Hi Zep516
Thanks for the instructions.
I had a brief look at the reports. I can see mention of the "BingTool Bar" but nothing for Webssearchers. It might have been installed prior to the 30 day age limit. Work has been so hectic lately that I have lost track of time. On the other hand I could quite possibly not know what I am looking for.
Here are the reports as requested:
OLT Txt
OTL logfile created on: 2014/08/28 08:03:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd
4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.62% Memory free
8.00 Gb Paging File | 5.50 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 130.09 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
Drive E: | 116.93 Gb Total Space | 111.91 Gb Free Space | 95.71% Space Free | Partition Type: NTFS
Drive F: | 116.83 Gb Total Space | 43.59 Gb Free Space | 37.31% Space Free | Partition Type: NTFS
Drive G: | 116.00 Gb Total Space | 110.03 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
Drive H: | 116.00 Gb Total Space | 66.74 Gb Free Space | 57.54% Space Free | Partition Type: NTFS
Drive I: | 76.86 Gb Total Space | 19.28 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive J: | 78.02 Gb Total Space | 45.36 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive K: | 78.01 Gb Total Space | 54.49 Gb Free Space | 69.86% Space Free | Partition Type: NTFS
Computer Name: MIKE-WIN7 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========PRC - [2014/08/28 19:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2014/07/31 22:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
PRC - [2014/07/25 15:46:25 | 001,101,824 | ---- | M] () -- C:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
PRC - [2014/07/25 15:46:22 | 000,512,512 | ---- | M] () -- C:\Program Files\AutoSpec\assb.exe
PRC - [2014/07/07 08:16:15 | 001,797,976 | ---- | M] (BitTorrent Inc.) -- C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/06/10 10:51:02 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/05/02 19:19:02 | 001,088,088 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2013/05/02 19:18:00 | 000,989,800 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2013/05/02 19:17:28 | 001,282,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/24 18:49:50 | 000,466,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/09/25 03:40:03 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.exe
PRC - [2006/11/14 09:54:18 | 001,056,768 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
PRC - [2005/06/13 17:01:06 | 000,061,440 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
========== Modules (No Company Name) ==========MOD - [2014/07/25 15:46:25 | 001,101,824 | ---- | M] () -- C:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
MOD - [2014/07/25 15:46:24 | 000,706,560 | ---- | M] () -- C:\Program Files\AutoSpec\wombat.dll
MOD - [2014/07/25 15:46:22 | 000,512,512 | ---- | M] () -- C:\Program Files\AutoSpec\assb.exe
MOD - [2014/07/03 03:07:31 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/07/03 03:06:45 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/07/03 03:06:45 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/07/03 03:04:42 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/07/03 03:04:40 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/07/03 03:04:37 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/07/03 03:04:31 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/07/03 03:04:27 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/07/03 03:04:25 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/07/03 03:04:20 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/07/03 03:04:20 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/07/03 03:04:16 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/07/03 03:04:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/07/03 03:04:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/07/03 03:04:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/07/03 03:04:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/06/10 10:50:45 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/06/10 10:50:44 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/06/10 10:50:40 | 003,022,960 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/02/24 18:39:44 | 000,012,128 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009/09/25 03:40:03 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.exe
MOD - [2006/11/14 09:54:18 | 001,056,768 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
MOD - [2002/04/10 11:42:00 | 000,233,472 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\libmysql.dll
========== Services (SafeList) ==========SRV:
64bit: - [2014/07/30 20:14:13 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:
64bit: - [2014/07/25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:
64bit: - [2014/03/25 00:50:50 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:
64bit: - [2014/02/05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:
64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2010/11/21 05:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:
64bit: - [2009/07/14 03:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:
64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:
64bit: - [2009/07/14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:
64bit: - [2009/07/14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:
64bit: - [2009/07/14 03:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:
64bit: - [2009/07/14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/08/20 16:13:26 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/31 22:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe -- (N360)
SRV - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/02/12 07:43:02 | 000,881,760 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/21 05:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
========== Driver Services (SafeList) ==========DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:
64bit: - [2014/08/20 23:41:09 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2014/07/30 18:44:37 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:
64bit: - [2014/07/23 07:13:11 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys -- (SymNetS)
DRV:
64bit: - [2014/07/23 07:13:10 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys -- (SymEFA)
DRV:
64bit: - [2014/07/23 06:50:26 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys -- (SRTSP)
DRV:
64bit: - [2014/03/19 02:24:44 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:
64bit: - [2014/03/19 02:24:40 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:
64bit: - [2014/03/19 02:24:38 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:
64bit: - [2014/02/21 01:14:34 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys -- (ccSet_N360)
DRV:
64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:
64bit: - [2013/11/29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:
64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:
64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2013/08/01 05:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys -- (SymDS)
DRV:
64bit: - [2013/07/31 06:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys -- (SymIRON)
DRV:
64bit: - [2013/07/31 05:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys -- (SRTSPX)
DRV:
64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:
64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:
64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:
64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:
64bit: - [2009/09/25 03:40:03 | 000,037,888 | ---- | M] (KYOCERA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBux64.sys -- (iBurstU)
DRV:
64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/14 02:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:
64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/08/21 08:00:33 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140827.023\ex64.sys -- (NAVEX15)
DRV - [2014/08/21 08:00:32 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140827.023\eng64.sys -- (NAVENG)
DRV - [2014/08/21 00:30:23 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/21 00:30:23 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/19 17:31:52 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20140825.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/19 00:20:24 | 001,588,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20140821.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/03/08 13:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)
========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://howzit.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IESR02IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.6.15
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/07/05 18:09:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/07/31 04:13:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn\ [2014/08/27 11:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF [2014/08/21 00:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2014/07/04 23:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/08/20 23:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3k63xwh9.default\extensions
[2014/08/20 16:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/20 16:13:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/31 04:13:47 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2014/08/27 11:15:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\COFFPLGN
[2014/08/21 00:31:03 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF
O1 HOSTS File: ([2014/08/27 02:29:19 | 000,000,845 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:
64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:
64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:
64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:
64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:
64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4:
64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:
64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:
64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:
64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Autospec] C:\Program Files\AutoSpec\asloader.exe ()
O4 - HKLM..\Run: [AutoSpecNetsync2] C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe ()
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent] C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C070D04-86F6-4FC1-A717-157FA409799C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2CA89-EE6B-4541-920F-049FA156371A}: DhcpNameServer = 196.7.7.7 196.7.8.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42F6009-D6CE-43BB-9707-0DFEA19C9C9A}: NameServer = 41.208.247.5 41.213.80.14
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/25 20:00:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{627d9783-0665-11e3-b8ca-90fba60af170}\Shell - "" = AutoRun
O33 - MountPoints2\{627d9783-0665-11e3-b8ca-90fba60af170}\Shell\AutoRun\command - "" = E:\autorunner.exe "1.jpg"
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========[2014/08/27 11:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2014/08/25 19:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/08/23 16:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GameBlend
[2014/08/23 16:44:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GameBlend
[2014/08/21 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashDumps
[2014/08/21 02:48:43 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys
[2014/08/21 02:48:42 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys
[2014/08/21 02:48:42 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys
[2014/08/21 02:48:42 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.sys
[2014/08/21 02:48:41 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys
[2014/08/21 02:48:41 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys
[2014/08/21 02:48:41 | 000,162,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys
[2014/08/21 02:48:41 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys
[2014/08/21 02:47:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1505000.013
[2014/08/21 00:44:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\NPE
[2014/08/21 00:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/08/20 23:41:59 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Symantec
[2014/08/20 23:41:09 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/20 23:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/08/20 23:40:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/08/20 23:40:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/08/20 23:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/08/20 23:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/08/20 23:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/08/20 23:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/08/20 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2014/08/20 16:22:25 | 000,699,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/20 16:22:25 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/20 16:22:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/08/20 16:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/19 10:17:03 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 18:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/08/17 18:03:16 | 000,963,232 | ---- | C] (Microsoft Corporation) -- C:\Users\user\msvcr120.dll
[2014/08/17 18:03:16 | 000,828,416 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\disasm.dll
[2014/08/17 18:03:16 | 000,821,304 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\PatchApply64.exe
[2014/08/17 18:03:16 | 000,660,128 | ---- | C] (Microsoft Corporation) -- C:\Users\user\msvcp120.dll
[2014/08/17 18:03:16 | 000,617,528 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\PatchApply32.exe
[2014/08/17 18:03:16 | 000,300,032 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\ntfsstreams.dll
[2014/08/17 18:03:16 | 000,217,088 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\pexlorer.dll
[2014/08/17 18:03:16 | 000,180,736 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\newdld.dll
[2014/08/17 18:03:16 | 000,047,168 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\hhdhexneo.dll
[2014/08/17 18:03:15 | 003,041,280 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\sviewnew.dll
[2014/08/17 18:03:15 | 000,992,768 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\editor.dll
[2014/08/17 18:03:15 | 000,408,576 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\checksum.dll
[2014/08/17 18:03:15 | 000,374,272 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\bookmarks.dll
[2014/08/17 18:03:15 | 000,290,304 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\clipex.dll
[2014/08/17 18:03:15 | 000,202,752 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\hexplorer.dll
[2014/08/17 18:03:14 | 001,776,144 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\HexFrame.exe
[2014/08/17 18:03:14 | 001,351,216 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\FileDocument.dll
[2014/08/17 18:03:14 | 000,909,312 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\psh.dll
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Tool Window Layouts
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Setup
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Sample Structures
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\PatchAPI
[2014/08/17 18:03:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\HHD Software
[2014/08/17 18:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
[2014/08/15 03:03:31 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/15 03:03:31 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/15 03:03:31 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/15 03:03:31 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/15 03:03:26 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/15 03:03:26 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/15 03:02:46 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/15 03:02:46 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/15 00:52:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/15 00:52:55 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/15 00:52:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/15 00:52:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/15 00:52:54 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/15 00:52:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/15 00:52:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/15 00:52:51 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/15 00:52:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/15 00:52:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/15 00:52:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/15 00:52:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/15 00:52:49 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/15 00:52:49 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/15 00:52:49 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/15 00:52:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/15 00:52:47 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/15 00:52:46 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/15 00:52:46 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/15 00:52:45 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/15 00:52:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/15 00:52:44 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/15 00:52:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/15 00:52:42 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/15 00:52:42 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/15 00:52:41 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/15 00:52:41 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/15 00:52:40 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/15 00:52:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/15 00:52:39 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/15 00:52:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/15 00:52:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/15 00:52:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/15 00:52:37 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/15 00:52:36 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/14 16:16:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/08/14 16:16:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/08/14 16:16:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/08/14 16:16:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/08/14 16:16:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/08/14 16:16:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/08/14 16:06:18 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/14 16:06:17 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/14 16:06:17 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/14 16:06:17 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/14 16:06:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/14 16:06:17 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/14 16:05:46 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/14 16:00:34 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/14 15:55:19 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/14 15:55:18 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/13 02:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveLeotisa
[2014/08/09 12:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
[2014/08/09 12:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAR Password Unlocker
[2014/08/07 02:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2014/08/07 02:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/08/07 02:25:37 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\user\Documents\APNSetup1.exe
[2014/08/07 02:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/08/07 01:50:06 | 000,000,000 | ---D | C] -- C:\Support
[2014/08/07 01:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\1cbcf4cfc4dbd5b5
[2014/08/07 01:45:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Packages
[2014/08/07 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Torch
[2014/08/07 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Comodo
[2014/08/07 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Chromatic Browser
[2014/08/07 01:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetPrivate
[2014/08/07 01:44:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GetPrivate
[2014/08/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\pdf995
[2014/08/04 12:01:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/08/04 11:59:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/08/02 00:09:18 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/08/02 00:09:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/08/02 00:08:57 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/08/02 00:08:57 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/08/01 21:33:31 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\New folder
[2014/08/01 21:06:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/08/01 21:06:20 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/08/01 21:06:20 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/08/01 21:06:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/08/01 21:06:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/08/01 21:06:19 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/08/01 21:06:19 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/08/01 21:06:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/08/01 21:06:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/08/01 21:06:18 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/08/01 21:06:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/08/01 21:06:18 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/08/01 21:06:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/08/01 21:06:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/08/01 21:06:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/08/01 21:06:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/08/01 21:05:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2014/08/01 21:05:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/08/01 21:05:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/08/01 21:05:46 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/08/01 21:05:46 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/08/01 21:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/08/01 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/08/01 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/08/01 19:48:13 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/08/01 19:48:13 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/08/01 19:47:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/08/01 19:47:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/08/01 03:59:14 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/01 03:59:14 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/01 03:59:14 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/01 03:59:06 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/01 03:59:06 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/01 03:59:06 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/01 03:59:06 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/01 03:59:06 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/01 03:59:06 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/01 03:58:55 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/01 03:58:55 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/01 03:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/01 03:58:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/07/31 04:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/07/31 04:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/07/31 03:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unit Converter Pro 1.4
[2014/07/30 23:41:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SketchUp
[2014/07/30 23:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Datos de programa
[2014/07/30 23:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2013
[2014/07/30 23:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2014/07/30 22:58:51 | 000,167,936 | ---- | C] (Chaos Group Ltd) -- C:\Windows\SysNative\cgauth.dll
[2014/07/30 20:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Ray for SketchUp
[2014/07/30 20:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/07/30 20:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2014/07/30 20:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2014/07/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2014/07/30 19:01:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2014/07/30 19:01:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2014/07/30 19:01:08 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2014/07/30 19:01:08 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2014/07/30 19:01:06 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2014/07/30 19:01:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2014/07/30 19:00:57 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2014/07/30 19:00:57 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2014/07/30 18:57:30 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Alcohol 120%
[2014/07/30 18:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2014/07/30 18:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2014/07/30 18:44:37 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2014/07/29 23:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ASGVIS
[2014/07/29 21:23:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\cache
[2014/07/29 21:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========[2014/08/28 20:02:44 | 000,004,395 | ---- | M] () -- C:\Windows\DCADWin.Ini
[2014/08/28 20:01:23 | 000,013,227 | ---- | M] () -- C:\Users\user\Desktop\OTL.exe - Shortcut.lnk
[2014/08/28 19:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/28 03:27:11 | 001,888,033 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/28 00:35:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/27 22:33:37 | 000,002,814 | ---- | M] () -- C:\Users\user\Documents\cc_20140827_223333.reg
[2014/08/27 11:47:21 | 000,043,689 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/27 11:26:11 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 11:26:11 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 11:19:08 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/08/27 11:18:48 | 005,095,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/27 11:12:48 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/27 02:29:19 | 000,000,845 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/08/26 19:01:57 | 000,000,014 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/08/26 11:52:35 | 004,355,673 | ---- | M] () -- C:\Users\user\Documents\IMG_20140826_0001.pdf
[2014/08/26 10:02:12 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/08/26 09:13:44 | 000,001,110 | ---- | M] () -- C:\Users\user\Documents\cc_20140826_091342.reg
[2014/08/26 09:12:08 | 000,002,266 | ---- | M] () -- C:\Users\user\Documents\cc_20140826_091202.reg
[2014/08/26 08:58:27 | 713,739,209 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/25 20:00:44 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/08/23 16:49:03 | 000,000,124 | ---- | M] () -- C:\Users\user\Documents\ax_files.xml
[2014/08/23 01:45:07 | 000,070,144 | ---- | M] () -- C:\Windows\SysWow64\tasks.dll
[2014/08/21 16:18:00 | 000,088,288 | ---- | M] () -- C:\Windows\FontData.fdb
[2014/08/21 09:49:36 | 000,002,326 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/20 23:41:09 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/20 23:41:09 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/20 23:41:09 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/20 23:38:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/08/20 21:30:14 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/20 16:22:25 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/20 16:22:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/19 12:35:43 | 000,830,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/19 12:35:43 | 000,701,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/19 12:35:43 | 000,136,932 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/19 10:05:39 | 000,011,158 | ---- | M] () -- C:\Users\user\Documents\cc_20140819_100531.reg
[2014/08/19 10:05:09 | 000,034,312 | ---- | M] () -- C:\Users\user\Documents\cc_20140819_100501.reg
[2014/08/12 11:50:01 | 000,296,250 | ---- | M] () -- C:\Users\user\Desktop\A short guide to metric nuts and bolts.pdf
[2014/08/12 11:46:07 | 000,345,786 | ---- | M] () -- C:\Users\user\Desktop\metric-hex-bolt-sizes.pdf
[2014/08/09 12:46:06 | 000,000,160 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/08/07 04:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/07 04:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/07 01:45:45 | 000,000,394 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/08/05 18:55:57 | 000,007,966 | ---- | M] () -- C:\Users\user\Documents\cc_20140805_185553.reg
[2014/08/05 14:36:44 | 000,065,854 | ---- | M] () -- C:\Users\user\Documents\Absa.pdf
[2014/08/04 14:21:02 | 000,000,028 | ---- | M] () -- C:\Windows\pdf995.ini
[2014/08/01 21:50:52 | 000,000,067 | ---- | M] () -- C:\Windows\iltwain.ini
[2014/07/31 22:49:37 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\isolate.ini
[2014/07/31 04:14:25 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/07/31 03:32:41 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Unit Converter.lnk
[2014/07/30 23:34:19 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF13a.ocx
[2014/07/30 20:51:17 | 000,000,081 | ---- | M] () -- C:\Users\user\Desktop\V-Ray.asgvislic
[2014/07/30 20:43:00 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx
[2014/07/30 18:44:37 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2014/07/30 15:39:48 | 000,003,118 | ---- | M] () -- C:\Users\user\Documents\cc_20140730_153942.reg
[2014/07/30 15:39:28 | 000,008,664 | ---- | M] () -- C:\Users\user\Documents\cc_20140730_153924.reg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========[2014/08/28 20:01:22 | 000,013,227 | ---- | C] () -- C:\Users\user\Desktop\OTL.exe - Shortcut.lnk
[2014/08/27 22:33:35 | 000,002,814 | ---- | C] () -- C:\Users\user\Documents\cc_20140827_223333.reg
[2014/08/27 20:45:48 | 000,043,689 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/26 11:46:36 | 004,355,673 | ---- | C] () -- C:\Users\user\Documents\IMG_20140826_0001.pdf
[2014/08/26 09:59:30 | 000,131,072 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2014/08/26 09:13:43 | 000,001,110 | ---- | C] () -- C:\Users\user\Documents\cc_20140826_091342.reg
[2014/08/26 09:12:03 | 000,002,266 | ---- | C] () -- C:\Users\user\Documents\cc_20140826_091202.reg
[2014/08/26 08:58:27 | 713,739,209 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/25 20:00:44 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/08/23 16:29:56 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2014/08/21 16:17:51 | 000,088,288 | ---- | C] () -- C:\Windows\FontData.fdb
[2014/08/21 09:45:40 | 001,888,033 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/21 02:48:42 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam64.cat
[2014/08/21 02:48:42 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.cat
[2014/08/21 02:48:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet64.cat
[2014/08/21 02:48:42 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa.inf
[2014/08/21 02:48:42 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet.inf
[2014/08/21 02:48:42 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.inf
[2014/08/21 02:48:41 | 000,008,202 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.cat
[2014/08/21 02:48:41 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.cat
[2014/08/21 02:48:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.cat
[2014/08/21 02:48:41 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.cat
[2014/08/21 02:48:41 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.cat
[2014/08/21 02:48:41 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds.inf
[2014/08/21 02:48:41 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.inf
[2014/08/21 02:48:41 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.inf
[2014/08/21 02:48:41 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.inf
[2014/08/21 02:48:41 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.inf
[2014/08/21 02:47:08 | 000,030,068 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symvtcer.dat
[2014/08/21 02:47:07 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\isolate.ini
[2014/08/20 23:41:09 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/20 23:41:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/20 23:41:00 | 000,002,326 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/19 10:05:32 | 000,011,158 | ---- | C] () -- C:\Users\user\Documents\cc_20140819_100531.reg
[2014/08/19 10:05:05 | 000,034,312 | ---- | C] () -- C:\Users\user\Documents\cc_20140819_100501.reg
[2014/08/17 18:03:16 | 000,000,050 | ---- | C] () -- C:\Users\user\disasm.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\pexlorer.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\ntfsstreams.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\newdld.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\library.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\hexdiff.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\deditor.cdx
[2014/08/17 18:03:15 | 000,000,050 | ---- | C] () -- C:\Users\user\editor.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\sviewnew.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\psh.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\hexplorer.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\fifiles.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\clipex.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\checksum.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\bookmarks.cdx
[2014/08/17 18:03:14 | 001,951,209 | ---- | C] () -- C:\Users\user\Hex Editor.chm
[2014/08/17 18:03:14 | 000,005,261 | ---- | C] () -- C:\Users\user\default.hexdwc
[2014/08/17 18:03:14 | 000,004,947 | ---- | C] () -- C:\Users\user\free.hexdwc
[2014/08/17 18:03:14 | 000,000,050 | ---- | C] () -- C:\Users\user\HexView.cdx
[2014/08/17 18:03:14 | 000,000,050 | ---- | C] () -- C:\Users\user\FileDocument.cdx
[2014/08/12 11:50:01 | 000,296,250 | ---- | C] () -- C:\Users\user\Desktop\A short guide to metric nuts and bolts.pdf
[2014/08/12 11:46:06 | 000,345,786 | ---- | C] () -- C:\Users\user\Desktop\metric-hex-bolt-sizes.pdf
[2014/08/08 01:45:07 | 000,070,144 | ---- | C] () -- C:\Windows\SysWow64\tasks.dll
[2014/08/07 17:11:36 | 000,002,162 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/08/07 01:45:45 | 000,000,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/05 18:55:55 | 000,007,966 | ---- | C] () -- C:\Users\user\Documents\cc_20140805_185553.reg
[2014/08/05 14:36:43 | 000,065,854 | ---- | C] () -- C:\Users\user\Documents\Absa.pdf
[2014/08/04 14:21:02 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2014/08/04 09:13:58 | 000,056,896 | ---- | C] () -- C:\Users\user\Desktop\Plotter Test.pdf
[2014/08/01 20:17:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/07/31 10:59:29 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
[2014/07/31 03:32:41 | 000,002,343 | ---- | C] () -- C:\Users\Public\Desktop\Unit Converter.lnk
[2014/07/30 23:34:19 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF13a.ocx
[2014/07/30 20:51:16 | 000,000,081 | ---- | C] () -- C:\Users\user\Desktop\V-Ray.asgvislic
[2014/07/30 20:43:00 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx
[2014/07/30 15:39:44 | 000,003,118 | ---- | C] () -- C:\Users\user\Documents\cc_20140730_153942.reg
[2014/07/30 15:39:26 | 000,008,664 | ---- | C] () -- C:\Users\user\Documents\cc_20140730_153924.reg
[2014/07/29 22:26:28 | 000,000,124 | ---- | C] () -- C:\Users\user\Documents\ax_files.xml
[2014/07/29 19:55:50 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2014/07/26 19:10:55 | 000,082,072 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2014/07/26 15:44:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2014/07/26 15:44:30 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2014/07/25 21:05:07 | 000,000,304 | ---- | C] () -- C:\Windows\my.ini
[2014/07/24 17:39:43 | 000,038,028 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2014/07/24 17:39:43 | 000,027,030 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2014/07/24 17:39:43 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2014/07/21 12:01:51 | 000,004,395 | ---- | C] () -- C:\Windows\DCADWin.Ini
[2014/07/06 22:16:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/07/06 20:52:59 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2014/05/25 22:02:24 | 000,002,404 | ---- | C] () -- C:\Windows\ampa.ini
[2014/05/25 21:40:23 | 001,806,960 | ---- | C] () -- C:\Windows\ampa.exe
[2014/05/25 21:40:23 | 000,017,008 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2014/05/22 16:10:04 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/08/16 15:24:22 | 000,813,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Extra Txt
OTL Extras logfile created on: 2014/08/28 08:03:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd
4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.62% Memory free
8.00 Gb Paging File | 5.50 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 130.09 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
Drive E: | 116.93 Gb Total Space | 111.91 Gb Free Space | 95.71% Space Free | Partition Type: NTFS
Drive F: | 116.83 Gb Total Space | 43.59 Gb Free Space | 37.31% Space Free | Partition Type: NTFS
Drive G: | 116.00 Gb Total Space | 110.03 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
Drive H: | 116.00 Gb Total Space | 66.74 Gb Free Space | 57.54% Space Free | Partition Type: NTFS
Drive I: | 76.86 Gb Total Space | 19.28 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive J: | 78.02 Gb Total Space | 45.36 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive K: | 78.01 Gb Total Space | 54.49 Gb Free Space | 69.86% Space Free | Partition Type: NTFS
Computer Name: MIKE-WIN7 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = AutoCADScriptFile] -- C:\Windows\SysWow64\notepad.exe (Microsoft Corporation)
========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files (x86)\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files (x86)\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06801B8C-AFBB-47A5-AA86-D80A232552DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{11BBB6A5-A38B-4973-9B63-886A86A463E7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{212DD469-3C18-4299-8110-88C4BBB70299}" = rport=445 | protocol=6 | dir=out | app=system |
"{226D873C-4231-4F51-A602-6ED2BA5E0575}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{30CA74A8-AC5E-4433-84A6-20776A017744}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{32CAF5BD-ACBD-4744-8A43-61C8E2FD5516}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{348B77C0-D81B-4BFB-9FC8-DEB340FD2AB4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3CA8F736-1D39-424C-9B8E-3BCF4F6FB7EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{3F05FEEC-599C-403C-A7B1-864AD968617D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48754FDB-4340-45FC-9691-4315DA02F12D}" = lport=137 | protocol=17 | dir=in | app=system |
"{4D244EBF-AC34-4EA5-9D3D-30EABCDE788B}" = rport=138 | protocol=17 | dir=out | app=system |
"{5B9B58E2-106C-4FEB-8C22-B03B9AA919F6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BA78FA9-F1B8-49E7-B8AE-99A91687B3A0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{6C0C7838-D603-4C1D-831D-DC02EBE6C212}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{75397AD9-92EB-41E4-A3A5-A19CC4D4F18B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7849A0ED-5D45-4CFE-B1E1-B7B735D7F392}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{78D70C27-AC29-4719-8A82-FBE02AC527DC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8EB5981E-D624-47D6-A9D1-2BFBA22C0032}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92926278-2F62-499D-B750-4B4CAB2D5347}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93DBF338-91FB-47C0-9829-CCA6D10B0292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{952A19F5-0E97-4D5D-957C-A1D6E5DC48DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97D27348-AA55-4E0D-BA3E-C6DFC8C11B2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99F20D98-43BF-4636-B09A-C84B03A41941}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BF23491-0897-4177-9BAB-D31AAC783B00}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A99CE779-C151-4E7E-9D1A-404A6E560D4D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A9A583A9-665C-433C-8A52-094124D5FBD9}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA7133A9-DB72-4323-A777-470D80F998A5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BFF8DC89-46AF-485F-8AC7-82A0C756A09C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C345EE5E-7F18-4387-AB53-D63AFA931465}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8FBB3E5-8E54-4D0A-938F-9DBDA8C8253B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{D2173BE5-E666-4481-B3D3-23DF035E2497}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D608D704-B6B2-4E5B-8E84-8D6F4DA3AFFD}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{D935AF4F-71BB-481B-ADD7-2A56B4D80C3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA165BCC-3FE8-4B7F-89FE-C09DF41CC9B2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DA850D9B-8EA5-4029-BCFB-FF5293CD0A1B}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{DBCC5C49-D424-41CB-83BB-1FB278EFC8C0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E60B614F-ABD3-46B0-A79A-49AD0DC7696E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EED10CCF-FF16-4299-A52A-BCD643F666A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0F19A21-5FA6-4754-9D08-AF40E455C763}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FB96268C-2635-420F-BC40-49A9454D62FD}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F18BA4-CDF2-4A67-8449-BC5E3FC5D76D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0B9E2A14-289A-4745-B476-88AD3ADE1CE0}" = protocol=17 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |
"{25781887-2E4E-4AC2-92D7-067034220B20}" = protocol=58 | dir=in |
[email protected],-28545 |
"{2B0CFDE3-4CF5-43B2-B6BA-C6329A69027F}" = protocol=1 | dir=out |
[email protected],-28544 |
"{2F460AAC-5A63-4A51-8234-82ECD861412A}" = protocol=58 | dir=out |
[email protected],-28546 |
"{40893AE6-87E1-46BC-B64F-88A9E650BAE3}" = protocol=58 | dir=in |
[email protected],-148 |
"{41B0F4B6-7382-4A89-BB22-20B794546F5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46BB1AC9-21E1-4DA9-96CE-37543A215A54}" = protocol=17 | dir=in | app=c:\program files\autospec\asloader.exe |
"{476F43D2-565C-4EA0-B820-5351ADEC1CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{492D1C08-810A-4DA5-947D-B788319DB187}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{4CC2CD2C-AE86-4370-870B-9E09A5D9AE6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51757793-1AF7-439D-84E7-E737D03FFAB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54B5C236-43E7-46A8-9A23-702ADBD66876}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{650A6609-8B68-4008-A56B-07AD66D92726}" = protocol=6 | dir=in | app=c:\program files\autospec\assb.exe |
"{6CFC0CD0-C323-4046-B38B-D7FE61E6455F}" = protocol=17 | dir=in | app=c:\program files\autospec\assb.exe |
"{6E9751C1-AC5F-40DE-B4E9-B4B5626DB4CB}" = protocol=17 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-nt.exe |
"{7A4777C8-1C92-4A76-BE8D-E3DBCC693ADC}" = protocol=17 | dir=in | app=c:\program files\autospec\autospec.exe |
"{7F6CA628-8553-4299-B4F6-CA178C8974F3}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{8073C867-0BA6-4968-818C-C80626A3736F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8860F805-2251-433C-B76B-EC10825DB579}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{89580946-3097-40B7-8CDD-2494818CAACB}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{8DEB3421-5546-4D20-B9F7-FC58D9E69388}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{9DAE0D78-9FF1-4BE5-A7A3-5362CE3F28DA}" = protocol=6 | dir=in | app=c:\program files\autospec\asloader.exe |
"{A0AABB6D-E5A4-48D2-8BCA-A34AEAE84A78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB59E603-41B6-4ABB-9F8B-EFB5870EE6AC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AE4BDA4D-BE6E-4FB5-9A5F-6275283E04E5}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{B12226E1-6B0A-4B45-A868-8F41FB8326FE}" = protocol=6 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |
"{B23E0990-8F2F-466F-9ACD-F3E9A1BB303D}" = protocol=1 | dir=in |
[email protected],-28543 |
"{B47FDE4F-21EB-4269-8608-151DD8582DC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B98ABE0F-1BFF-49C8-971A-D156CCF10671}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1ABEE9F-6DAD-4072-9918-0C32398A37B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{C31045EF-41EB-4382-BF9B-1E869FCF81C0}" = protocol=6 | dir=in | app=c:\program files\autospec\autospec.exe |
"{DF4B5911-9F83-427A-BC49-38D17FA8F9A1}" = protocol=6 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-nt.exe |
"{E7529C82-9ABF-465F-8B4E-F358B729DB45}" = dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
"{FE1008D2-F361-43A2-AE18-743B76F1FD17}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"TCP Query User{CC08F4C8-2ABA-4829-A85E-371B37190E30}C:\program files\autospec\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |
"UDP Query User{713C335E-8C9E-4F48-97D1-D7B23606EE45}C:\program files\autospec\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series" = Canon MG5500 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-A004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2012 Language Pack - English
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 6.01
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}" = WinZip 18.5
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"sp6" = Logitech SetPoint 6.65
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.5
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}" = DataCAD 16
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{28B88897-774A-4005-BBFF-663B1F8EAA5A}" = OpenOffice 4.1.0
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{536D6172-7453-7569-7465-392E37300409}" = Lotus SmartSuite - English
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{69B77D45-F5AD-4AB9-933D-352703324469}_is1" = RAR Password Unlocker
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{706AE61D-40A4-4F50-8359-FE8F6F7FA461}" = Acronis Drive Monitor
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{797E599D-F9F7-4CA9-8323-79BA07E20CFD}" = iBurst Dashboard V2
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90133000-1F11-4819-B708-9DF0870A9C54}" = iBurst Terminal
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A37F36B8-9C7C-4EE6-9014-E723EA5F9C2E}" = DataCAD 16 Setup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{BFE5F286-957F-4EB2-84A6-721061035F3D}" = Unit Converter Pro 1.4
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Aide PDF to DWG Converter_is1" = Aide PDF to DWG Converter 10.0
"AutoSpec" = AutoSpec
"Canon MG5500 series On-screen Manual" = Canon MG5500 series On-screen Manual
"Canon MG5500 series User Registration" = Canon MG5500 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"DataCAD® for Windows®" = DataCAD® for Windows®
"Doxillion" = Doxillion Document Converter
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"Mozilla Thunderbird 24.6.0 (x86 en-GB)" = Mozilla Thunderbird 24.6.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF 2 DXF 3" = PDF 2 DXF 3
"pdf2cad v10" = pdf2cad v10
"Pdf995" = Pdf995
"TeamViewer 9" = TeamViewer 9
"V-Ray for SketchUp 1.48.89" = V-Ray for SketchUp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"OneDriveSetup.exe" = Microsoft OneDrive
========== Last 20 Event Log Errors ==========[ Application Events ]
Error - 2014/08/26 03:28:36 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =
Error - 2014/08/26 03:28:38 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =
Error - 2014/08/26 03:28:39 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =
Error - 2014/08/26 03:28:41 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =
Error - 2014/08/26 03:59:04 AM | Computer Name = Mike-Win7 | Source = RasClient | ID = 20227
Description =
Error - 2014/08/26 03:59:31 AM | Computer Name = Mike-Win7 | Source = RasClient | ID = 20227
Description =
Error - 2014/08/26 04:00:13 AM | Computer Name = Mike-Win7 | Source = RasClient | ID = 20227
Description =
Error - 2014/08/26 06:06:21 PM | Computer Name = Mike-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: SHELL32.dll, version: 6.1.7601.18517,
time stamp: 0x53aa2e07 Exception code: 0xc0000005 Fault offset: 0x0000000000050506
Faulting
process id: 0x7f0 Faulting application start time: 0x01cfc0fb4ec5979f Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 359892b2-2d6d-11e4-9a76-00c0ee0d1b33
Error - 2014/08/26 06:06:26 PM | Computer Name = Mike-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521eaf24 Exception code: 0xc015000f Fault offset: 0x000000000006f7ba
Faulting
process id: 0x7f0 Faulting application start time: 0x01cfc0fb4ec5979f Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 390b0a0e-2d6d-11e4-9a76-00c0ee0d1b33
Error - 2014/08/27 05:09:02 AM | Computer Name = Mike-Win7 | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'SpyHunter4 application' could not be shut
down.
Error - 2014/08/27 05:19:07 AM | Computer Name = Mike-Win7 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 2014/08/27 05:18:49 AM | Computer Name = Mike-Win7 | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error - 2014/08/27 05:39:03 AM | Computer Name = Mike-Win7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\EsgScanner.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 2014/08/27 05:39:03 AM | Computer Name = Mike-Win7 | Source = Service Control Manager | ID = 7000
Description = The EsgScanner service failed to start due to the following error:
%%1275
Error - 2014/08/27 06:05:00 AM | Computer Name = Mike-Win7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\EsgScanner.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 2014/08/27 06:05:00 AM | Computer Name = Mike-Win7 | Source = Service Control Manager | ID = 7000
Description = The EsgScanner service failed to start due to the following error:
%%1275
Error - 2014/08/27 07:29:39 AM | Computer Name = Mike-Win7 | Source = Service Control Manager | ID = 7000
Description = The esgiguard service failed to start due to the following error:
%%2
Error - 2014/08/27 05:39:05 PM | Computer Name = Mike-Win7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
Error - 2014/08/28 10:01:54 AM | Computer Name = Mike-Win7 | Source = ipnathlp | ID = 31004
Description =
Error - 2014/08/28 10:07:26 AM | Computer Name = Mike-Win7 | Source = ipnathlp | ID = 31004
Description =
Error - 2014/08/28 01:57:03 PM | Computer Name = Mike-Win7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
< End of report >