp: 0x5215f6c5  Faulting module name: ntdll.dll, version: 6.3.9600.16408, time
 stamp: 0x523d5305  Exception code: 0xc000000d  Fault offset: 0x00000000000fee54  Faulting
 process ID: 0x1180  Faulting application start time: 0x01cf3cb30928a606  Faulting application
 path: C:\WINDOWS\system32\LogonUI.exe  Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report
 ID: c99c8788-a90f-11e3-be7c-6045bdef0069  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 11/03/2014 10:43:19 | Computer Name = UllrsPC | Source = Application Error | ID = 1000
Description = Faulting application name: wfcrun32.exe, version: 13.0.0.6685, time
 stamp: 0x4e440312  Faulting module name: ntdll.dll, version: 6.3.9600.16408, time
 stamp: 0x523d45fa  Exception code: 0xc0000005  Fault offset: 0x0001780a  Faulting process
 ID: 0xfb4  Faulting application start time: 0x01cf3d383e93cf1b  Faulting application
 path: C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe  Faulting module path:
 C:\WINDOWS\SYSTEM32\ntdll.dll  Report ID: 7c6680c3-a92b-11e3-be7d-6045bdef0069  Faulting
 package full name:   Faulting package-relative application ID: 
 
[ System Events ]
Error - 11/03/2014 05:08:48 | Computer Name = UllrsPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 43. The Windows SChannel error state is 552.
 
Error - 11/03/2014 05:08:48 | Computer Name = UllrsPC | Source = Schannel | ID = 36884
Description = The certificate received from the remote server does not contain the
 expected name. It is therefore not possible to determine whether we are connecting
 to the correct server. The server name we were expecting is client.wns.windows.com.
 The SSL connection request has failed. The attached data contains the server certificate.
 
Error - 11/03/2014 05:09:50 | Computer Name = UllrsPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 43. The Windows SChannel error state is 552.
 
Error - 11/03/2014 05:09:50 | Computer Name = UllrsPC | Source = Schannel | ID = 36884
Description = The certificate received from the remote server does not contain the
 expected name. It is therefore not possible to determine whether we are connecting
 to the correct server. The server name we were expecting is client.wns.windows.com.
 The SSL connection request has failed. The attached data contains the server certificate.
 
Error - 11/03/2014 05:11:00 | Computer Name = UllrsPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 43. The Windows SChannel error state is 552.
 
Error - 11/03/2014 05:11:00 | Computer Name = UllrsPC | Source = Schannel | ID = 36884
Description = The certificate received from the remote server does not contain the
 expected name. It is therefore not possible to determine whether we are connecting
 to the correct server. The server name we were expecting is client.wns.windows.com.
 The SSL connection request has failed. The attached data contains the server certificate.
 
Error - 11/03/2014 05:12:10 | Computer Name = UllrsPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 43. The Windows SChannel error state is 552.
 
Error - 11/03/2014 05:12:10 | Computer Name = UllrsPC | Source = Schannel | ID = 36884
Description = The certificate received from the remote server does not contain the
 expected name. It is therefore not possible to determine whether we are connecting
 to the correct server. The server name we were expecting is client.wns.windows.com.
 The SSL connection request has failed. The attached data contains the server certificate.
 
Error - 11/03/2014 05:13:50 | Computer Name = UllrsPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 43. The Windows SChannel error state is 552.
 
Error - 11/03/2014 05:13:50 | Computer Name = UllrsPC | Source = Schannel | ID = 36884
Description = The certificate received from the remote server does not contain the
 expected name. It is therefore not possible to determine whether we are connecting
 to the correct server. The server name we were expecting is client.wns.windows.com.
 The SSL connection request has failed. The attached data contains the server certificate.
 
 
< End of report >


#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 11 March 2014 - 06:19 PM

Hello darrenj1471,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 12 March 2014 - 01:04 PM

Malware bytes scan completed and stated No Malware found



#8 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 12 March 2014 - 01:06 PM

My pc is throwing all sorts of messages about not trusting AdwCleaner and menu appears in French.  Please confirm this sounds correct?



#9 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 12 March 2014 - 01:29 PM


The downloaded file should be named "AdwCleaner.exe".

Did you use my link and download from author's site??
Use Download Now @BleepingComputer on my linked web site:
Please download AdwCleaner by Xplode and save to your Desktop.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 12 March 2014 - 01:42 PM

I used your link and downloaded from Bleeping Computer....  File shows as AdwCleaner.exe on my desktop at 1.85mb and is version 0.0.0.0



#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 12 March 2014 - 01:53 PM

Hi,

right click this file and run it as administrator.

When I do this, only on the first run there is a start screen in frech.
Press to accept and then the menu should appear in the same language as your windows.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 12 March 2014 - 01:53 PM

Ive started scan and its just sitting there saying that line ie Pending..



#13 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 12 March 2014 - 01:55 PM

Do you mean its finished when it says Pending?  If so I clicked report and only shows:

 

 

# AdwCleaner v3.021 - Report created 12/03/2014 at 18:43:42
# Updated 10/03/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Darren - ULLRSPC
# Running from : C:\Users\Darren\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Folder Found C:\Program Files (x86)\Vuze

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [724 octets] - [12/03/2014 18:43:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [783 octets] ##########



#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 12 March 2014 - 02:02 PM

Hello darrenj1471,

P2P - I see you have P2P software BitTorrent installed on your machine.
  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.
Please note:
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
I would advice you, uninstall it now.
You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

If you want to keep it, then do not use it while we clean your pc!
 

***

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***

Run OTL again.
  • Double click on the OTL icon to run it.
  • Right click on the OTL icon and select[/color][/i] Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 darrenj1471

darrenj1471
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 14 March 2014 - 09:15 AM

Apologies for delay, will do this evening






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users