Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Webssearch

Started by MikeBac , Aug 27 2014 05:29 PM

Please log in to reply

#1
MikeBac

Posted 27 August 2014 - 05:29 PM

Member

Member
11 posts

I've just got a new computer with Win 7 Professional 64bit. Somewhere in transferring from my old XP machine and downloading updates for the 64 bit operating system I have picked up Webssearch and all its associated junk.

I went onto the web to find out how to remove it and found a site that looked authoritative, Virus Removal or something similar, which suggested that I use SpyHunter. All it has done is remove valid programmes and left Webssearch and junk on the machine.

Please can you assist me in getting rid of all of these browser hijacking programmes and the pop-ups that come with them. They are slowing my internet system down and causing me to pull my hair out.

Thanks

MikeBac

#2
zep516

Posted 27 August 2014 - 06:04 PM

Trusted Helper

Malware Removal
7,892 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

First

Please download OTL to your Desktop

Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox
and
Check the option for All under the Extra Registry section
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

#3
MikeBac

Posted 28 August 2014 - 12:42 PM

Member

Topic Starter
Member
11 posts

Hi Zep516

Thanks for the instructions.

I had a brief look at the reports. I can see mention of the "BingTool Bar" but nothing for Webssearchers. It might have been installed prior to the 30 day age limit. Work has been so hectic lately that I have lost track of time. On the other hand I could quite possibly not know what I am looking for.

Here are the reports as requested:

OLT Txt

OTL logfile created on: 2014/08/28 08:03:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.62% Memory free
8.00 Gb Paging File | 5.50 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 130.09 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
Drive E: | 116.93 Gb Total Space | 111.91 Gb Free Space | 95.71% Space Free | Partition Type: NTFS
Drive F: | 116.83 Gb Total Space | 43.59 Gb Free Space | 37.31% Space Free | Partition Type: NTFS
Drive G: | 116.00 Gb Total Space | 110.03 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
Drive H: | 116.00 Gb Total Space | 66.74 Gb Free Space | 57.54% Space Free | Partition Type: NTFS
Drive I: | 76.86 Gb Total Space | 19.28 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive J: | 78.02 Gb Total Space | 45.36 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive K: | 78.01 Gb Total Space | 54.49 Gb Free Space | 69.86% Space Free | Partition Type: NTFS

Computer Name: MIKE-WIN7 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/28 19:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2014/07/31 22:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
PRC - [2014/07/25 15:46:25 | 001,101,824 | ---- | M] () -- C:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
PRC - [2014/07/25 15:46:22 | 000,512,512 | ---- | M] () -- C:\Program Files\AutoSpec\assb.exe
PRC - [2014/07/07 08:16:15 | 001,797,976 | ---- | M] (BitTorrent Inc.) -- C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/06/10 10:51:02 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/05/02 19:19:02 | 001,088,088 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2013/05/02 19:18:00 | 000,989,800 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2013/05/02 19:17:28 | 001,282,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/24 18:49:50 | 000,466,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/09/25 03:40:03 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.exe
PRC - [2006/11/14 09:54:18 | 001,056,768 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
PRC - [2005/06/13 17:01:06 | 000,061,440 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

========== Modules (No Company Name) ==========

MOD - [2014/07/25 15:46:25 | 001,101,824 | ---- | M] () -- C:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
MOD - [2014/07/25 15:46:24 | 000,706,560 | ---- | M] () -- C:\Program Files\AutoSpec\wombat.dll
MOD - [2014/07/25 15:46:22 | 000,512,512 | ---- | M] () -- C:\Program Files\AutoSpec\assb.exe
MOD - [2014/07/03 03:07:31 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/07/03 03:06:45 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/07/03 03:06:45 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/07/03 03:04:42 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/07/03 03:04:40 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/07/03 03:04:37 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/07/03 03:04:31 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/07/03 03:04:27 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/07/03 03:04:25 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/07/03 03:04:20 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/07/03 03:04:20 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/07/03 03:04:16 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/07/03 03:04:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/07/03 03:04:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/07/03 03:04:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/07/03 03:04:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/06/10 10:50:45 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/06/10 10:50:44 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/06/10 10:50:40 | 003,022,960 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/02/24 18:39:44 | 000,012,128 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009/09/25 03:40:03 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.exe
MOD - [2006/11/14 09:54:18 | 001,056,768 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
MOD - [2002/04/10 11:42:00 | 000,233,472 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\libmysql.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/07/30 20:14:13 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2014/07/25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/25 00:50:50 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2014/02/05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 05:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/14 03:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/14 03:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/08/20 16:13:26 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/31 22:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe -- (N360)
SRV - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/02/12 07:43:02 | 000,881,760 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/21 05:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/08/20 23:41:09 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/07/30 18:44:37 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2014/07/23 07:13:11 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/07/23 07:13:10 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/07/23 06:50:26 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/03/19 02:24:44 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2014/03/19 02:24:40 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2014/03/19 02:24:38 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2014/02/21 01:14:34 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/01 05:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2013/07/31 06:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/07/31 05:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 03:40:03 | 000,037,888 | ---- | M] (KYOCERA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBux64.sys -- (iBurstU)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/08/21 08:00:33 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140827.023\ex64.sys -- (NAVEX15)
DRV - [2014/08/21 08:00:32 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140827.023\eng64.sys -- (NAVENG)
DRV - [2014/08/21 00:30:23 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/21 00:30:23 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/19 17:31:52 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20140825.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/19 00:20:24 | 001,588,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20140821.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/03/08 13:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.6.15
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/07/05 18:09:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/07/31 04:13:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn\ [2014/08/27 11:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF [2014/08/21 00:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2014/07/04 23:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/08/20 23:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3k63xwh9.default\extensions
[2014/08/20 16:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/20 16:13:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/31 04:13:47 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2014/08/27 11:15:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\COFFPLGN
[2014/08/21 00:31:03 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF

O1 HOSTS File: ([2014/08/27 02:29:19 | 000,000,845 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Autospec] C:\Program Files\AutoSpec\asloader.exe ()
O4 - HKLM..\Run: [AutoSpecNetsync2] C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe ()
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent] C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C070D04-86F6-4FC1-A717-157FA409799C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2CA89-EE6B-4541-920F-049FA156371A}: DhcpNameServer = 196.7.7.7 196.7.8.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42F6009-D6CE-43BB-9707-0DFEA19C9C9A}: NameServer = 41.208.247.5 41.213.80.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/25 20:00:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{627d9783-0665-11e3-b8ca-90fba60af170}\Shell - "" = AutoRun
O33 - MountPoints2\{627d9783-0665-11e3-b8ca-90fba60af170}\Shell\AutoRun\command - "" = E:\autorunner.exe "1.jpg"
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/27 11:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2014/08/25 19:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/08/23 16:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GameBlend
[2014/08/23 16:44:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GameBlend
[2014/08/21 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashDumps
[2014/08/21 02:48:43 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys
[2014/08/21 02:48:42 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys
[2014/08/21 02:48:42 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys
[2014/08/21 02:48:42 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.sys
[2014/08/21 02:48:41 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys
[2014/08/21 02:48:41 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys
[2014/08/21 02:48:41 | 000,162,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys
[2014/08/21 02:48:41 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys
[2014/08/21 02:47:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1505000.013
[2014/08/21 00:44:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\NPE
[2014/08/21 00:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/08/20 23:41:59 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Symantec
[2014/08/20 23:41:09 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/20 23:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/08/20 23:40:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/08/20 23:40:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/08/20 23:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/08/20 23:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/08/20 23:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/08/20 23:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/08/20 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2014/08/20 16:22:25 | 000,699,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/20 16:22:25 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/20 16:22:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/08/20 16:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/19 10:17:03 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 18:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/08/17 18:03:16 | 000,963,232 | ---- | C] (Microsoft Corporation) -- C:\Users\user\msvcr120.dll
[2014/08/17 18:03:16 | 000,828,416 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\disasm.dll
[2014/08/17 18:03:16 | 000,821,304 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\PatchApply64.exe
[2014/08/17 18:03:16 | 000,660,128 | ---- | C] (Microsoft Corporation) -- C:\Users\user\msvcp120.dll
[2014/08/17 18:03:16 | 000,617,528 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\PatchApply32.exe
[2014/08/17 18:03:16 | 000,300,032 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\ntfsstreams.dll
[2014/08/17 18:03:16 | 000,217,088 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\pexlorer.dll
[2014/08/17 18:03:16 | 000,180,736 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\newdld.dll
[2014/08/17 18:03:16 | 000,047,168 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\hhdhexneo.dll
[2014/08/17 18:03:15 | 003,041,280 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\sviewnew.dll
[2014/08/17 18:03:15 | 000,992,768 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\editor.dll
[2014/08/17 18:03:15 | 000,408,576 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\checksum.dll
[2014/08/17 18:03:15 | 000,374,272 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\bookmarks.dll
[2014/08/17 18:03:15 | 000,290,304 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\clipex.dll
[2014/08/17 18:03:15 | 000,202,752 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\hexplorer.dll
[2014/08/17 18:03:14 | 001,776,144 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\HexFrame.exe
[2014/08/17 18:03:14 | 001,351,216 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\FileDocument.dll
[2014/08/17 18:03:14 | 000,909,312 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\psh.dll
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Tool Window Layouts
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Setup
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Sample Structures
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\PatchAPI
[2014/08/17 18:03:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\HHD Software
[2014/08/17 18:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
[2014/08/15 03:03:31 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/15 03:03:31 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/15 03:03:31 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/15 03:03:31 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/15 03:03:26 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/15 03:03:26 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/15 03:02:46 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/15 03:02:46 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/15 00:52:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/15 00:52:55 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/15 00:52:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/15 00:52:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/15 00:52:54 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/15 00:52:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/15 00:52:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/15 00:52:51 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/15 00:52:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/15 00:52:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/15 00:52:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/15 00:52:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/15 00:52:49 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/15 00:52:49 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/15 00:52:49 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/15 00:52:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/15 00:52:47 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/15 00:52:46 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/15 00:52:46 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/15 00:52:45 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/15 00:52:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/15 00:52:44 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/15 00:52:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/15 00:52:42 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/15 00:52:42 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/15 00:52:41 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/15 00:52:41 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/15 00:52:40 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/15 00:52:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/15 00:52:39 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/15 00:52:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/15 00:52:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/15 00:52:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/15 00:52:37 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/15 00:52:36 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/14 16:16:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/08/14 16:16:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/08/14 16:16:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/08/14 16:16:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/08/14 16:16:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/08/14 16:16:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/08/14 16:16:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/08/14 16:06:18 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/14 16:06:17 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/14 16:06:17 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/14 16:06:17 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/14 16:06:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/14 16:06:17 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/14 16:05:46 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/14 16:00:34 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/14 15:55:19 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/14 15:55:18 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/13 02:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveLeotisa
[2014/08/09 12:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
[2014/08/09 12:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAR Password Unlocker
[2014/08/07 02:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2014/08/07 02:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/08/07 02:25:37 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\user\Documents\APNSetup1.exe
[2014/08/07 02:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/08/07 01:50:06 | 000,000,000 | ---D | C] -- C:\Support
[2014/08/07 01:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\1cbcf4cfc4dbd5b5
[2014/08/07 01:45:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Packages
[2014/08/07 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Torch
[2014/08/07 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Comodo
[2014/08/07 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Chromatic Browser
[2014/08/07 01:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetPrivate
[2014/08/07 01:44:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GetPrivate
[2014/08/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\pdf995
[2014/08/04 12:01:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/08/04 11:59:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/08/02 00:09:18 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/08/02 00:09:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/08/02 00:08:57 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/08/02 00:08:57 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/08/01 21:33:31 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\New folder
[2014/08/01 21:06:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/08/01 21:06:20 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/08/01 21:06:20 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/08/01 21:06:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/08/01 21:06:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/08/01 21:06:19 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/08/01 21:06:19 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/08/01 21:06:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/08/01 21:06:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/08/01 21:06:18 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/08/01 21:06:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/08/01 21:06:18 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/08/01 21:06:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/08/01 21:06:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/08/01 21:06:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/08/01 21:06:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/08/01 21:05:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2014/08/01 21:05:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/08/01 21:05:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/08/01 21:05:46 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/08/01 21:05:46 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/08/01 21:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/08/01 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/08/01 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/08/01 19:48:13 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/08/01 19:48:13 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/08/01 19:47:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/08/01 19:47:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/08/01 03:59:14 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/01 03:59:14 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/01 03:59:14 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/01 03:59:06 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/01 03:59:06 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/01 03:59:06 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/01 03:59:06 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/01 03:59:06 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/01 03:59:06 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/01 03:58:55 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/01 03:58:55 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/01 03:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/01 03:58:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/07/31 04:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/07/31 04:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/07/31 03:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unit Converter Pro 1.4
[2014/07/30 23:41:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SketchUp
[2014/07/30 23:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Datos de programa
[2014/07/30 23:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2013
[2014/07/30 23:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2014/07/30 22:58:51 | 000,167,936 | ---- | C] (Chaos Group Ltd) -- C:\Windows\SysNative\cgauth.dll
[2014/07/30 20:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Ray for SketchUp
[2014/07/30 20:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/07/30 20:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2014/07/30 20:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2014/07/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2014/07/30 19:01:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2014/07/30 19:01:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2014/07/30 19:01:08 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2014/07/30 19:01:08 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2014/07/30 19:01:06 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2014/07/30 19:01:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2014/07/30 19:00:57 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2014/07/30 19:00:57 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2014/07/30 18:57:30 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Alcohol 120%
[2014/07/30 18:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2014/07/30 18:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2014/07/30 18:44:37 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2014/07/29 23:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ASGVIS
[2014/07/29 21:23:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\cache
[2014/07/29 21:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/28 20:02:44 | 000,004,395 | ---- | M] () -- C:\Windows\DCADWin.Ini
[2014/08/28 20:01:23 | 000,013,227 | ---- | M] () -- C:\Users\user\Desktop\OTL.exe - Shortcut.lnk
[2014/08/28 19:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/28 03:27:11 | 001,888,033 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/28 00:35:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/27 22:33:37 | 000,002,814 | ---- | M] () -- C:\Users\user\Documents\cc_20140827_223333.reg
[2014/08/27 11:47:21 | 000,043,689 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/27 11:26:11 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 11:26:11 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/27 11:19:08 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/08/27 11:18:48 | 005,095,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/27 11:12:48 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/27 02:29:19 | 000,000,845 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/08/26 19:01:57 | 000,000,014 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/08/26 11:52:35 | 004,355,673 | ---- | M] () -- C:\Users\user\Documents\IMG_20140826_0001.pdf
[2014/08/26 10:02:12 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/08/26 09:13:44 | 000,001,110 | ---- | M] () -- C:\Users\user\Documents\cc_20140826_091342.reg
[2014/08/26 09:12:08 | 000,002,266 | ---- | M] () -- C:\Users\user\Documents\cc_20140826_091202.reg
[2014/08/26 08:58:27 | 713,739,209 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/25 20:00:44 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/08/23 16:49:03 | 000,000,124 | ---- | M] () -- C:\Users\user\Documents\ax_files.xml
[2014/08/23 01:45:07 | 000,070,144 | ---- | M] () -- C:\Windows\SysWow64\tasks.dll
[2014/08/21 16:18:00 | 000,088,288 | ---- | M] () -- C:\Windows\FontData.fdb
[2014/08/21 09:49:36 | 000,002,326 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/20 23:41:09 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/20 23:41:09 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/20 23:41:09 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/20 23:38:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/08/20 21:30:14 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/20 16:22:25 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/20 16:22:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/19 12:35:43 | 000,830,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/19 12:35:43 | 000,701,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/19 12:35:43 | 000,136,932 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/19 10:05:39 | 000,011,158 | ---- | M] () -- C:\Users\user\Documents\cc_20140819_100531.reg
[2014/08/19 10:05:09 | 000,034,312 | ---- | M] () -- C:\Users\user\Documents\cc_20140819_100501.reg
[2014/08/12 11:50:01 | 000,296,250 | ---- | M] () -- C:\Users\user\Desktop\A short guide to metric nuts and bolts.pdf
[2014/08/12 11:46:07 | 000,345,786 | ---- | M] () -- C:\Users\user\Desktop\metric-hex-bolt-sizes.pdf
[2014/08/09 12:46:06 | 000,000,160 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/08/07 04:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/07 04:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/07 01:45:45 | 000,000,394 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/08/05 18:55:57 | 000,007,966 | ---- | M] () -- C:\Users\user\Documents\cc_20140805_185553.reg
[2014/08/05 14:36:44 | 000,065,854 | ---- | M] () -- C:\Users\user\Documents\Absa.pdf
[2014/08/04 14:21:02 | 000,000,028 | ---- | M] () -- C:\Windows\pdf995.ini
[2014/08/01 21:50:52 | 000,000,067 | ---- | M] () -- C:\Windows\iltwain.ini
[2014/07/31 22:49:37 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\isolate.ini
[2014/07/31 04:14:25 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/07/31 03:32:41 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Unit Converter.lnk
[2014/07/30 23:34:19 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF13a.ocx
[2014/07/30 20:51:17 | 000,000,081 | ---- | M] () -- C:\Users\user\Desktop\V-Ray.asgvislic
[2014/07/30 20:43:00 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx
[2014/07/30 18:44:37 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2014/07/30 15:39:48 | 000,003,118 | ---- | M] () -- C:\Users\user\Documents\cc_20140730_153942.reg
[2014/07/30 15:39:28 | 000,008,664 | ---- | M] () -- C:\Users\user\Documents\cc_20140730_153924.reg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/28 20:01:22 | 000,013,227 | ---- | C] () -- C:\Users\user\Desktop\OTL.exe - Shortcut.lnk
[2014/08/27 22:33:35 | 000,002,814 | ---- | C] () -- C:\Users\user\Documents\cc_20140827_223333.reg
[2014/08/27 20:45:48 | 000,043,689 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/26 11:46:36 | 004,355,673 | ---- | C] () -- C:\Users\user\Documents\IMG_20140826_0001.pdf
[2014/08/26 09:59:30 | 000,131,072 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2014/08/26 09:13:43 | 000,001,110 | ---- | C] () -- C:\Users\user\Documents\cc_20140826_091342.reg
[2014/08/26 09:12:03 | 000,002,266 | ---- | C] () -- C:\Users\user\Documents\cc_20140826_091202.reg
[2014/08/26 08:58:27 | 713,739,209 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/25 20:00:44 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/08/23 16:29:56 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2014/08/21 16:17:51 | 000,088,288 | ---- | C] () -- C:\Windows\FontData.fdb
[2014/08/21 09:45:40 | 001,888,033 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/21 02:48:42 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam64.cat
[2014/08/21 02:48:42 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.cat
[2014/08/21 02:48:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet64.cat
[2014/08/21 02:48:42 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa.inf
[2014/08/21 02:48:42 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet.inf
[2014/08/21 02:48:42 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.inf
[2014/08/21 02:48:41 | 000,008,202 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.cat
[2014/08/21 02:48:41 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.cat
[2014/08/21 02:48:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.cat
[2014/08/21 02:48:41 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.cat
[2014/08/21 02:48:41 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.cat
[2014/08/21 02:48:41 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds.inf
[2014/08/21 02:48:41 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.inf
[2014/08/21 02:48:41 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.inf
[2014/08/21 02:48:41 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.inf
[2014/08/21 02:48:41 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.inf
[2014/08/21 02:47:08 | 000,030,068 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symvtcer.dat
[2014/08/21 02:47:07 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\isolate.ini
[2014/08/20 23:41:09 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/20 23:41:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/20 23:41:00 | 000,002,326 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/19 10:05:32 | 000,011,158 | ---- | C] () -- C:\Users\user\Documents\cc_20140819_100531.reg
[2014/08/19 10:05:05 | 000,034,312 | ---- | C] () -- C:\Users\user\Documents\cc_20140819_100501.reg
[2014/08/17 18:03:16 | 000,000,050 | ---- | C] () -- C:\Users\user\disasm.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\pexlorer.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\ntfsstreams.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\newdld.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\library.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\hexdiff.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\deditor.cdx
[2014/08/17 18:03:15 | 000,000,050 | ---- | C] () -- C:\Users\user\editor.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\sviewnew.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\psh.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\hexplorer.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\fifiles.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\clipex.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\checksum.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\bookmarks.cdx
[2014/08/17 18:03:14 | 001,951,209 | ---- | C] () -- C:\Users\user\Hex Editor.chm
[2014/08/17 18:03:14 | 000,005,261 | ---- | C] () -- C:\Users\user\default.hexdwc
[2014/08/17 18:03:14 | 000,004,947 | ---- | C] () -- C:\Users\user\free.hexdwc
[2014/08/17 18:03:14 | 000,000,050 | ---- | C] () -- C:\Users\user\HexView.cdx
[2014/08/17 18:03:14 | 000,000,050 | ---- | C] () -- C:\Users\user\FileDocument.cdx
[2014/08/12 11:50:01 | 000,296,250 | ---- | C] () -- C:\Users\user\Desktop\A short guide to metric nuts and bolts.pdf
[2014/08/12 11:46:06 | 000,345,786 | ---- | C] () -- C:\Users\user\Desktop\metric-hex-bolt-sizes.pdf
[2014/08/08 01:45:07 | 000,070,144 | ---- | C] () -- C:\Windows\SysWow64\tasks.dll
[2014/08/07 17:11:36 | 000,002,162 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/08/07 01:45:45 | 000,000,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/05 18:55:55 | 000,007,966 | ---- | C] () -- C:\Users\user\Documents\cc_20140805_185553.reg
[2014/08/05 14:36:43 | 000,065,854 | ---- | C] () -- C:\Users\user\Documents\Absa.pdf
[2014/08/04 14:21:02 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2014/08/04 09:13:58 | 000,056,896 | ---- | C] () -- C:\Users\user\Desktop\Plotter Test.pdf
[2014/08/01 20:17:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/07/31 10:59:29 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
[2014/07/31 03:32:41 | 000,002,343 | ---- | C] () -- C:\Users\Public\Desktop\Unit Converter.lnk
[2014/07/30 23:34:19 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF13a.ocx
[2014/07/30 20:51:16 | 000,000,081 | ---- | C] () -- C:\Users\user\Desktop\V-Ray.asgvislic
[2014/07/30 20:43:00 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx
[2014/07/30 15:39:44 | 000,003,118 | ---- | C] () -- C:\Users\user\Documents\cc_20140730_153942.reg
[2014/07/30 15:39:26 | 000,008,664 | ---- | C] () -- C:\Users\user\Documents\cc_20140730_153924.reg
[2014/07/29 22:26:28 | 000,000,124 | ---- | C] () -- C:\Users\user\Documents\ax_files.xml
[2014/07/29 19:55:50 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2014/07/26 19:10:55 | 000,082,072 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2014/07/26 15:44:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2014/07/26 15:44:30 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2014/07/25 21:05:07 | 000,000,304 | ---- | C] () -- C:\Windows\my.ini
[2014/07/24 17:39:43 | 000,038,028 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2014/07/24 17:39:43 | 000,027,030 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2014/07/24 17:39:43 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2014/07/21 12:01:51 | 000,004,395 | ---- | C] () -- C:\Windows\DCADWin.Ini
[2014/07/06 22:16:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/07/06 20:52:59 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2014/05/25 22:02:24 | 000,002,404 | ---- | C] () -- C:\Windows\ampa.ini
[2014/05/25 21:40:23 | 001,806,960 | ---- | C] () -- C:\Windows\ampa.exe
[2014/05/25 21:40:23 | 000,017,008 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2014/05/22 16:10:04 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/08/16 15:24:22 | 000,813,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extra Txt

OTL Extras logfile created on: 2014/08/28 08:03:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.62% Memory free
8.00 Gb Paging File | 5.50 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 130.09 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
Drive E: | 116.93 Gb Total Space | 111.91 Gb Free Space | 95.71% Space Free | Partition Type: NTFS
Drive F: | 116.83 Gb Total Space | 43.59 Gb Free Space | 37.31% Space Free | Partition Type: NTFS
Drive G: | 116.00 Gb Total Space | 110.03 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
Drive H: | 116.00 Gb Total Space | 66.74 Gb Free Space | 57.54% Space Free | Partition Type: NTFS
Drive I: | 76.86 Gb Total Space | 19.28 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive J: | 78.02 Gb Total Space | 45.36 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive K: | 78.01 Gb Total Space | 54.49 Gb Free Space | 69.86% Space Free | Partition Type: NTFS

Computer Name: MIKE-WIN7 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = AutoCADScriptFile] -- C:\Windows\SysWow64\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files (x86)\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files (x86)\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06801B8C-AFBB-47A5-AA86-D80A232552DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{11BBB6A5-A38B-4973-9B63-886A86A463E7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{212DD469-3C18-4299-8110-88C4BBB70299}" = rport=445 | protocol=6 | dir=out | app=system |
"{226D873C-4231-4F51-A602-6ED2BA5E0575}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{30CA74A8-AC5E-4433-84A6-20776A017744}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{32CAF5BD-ACBD-4744-8A43-61C8E2FD5516}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{348B77C0-D81B-4BFB-9FC8-DEB340FD2AB4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3CA8F736-1D39-424C-9B8E-3BCF4F6FB7EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3F05FEEC-599C-403C-A7B1-864AD968617D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48754FDB-4340-45FC-9691-4315DA02F12D}" = lport=137 | protocol=17 | dir=in | app=system |
"{4D244EBF-AC34-4EA5-9D3D-30EABCDE788B}" = rport=138 | protocol=17 | dir=out | app=system |
"{5B9B58E2-106C-4FEB-8C22-B03B9AA919F6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BA78FA9-F1B8-49E7-B8AE-99A91687B3A0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{6C0C7838-D603-4C1D-831D-DC02EBE6C212}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{75397AD9-92EB-41E4-A3A5-A19CC4D4F18B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7849A0ED-5D45-4CFE-B1E1-B7B735D7F392}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{78D70C27-AC29-4719-8A82-FBE02AC527DC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8EB5981E-D624-47D6-A9D1-2BFBA22C0032}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92926278-2F62-499D-B750-4B4CAB2D5347}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93DBF338-91FB-47C0-9829-CCA6D10B0292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{952A19F5-0E97-4D5D-957C-A1D6E5DC48DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97D27348-AA55-4E0D-BA3E-C6DFC8C11B2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99F20D98-43BF-4636-B09A-C84B03A41941}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BF23491-0897-4177-9BAB-D31AAC783B00}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A99CE779-C151-4E7E-9D1A-404A6E560D4D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A9A583A9-665C-433C-8A52-094124D5FBD9}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA7133A9-DB72-4323-A777-470D80F998A5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BFF8DC89-46AF-485F-8AC7-82A0C756A09C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C345EE5E-7F18-4387-AB53-D63AFA931465}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8FBB3E5-8E54-4D0A-938F-9DBDA8C8253B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{D2173BE5-E666-4481-B3D3-23DF035E2497}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D608D704-B6B2-4E5B-8E84-8D6F4DA3AFFD}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{D935AF4F-71BB-481B-ADD7-2A56B4D80C3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA165BCC-3FE8-4B7F-89FE-C09DF41CC9B2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DA850D9B-8EA5-4029-BCFB-FF5293CD0A1B}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{DBCC5C49-D424-41CB-83BB-1FB278EFC8C0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E60B614F-ABD3-46B0-A79A-49AD0DC7696E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EED10CCF-FF16-4299-A52A-BCD643F666A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0F19A21-5FA6-4754-9D08-AF40E455C763}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FB96268C-2635-420F-BC40-49A9454D62FD}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F18BA4-CDF2-4A67-8449-BC5E3FC5D76D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0B9E2A14-289A-4745-B476-88AD3ADE1CE0}" = protocol=17 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |
"{25781887-2E4E-4AC2-92D7-067034220B20}" = protocol=58 | dir=in | [email protected],-28545 |
"{2B0CFDE3-4CF5-43B2-B6BA-C6329A69027F}" = protocol=1 | dir=out | [email protected],-28544 |
"{2F460AAC-5A63-4A51-8234-82ECD861412A}" = protocol=58 | dir=out | [email protected],-28546 |
"{40893AE6-87E1-46BC-B64F-88A9E650BAE3}" = protocol=58 | dir=in | [email protected],-148 |
"{41B0F4B6-7382-4A89-BB22-20B794546F5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46BB1AC9-21E1-4DA9-96CE-37543A215A54}" = protocol=17 | dir=in | app=c:\program files\autospec\asloader.exe |
"{476F43D2-565C-4EA0-B820-5351ADEC1CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{492D1C08-810A-4DA5-947D-B788319DB187}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{4CC2CD2C-AE86-4370-870B-9E09A5D9AE6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51757793-1AF7-439D-84E7-E737D03FFAB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54B5C236-43E7-46A8-9A23-702ADBD66876}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{650A6609-8B68-4008-A56B-07AD66D92726}" = protocol=6 | dir=in | app=c:\program files\autospec\assb.exe |
"{6CFC0CD0-C323-4046-B38B-D7FE61E6455F}" = protocol=17 | dir=in | app=c:\program files\autospec\assb.exe |
"{6E9751C1-AC5F-40DE-B4E9-B4B5626DB4CB}" = protocol=17 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-nt.exe |
"{7A4777C8-1C92-4A76-BE8D-E3DBCC693ADC}" = protocol=17 | dir=in | app=c:\program files\autospec\autospec.exe |
"{7F6CA628-8553-4299-B4F6-CA178C8974F3}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{8073C867-0BA6-4968-818C-C80626A3736F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8860F805-2251-433C-B76B-EC10825DB579}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{89580946-3097-40B7-8CDD-2494818CAACB}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{8DEB3421-5546-4D20-B9F7-FC58D9E69388}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{9DAE0D78-9FF1-4BE5-A7A3-5362CE3F28DA}" = protocol=6 | dir=in | app=c:\program files\autospec\asloader.exe |
"{A0AABB6D-E5A4-48D2-8BCA-A34AEAE84A78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB59E603-41B6-4ABB-9F8B-EFB5870EE6AC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AE4BDA4D-BE6E-4FB5-9A5F-6275283E04E5}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{B12226E1-6B0A-4B45-A868-8F41FB8326FE}" = protocol=6 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |
"{B23E0990-8F2F-466F-9ACD-F3E9A1BB303D}" = protocol=1 | dir=in | [email protected],-28543 |
"{B47FDE4F-21EB-4269-8608-151DD8582DC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B98ABE0F-1BFF-49C8-971A-D156CCF10671}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1ABEE9F-6DAD-4072-9918-0C32398A37B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{C31045EF-41EB-4382-BF9B-1E869FCF81C0}" = protocol=6 | dir=in | app=c:\program files\autospec\autospec.exe |
"{DF4B5911-9F83-427A-BC49-38D17FA8F9A1}" = protocol=6 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-nt.exe |
"{E7529C82-9ABF-465F-8B4E-F358B729DB45}" = dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
"{FE1008D2-F361-43A2-AE18-743B76F1FD17}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"TCP Query User{CC08F4C8-2ABA-4829-A85E-371B37190E30}C:\program files\autospec\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |
"UDP Query User{713C335E-8C9E-4F48-97D1-D7B23606EE45}C:\program files\autospec\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\autospec\mysql\bin\mysqld-opt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series" = Canon MG5500 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-A004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2012 Language Pack - English
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 6.01
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}" = WinZip 18.5
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"sp6" = Logitech SetPoint 6.65

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.5
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}" = DataCAD 16
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{28B88897-774A-4005-BBFF-663B1F8EAA5A}" = OpenOffice 4.1.0
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{536D6172-7453-7569-7465-392E37300409}" = Lotus SmartSuite - English
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{69B77D45-F5AD-4AB9-933D-352703324469}_is1" = RAR Password Unlocker
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{706AE61D-40A4-4F50-8359-FE8F6F7FA461}" = Acronis Drive Monitor
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{797E599D-F9F7-4CA9-8323-79BA07E20CFD}" = iBurst Dashboard V2
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90133000-1F11-4819-B708-9DF0870A9C54}" = iBurst Terminal
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A37F36B8-9C7C-4EE6-9014-E723EA5F9C2E}" = DataCAD 16 Setup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{BFE5F286-957F-4EB2-84A6-721061035F3D}" = Unit Converter Pro 1.4
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Aide PDF to DWG Converter_is1" = Aide PDF to DWG Converter 10.0
"AutoSpec" = AutoSpec
"Canon MG5500 series On-screen Manual" = Canon MG5500 series On-screen Manual
"Canon MG5500 series User Registration" = Canon MG5500 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"DataCAD® for Windows®" = DataCAD® for Windows®
"Doxillion" = Doxillion Document Converter
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"Mozilla Thunderbird 24.6.0 (x86 en-GB)" = Mozilla Thunderbird 24.6.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF 2 DXF 3" = PDF 2 DXF 3
"pdf2cad v10" = pdf2cad v10
"Pdf995" = Pdf995
"TeamViewer 9" = TeamViewer 9
"V-Ray for SketchUp 1.48.89" = V-Ray for SketchUp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"OneDriveSetup.exe" = Microsoft OneDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2014/08/26 03:28:36 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =

Error - 2014/08/26 03:28:38 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =

Error - 2014/08/26 03:28:39 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =

Error - 2014/08/26 03:28:41 AM | Computer Name = Mike-Win7 | Source = MsiInstaller | ID = 11308
Description =

Error - 2014/08/26 03:59:04 AM | Computer Name = Mike-Win7 | Source = RasClient | ID = 20227
Description =

Error - 2014/08/26 03:59:31 AM | Computer Name = Mike-Win7 | Source = RasClient | ID = 20227
Description =

Error - 2014/08/26 04:00:13 AM | Computer Name = Mike-Win7 | Source = RasClient | ID = 20227
Description =

Error - 2014/08/26 06:06:21 PM | Computer Name = Mike-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: SHELL32.dll, version: 6.1.7601.18517,
time stamp: 0x53aa2e07 Exception code: 0xc0000005 Fault offset: 0x0000000000050506
Faulting
process id: 0x7f0 Faulting application start time: 0x01cfc0fb4ec5979f Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 359892b2-2d6d-11e4-9a76-00c0ee0d1b33

Error - 2014/08/26 06:06:26 PM | Computer Name = Mike-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521eaf24 Exception code: 0xc015000f Fault offset: 0x000000000006f7ba
Faulting
process id: 0x7f0 Faulting application start time: 0x01cfc0fb4ec5979f Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 390b0a0e-2d6d-11e4-9a76-00c0ee0d1b33

Error - 2014/08/27 05:09:02 AM | Computer Name = Mike-Win7 | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'SpyHunter4 application' could not be shut
down.

Error - 2014/08/27 05:19:07 AM | Computer Name = Mike-Win7 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2014/08/27 05:18:49 AM | Computer Name = Mike-Win7 | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 2014/08/27 05:39:03 AM | Computer Name = Mike-Win7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\EsgScanner.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2014/08/27 05:39:03 AM | Computer Name = Mike-Win7 | Source = Service Control Manager | ID = 7000
Description = The EsgScanner service failed to start due to the following error:
%%1275

Error - 2014/08/27 06:05:00 AM | Computer Name = Mike-Win7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\EsgScanner.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2014/08/27 06:05:00 AM | Computer Name = Mike-Win7 | Source = Service Control Manager | ID = 7000
Description = The EsgScanner service failed to start due to the following error:
%%1275

Error - 2014/08/27 07:29:39 AM | Computer Name = Mike-Win7 | Source = Service Control Manager | ID = 7000
Description = The esgiguard service failed to start due to the following error:
%%2

Error - 2014/08/27 05:39:05 PM | Computer Name = Mike-Win7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 2014/08/28 10:01:54 AM | Computer Name = Mike-Win7 | Source = ipnathlp | ID = 31004
Description =

Error - 2014/08/28 10:07:26 AM | Computer Name = Mike-Win7 | Source = ipnathlp | ID = 31004
Description =

Error - 2014/08/28 01:57:03 PM | Computer Name = Mike-Win7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

< End of report >

#4
zep516

Posted 28 August 2014 - 04:29 PM

Trusted Helper

Malware Removal
7,892 posts

Hello,

I have also noticed in your log file you are using BitTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

Next

We need to do a fix using OTL

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
[2014/08/07 02:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/08/07 02:25:37 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\user\Documents\APNSetup1.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the Report button and the report will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner

In your next reply post:

1-OTL Fix log. After fix is run, fix log should pop up in front of you. If it does not the log is located here--> C:\_OTL\Moved Files
2-New OTL, after a quick scan is run.
3-AdwCleaner Log.

Let me know how things are, not much in log just regular routine items.

Thanks
Joe

#5
MikeBac

Posted 29 August 2014 - 06:49 AM

Member

Topic Starter
Member
11 posts

Hi Joe

Here are the logs as requested.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
C:\ProgramData\APN\APN-Stub folder moved successfully.
C:\ProgramData\APN folder moved successfully.
C:\Users\user\Documents\APNSetup1.exe moved successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini deleted successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP folder deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla17.dll deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla18.exe deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla19.dll deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla2.dll deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla20.dll deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.dll deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseData.ini deleted successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Downloads\cmd.bat deleted successfully.
C:\Users\user\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Documents and Settings

User: Guest

User: Merle

User: MikeB

User: Public

User: UpdatusUser

User: user
->Temp folder emptied: 38033657 bytes
->Temporary Internet Files folder emptied: 5415283 bytes
->FireFox cache emptied: 19670830 bytes
->Flash cache emptied: 2211 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 696500 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 5695912 bytes

Total Files Cleaned = 66.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08292014_134549

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.308 - Report created 29/08/2014 at 14:12:15
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : user - MIKE-WIN7
# Running from : C:\Users\user\Downloads\adwcleaner_3.308.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\users\user\AppData\Roaming\regsvr32.exe_log.txt
Folder Found : C:\Program Files (x86)\FLVM Player
Folder Found : C:\Program Files (x86)\GetPrivate
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\SaveLeotisa
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkekokfomdoonfljdmfnaoifhagohha
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkekokfomdoonfljdmfnaoifhagohha
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkekokfomdoonfljdmfnaoifhagohha
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkekokfomdoonfljdmfnaoifhagohha
Folder Found : C:\users\user\AppData\Local\Chromatic Browser
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkekokfomdoonfljdmfnaoifhagohha
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkekokfomdoonfljdmfnaoifhagohha
Folder Found : C:\users\user\AppData\Local\torch
Folder Found : C:\users\user\AppData\Roaming\GetPrivate
Folder Found : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1406417150&from=amt&uid=ST3250318AS_9VYB8K1R )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1406417150&from=amt&uid=ST3250318AS_9VYB8K1R )
Shortcut Found : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1406417150&from=amt&uid=ST3250318AS_9VYB8K1R )
Shortcut Found : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1406417150&from=amt&uid=ST3250318AS_9VYB8K1R )
Shortcut Found : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1406417150&from=amt&uid=ST3250318AS_9VYB8K1R )
Shortcut Found : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1406417150&from=amt&uid=ST3250318AS_9VYB8K1R )
Shortcut Found : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1406417150&from=amt&uid=ST3250318AS_9VYB8K1R )

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\AdvertisingSupport
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3k63xwh9.default\prefs.js ]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4156 octets] - [29/08/2014 13:59:20]
AdwCleaner[R1].txt - [4004 octets] - [29/08/2014 14:12:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4064 octets] ##########

OTL logfile created on: 2014/08/29 02:25:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.14% Memory free
8.00 Gb Paging File | 5.95 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 130.20 Gb Free Space | 55.93% Space Free | Partition Type: NTFS
Drive E: | 116.93 Gb Total Space | 111.91 Gb Free Space | 95.71% Space Free | Partition Type: NTFS
Drive F: | 116.83 Gb Total Space | 41.88 Gb Free Space | 35.85% Space Free | Partition Type: NTFS
Drive G: | 116.00 Gb Total Space | 110.03 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
Drive H: | 116.00 Gb Total Space | 66.74 Gb Free Space | 57.54% Space Free | Partition Type: NTFS
Drive I: | 76.86 Gb Total Space | 19.28 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive J: | 78.02 Gb Total Space | 45.36 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive K: | 78.01 Gb Total Space | 54.49 Gb Free Space | 69.86% Space Free | Partition Type: NTFS
Drive M: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIKE-WIN7 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/28 19:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2014/07/31 22:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
PRC - [2014/07/25 15:46:25 | 001,101,824 | ---- | M] () -- C:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
PRC - [2014/07/25 15:46:22 | 000,512,512 | ---- | M] () -- C:\Program Files\AutoSpec\assb.exe
PRC - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/06/10 10:51:02 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/05/02 19:19:02 | 001,088,088 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2013/05/02 19:18:00 | 000,989,800 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2013/05/02 19:17:28 | 001,282,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/24 18:49:50 | 000,466,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/09/25 03:40:03 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.exe
PRC - [2006/11/14 09:54:18 | 001,056,768 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
PRC - [2005/06/13 17:01:06 | 000,061,440 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

========== Modules (No Company Name) ==========

MOD - [2014/07/25 15:46:25 | 001,101,824 | ---- | M] () -- C:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
MOD - [2014/07/25 15:46:24 | 000,706,560 | ---- | M] () -- C:\Program Files\AutoSpec\wombat.dll
MOD - [2014/07/25 15:46:22 | 000,512,512 | ---- | M] () -- C:\Program Files\AutoSpec\assb.exe
MOD - [2014/07/03 03:07:31 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/07/03 03:06:45 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/07/03 03:04:42 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/07/03 03:04:40 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/07/03 03:04:37 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/07/03 03:04:31 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/07/03 03:04:27 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/07/03 03:04:25 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/07/03 03:04:20 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/07/03 03:04:20 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/07/03 03:04:16 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/07/03 03:04:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/07/03 03:04:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/07/03 03:04:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/07/03 03:04:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/06/10 10:50:45 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/06/10 10:50:44 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/06/10 10:50:40 | 003,022,960 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/02/24 18:39:44 | 000,012,128 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009/09/25 03:40:03 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.exe
MOD - [2006/11/14 09:54:18 | 001,056,768 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
MOD - [2002/04/10 11:42:00 | 000,233,472 | ---- | M] () -- C:\Program Files\AutoSpec\NetsyncV2\libmysql.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/07/30 20:14:13 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2014/07/25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/25 00:50:50 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2014/02/05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 05:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/14 03:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/14 03:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/08/20 16:13:26 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/31 22:49:52 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe -- (N360)
SRV - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/02/12 07:43:02 | 000,881,760 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/21 05:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/08/20 23:41:09 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/07/30 18:44:37 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2014/07/23 07:13:11 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/07/23 07:13:10 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/07/23 06:50:26 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/03/19 02:24:44 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2014/03/19 02:24:40 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2014/03/19 02:24:38 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2014/02/21 01:14:34 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/01 05:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2013/07/31 06:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/07/31 05:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 03:40:03 | 000,037,888 | ---- | M] (KYOCERA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBux64.sys -- (iBurstU)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/08/21 08:00:33 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140828.023\ex64.sys -- (NAVEX15)
DRV - [2014/08/21 08:00:32 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140828.023\eng64.sys -- (NAVENG)
DRV - [2014/08/21 00:30:23 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/21 00:30:23 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/19 17:31:52 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20140825.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/19 00:20:24 | 001,588,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20140821.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/03/08 13:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.6.15
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/07/05 18:09:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/07/31 04:13:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn\ [2014/08/29 14:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF [2014/08/21 00:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2014/07/04 23:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/08/20 23:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3k63xwh9.default\extensions
[2014/08/20 16:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/20 16:13:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/31 04:13:47 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2014/08/29 14:21:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\COFFPLGN
[2014/08/21 00:31:03 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF

O1 HOSTS File: ([2014/08/27 02:29:19 | 000,000,845 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Autospec] C:\Program Files\AutoSpec\asloader.exe ()
O4 - HKLM..\Run: [AutoSpecNetsync2] C:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe ()
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C070D04-86F6-4FC1-A717-157FA409799C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2CA89-EE6B-4541-920F-049FA156371A}: DhcpNameServer = 196.7.7.7 196.7.8.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42F6009-D6CE-43BB-9707-0DFEA19C9C9A}: NameServer = 41.208.247.5 41.213.80.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/25 20:00:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/02/22 18:35:36 | 000,000,043 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{627d9783-0665-11e3-b8ca-90fba60af170}\Shell - "" = AutoRun
O33 - MountPoints2\{627d9783-0665-11e3-b8ca-90fba60af170}\Shell\AutoRun\command - "" = E:\autorunner.exe "1.jpg"
O33 - MountPoints2\{ff00b940-1808-11e4-bcd1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff00b940-1808-11e4-bcd1-806e6f6e6963}\Shell\AutoRun\command - "" = M:\setup.exe -- [2011/02/26 06:32:11 | 000,626,600 | R--- | M] (Autodesk, Inc.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/29 14:00:14 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/08/29 13:58:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/29 13:45:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/29 00:01:16 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
[2014/08/27 11:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2014/08/25 19:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/08/23 16:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GameBlend
[2014/08/23 16:44:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GameBlend
[2014/08/21 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashDumps
[2014/08/21 02:48:43 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys
[2014/08/21 02:48:42 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys
[2014/08/21 02:48:42 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys
[2014/08/21 02:48:42 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.sys
[2014/08/21 02:48:41 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys
[2014/08/21 02:48:41 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys
[2014/08/21 02:48:41 | 000,162,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys
[2014/08/21 02:48:41 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys
[2014/08/21 02:47:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1505000.013
[2014/08/21 00:44:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\NPE
[2014/08/21 00:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/08/20 23:41:59 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Symantec
[2014/08/20 23:41:09 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/20 23:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/08/20 23:40:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/08/20 23:40:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/08/20 23:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/08/20 23:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/08/20 23:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/08/20 23:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/08/20 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2014/08/20 16:22:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/08/20 16:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/19 10:17:03 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 18:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/08/17 18:03:16 | 000,963,232 | ---- | C] (Microsoft Corporation) -- C:\Users\user\msvcr120.dll
[2014/08/17 18:03:16 | 000,828,416 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\disasm.dll
[2014/08/17 18:03:16 | 000,821,304 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\PatchApply64.exe
[2014/08/17 18:03:16 | 000,660,128 | ---- | C] (Microsoft Corporation) -- C:\Users\user\msvcp120.dll
[2014/08/17 18:03:16 | 000,617,528 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\PatchApply32.exe
[2014/08/17 18:03:16 | 000,300,032 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\ntfsstreams.dll
[2014/08/17 18:03:16 | 000,217,088 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\pexlorer.dll
[2014/08/17 18:03:16 | 000,180,736 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\newdld.dll
[2014/08/17 18:03:16 | 000,047,168 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\hhdhexneo.dll
[2014/08/17 18:03:15 | 003,041,280 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\sviewnew.dll
[2014/08/17 18:03:15 | 000,992,768 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\editor.dll
[2014/08/17 18:03:15 | 000,408,576 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\checksum.dll
[2014/08/17 18:03:15 | 000,374,272 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\bookmarks.dll
[2014/08/17 18:03:15 | 000,290,304 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\clipex.dll
[2014/08/17 18:03:15 | 000,202,752 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\hexplorer.dll
[2014/08/17 18:03:14 | 001,776,144 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\HexFrame.exe
[2014/08/17 18:03:14 | 001,351,216 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\FileDocument.dll
[2014/08/17 18:03:14 | 000,909,312 | ---- | C] (HHD Software Ltd.) -- C:\Users\user\psh.dll
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Tool Window Layouts
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Setup
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\Sample Structures
[2014/08/17 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\user\PatchAPI
[2014/08/17 18:03:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\HHD Software
[2014/08/17 18:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
[2014/08/09 12:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
[2014/08/09 12:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAR Password Unlocker
[2014/08/07 02:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2014/08/07 02:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/08/07 01:50:06 | 000,000,000 | ---D | C] -- C:\Support
[2014/08/07 01:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\1cbcf4cfc4dbd5b5
[2014/08/07 01:45:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Packages
[2014/08/07 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Comodo
[2014/08/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\pdf995
[2014/08/04 12:01:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/08/04 11:59:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/08/01 21:33:31 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\New folder
[2014/08/01 21:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/08/01 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/08/01 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/07/31 04:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/07/31 04:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/07/31 03:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unit Converter Pro 1.4
[2014/07/30 23:41:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SketchUp
[2014/07/30 23:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Datos de programa
[2014/07/30 23:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2013
[2014/07/30 23:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2014/07/30 22:58:51 | 000,167,936 | ---- | C] (Chaos Group Ltd) -- C:\Windows\SysNative\cgauth.dll
[2014/07/30 20:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Ray for SketchUp
[2014/07/30 20:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/07/30 20:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2014/07/30 20:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2014/07/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2014/07/30 18:57:30 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Alcohol 120%
[2014/07/30 18:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2014/07/30 18:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2014/07/30 18:44:37 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys

========== Files - Modified Within 30 Days ==========

[2014/08/29 14:23:19 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/08/29 14:19:38 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/29 14:18:59 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/29 14:16:42 | 000,001,205 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/29 14:16:41 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/08/29 14:09:16 | 000,001,220 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.lnk
[2014/08/29 14:01:37 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/29 14:01:37 | 000,031,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/29 13:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/29 13:23:08 | 000,004,389 | ---- | M] () -- C:\Windows\DCADWin.Ini
[2014/08/29 03:43:01 | 005,090,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/29 03:33:40 | 000,000,275 | ---- | M] () -- C:\Users\user\Documents\ax_files.xml
[2014/08/28 21:15:07 | 000,189,491 | ---- | M] () -- C:\Users\user\Documents\IMG_20140828_0002.pdf
[2014/08/28 20:01:23 | 000,013,227 | ---- | M] () -- C:\Users\user\Desktop\OTL.lnk
[2014/08/28 03:27:11 | 001,888,033 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/27 22:33:37 | 000,002,814 | ---- | M] () -- C:\Users\user\Documents\cc_20140827_223333.reg
[2014/08/27 11:47:21 | 000,043,689 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/27 02:29:19 | 000,000,845 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/08/26 19:01:57 | 000,000,014 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/08/26 10:02:12 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/08/26 09:13:44 | 000,001,110 | ---- | M] () -- C:\Users\user\Documents\cc_20140826_091342.reg
[2014/08/26 09:12:08 | 000,002,266 | ---- | M] () -- C:\Users\user\Documents\cc_20140826_091202.reg
[2014/08/26 08:58:27 | 713,739,209 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/25 20:00:44 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/08/23 01:45:07 | 000,070,144 | ---- | M] () -- C:\Windows\SysWow64\tasks.dll
[2014/08/21 16:18:00 | 000,088,288 | ---- | M] () -- C:\Windows\FontData.fdb
[2014/08/21 09:49:36 | 000,002,326 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/20 23:41:09 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/20 23:41:09 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/20 23:41:09 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/20 23:38:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/08/20 21:30:14 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/19 12:35:43 | 000,830,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/19 12:35:43 | 000,701,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/19 12:35:43 | 000,136,932 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/19 10:05:39 | 000,011,158 | ---- | M] () -- C:\Users\user\Documents\cc_20140819_100531.reg
[2014/08/19 10:05:09 | 000,034,312 | ---- | M] () -- C:\Users\user\Documents\cc_20140819_100501.reg
[2014/08/12 11:50:01 | 000,296,250 | ---- | M] () -- C:\Users\user\Desktop\A short guide to metric nuts and bolts.pdf
[2014/08/12 11:46:07 | 000,345,786 | ---- | M] () -- C:\Users\user\Desktop\metric-hex-bolt-sizes.pdf
[2014/08/09 12:46:06 | 000,000,160 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/08/07 01:45:45 | 000,000,394 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/08/05 18:55:57 | 000,007,966 | ---- | M] () -- C:\Users\user\Documents\cc_20140805_185553.reg
[2014/08/05 14:36:44 | 000,065,854 | ---- | M] () -- C:\Users\user\Documents\Absa.pdf
[2014/08/04 14:21:02 | 000,000,028 | ---- | M] () -- C:\Windows\pdf995.ini
[2014/08/01 21:50:52 | 000,000,067 | ---- | M] () -- C:\Windows\iltwain.ini
[2014/07/31 22:49:37 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\isolate.ini
[2014/07/31 03:32:41 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Unit Converter.lnk
[2014/07/30 23:34:19 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF13a.ocx
[2014/07/30 20:51:17 | 000,000,081 | ---- | M] () -- C:\Users\user\Desktop\V-Ray.asgvislic
[2014/07/30 20:43:00 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx
[2014/07/30 18:44:37 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2014/07/30 15:39:48 | 000,003,118 | ---- | M] () -- C:\Users\user\Documents\cc_20140730_153942.reg
[2014/07/30 15:39:28 | 000,008,664 | ---- | M] () -- C:\Users\user\Documents\cc_20140730_153924.reg

========== Files Created - No Company Name ==========

[2014/08/29 14:09:16 | 000,001,220 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.lnk
[2014/08/28 21:14:24 | 000,189,491 | ---- | C] () -- C:\Users\user\Documents\IMG_20140828_0002.pdf
[2014/08/28 20:01:22 | 000,013,227 | ---- | C] () -- C:\Users\user\Desktop\OTL.lnk
[2014/08/27 22:33:35 | 000,002,814 | ---- | C] () -- C:\Users\user\Documents\cc_20140827_223333.reg
[2014/08/27 20:45:48 | 000,043,689 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/26 09:59:30 | 000,131,072 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2014/08/26 09:13:43 | 000,001,110 | ---- | C] () -- C:\Users\user\Documents\cc_20140826_091342.reg
[2014/08/26 09:12:03 | 000,002,266 | ---- | C] () -- C:\Users\user\Documents\cc_20140826_091202.reg
[2014/08/26 08:58:27 | 713,739,209 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/25 20:00:44 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/08/23 16:29:56 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2014/08/21 16:17:51 | 000,088,288 | ---- | C] () -- C:\Windows\FontData.fdb
[2014/08/21 09:45:40 | 001,888,033 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/21 02:48:42 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam64.cat
[2014/08/21 02:48:42 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.cat
[2014/08/21 02:48:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet64.cat
[2014/08/21 02:48:42 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa.inf
[2014/08/21 02:48:42 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet.inf
[2014/08/21 02:48:42 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.inf
[2014/08/21 02:48:41 | 000,008,202 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.cat
[2014/08/21 02:48:41 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.cat
[2014/08/21 02:48:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.cat
[2014/08/21 02:48:41 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.cat
[2014/08/21 02:48:41 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.cat
[2014/08/21 02:48:41 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds.inf
[2014/08/21 02:48:41 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.inf
[2014/08/21 02:48:41 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.inf
[2014/08/21 02:48:41 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.inf
[2014/08/21 02:48:41 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.inf
[2014/08/21 02:47:08 | 000,030,068 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symvtcer.dat
[2014/08/21 02:47:07 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\isolate.ini
[2014/08/20 23:41:09 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/20 23:41:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/20 23:41:00 | 000,002,326 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/19 10:05:32 | 000,011,158 | ---- | C] () -- C:\Users\user\Documents\cc_20140819_100531.reg
[2014/08/19 10:05:05 | 000,034,312 | ---- | C] () -- C:\Users\user\Documents\cc_20140819_100501.reg
[2014/08/17 18:03:16 | 000,000,050 | ---- | C] () -- C:\Users\user\disasm.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\pexlorer.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\ntfsstreams.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\newdld.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\library.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\hexdiff.cdx
[2014/08/17 18:03:16 | 000,000,025 | ---- | C] () -- C:\Users\user\deditor.cdx
[2014/08/17 18:03:15 | 000,000,050 | ---- | C] () -- C:\Users\user\editor.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\sviewnew.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\psh.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\hexplorer.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\fifiles.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\clipex.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\checksum.cdx
[2014/08/17 18:03:15 | 000,000,025 | ---- | C] () -- C:\Users\user\bookmarks.cdx
[2014/08/17 18:03:14 | 001,951,209 | ---- | C] () -- C:\Users\user\Hex Editor.chm
[2014/08/17 18:03:14 | 000,005,261 | ---- | C] () -- C:\Users\user\default.hexdwc
[2014/08/17 18:03:14 | 000,004,947 | ---- | C] () -- C:\Users\user\free.hexdwc
[2014/08/17 18:03:14 | 000,000,050 | ---- | C] () -- C:\Users\user\HexView.cdx
[2014/08/17 18:03:14 | 000,000,050 | ---- | C] () -- C:\Users\user\FileDocument.cdx
[2014/08/12 11:50:01 | 000,296,250 | ---- | C] () -- C:\Users\user\Desktop\A short guide to metric nuts and bolts.pdf
[2014/08/12 11:46:06 | 000,345,786 | ---- | C] () -- C:\Users\user\Desktop\metric-hex-bolt-sizes.pdf
[2014/08/08 01:45:07 | 000,070,144 | ---- | C] () -- C:\Windows\SysWow64\tasks.dll
[2014/08/07 17:11:36 | 000,002,162 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/08/07 01:45:45 | 000,000,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/05 18:55:55 | 000,007,966 | ---- | C] () -- C:\Users\user\Documents\cc_20140805_185553.reg
[2014/08/05 14:36:43 | 000,065,854 | ---- | C] () -- C:\Users\user\Documents\Absa.pdf
[2014/08/04 14:21:02 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2014/08/04 09:13:58 | 000,056,896 | ---- | C] () -- C:\Users\user\Desktop\Plotter Test.pdf
[2014/08/01 20:17:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/07/31 10:59:29 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
[2014/07/31 03:32:41 | 000,002,343 | ---- | C] () -- C:\Users\Public\Desktop\Unit Converter.lnk
[2014/07/30 23:34:19 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF13a.ocx
[2014/07/30 20:51:16 | 000,000,081 | ---- | C] () -- C:\Users\user\Desktop\V-Ray.asgvislic
[2014/07/30 20:43:00 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx
[2014/07/30 15:39:44 | 000,003,118 | ---- | C] () -- C:\Users\user\Documents\cc_20140730_153942.reg
[2014/07/30 15:39:26 | 000,008,664 | ---- | C] () -- C:\Users\user\Documents\cc_20140730_153924.reg
[2014/07/29 19:55:50 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2014/07/26 19:10:55 | 000,082,072 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2014/07/26 15:44:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2014/07/26 15:44:30 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2014/07/25 21:05:07 | 000,000,304 | ---- | C] () -- C:\Windows\my.ini
[2014/07/24 17:39:43 | 000,038,028 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2014/07/24 17:39:43 | 000,027,030 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2014/07/24 17:39:43 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2014/07/21 12:01:51 | 000,004,389 | ---- | C] () -- C:\Windows\DCADWin.Ini
[2014/07/06 22:16:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/07/06 20:52:59 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2014/05/25 22:02:24 | 000,002,404 | ---- | C] () -- C:\Windows\ampa.ini
[2014/05/25 21:40:23 | 001,806,960 | ---- | C] () -- C:\Windows\ampa.exe
[2014/05/25 21:40:23 | 000,017,008 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2014/05/22 16:10:04 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/08/16 15:24:22 | 000,813,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/08/28 23:57:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Autodesk
[2014/08/04 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2014/08/23 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GameBlend
[2014/07/25 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2014/07/28 17:39:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice
[2014/07/28 12:38:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Panasonic
[2014/08/04 14:21:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\pdf995
[2014/07/30 23:41:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SketchUp
[2014/07/26 00:22:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2014/07/04 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2014/03/17 17:37:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

I have opened both I.E. and Firefox and both now open at Google as their homepage. I did notice that Bing is still there as a search engine. Can I remove it manually ?

Thanks

Mike

#6
zep516

Posted 29 August 2014 - 05:29 PM

Trusted Helper

Malware Removal
7,892 posts

Hello Mike,

AdwCleaner question for you. Did you run the clean option ? Need to do that if you have not, from your adwCleaner log report you have only run the scan:option and that does not delete anything it just lists what it found.

You can remove bing in "Manage your search engines" in the browser, although it's not hurting anything.

Post the adwCleaner log after you run the Clean option

Thanks
Joe

#7
MikeBac

Posted 30 August 2014 - 10:12 AM

Member

Topic Starter
Member
11 posts

Hi Joe

I did run the Clean Option before I sent you the last message. I copied all the reports that had been generated to the message.

I have now run the Scan Option again and run the Clean Option. The report generated this time is attached.

Where would I be able to locate the report generated from the 1st Clean Option run? I have done a search on the computer and can only find a R1 text, copied to the last message and an S1 text, copied to this message.

# AdwCleaner v3.308 - Report created 30/08/2014 at 15:57:29
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : user - MIKE-WIN7
# Running from : C:\Users\user\Downloads\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3k63xwh9.default\prefs.js ]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4156 octets] - [29/08/2014 13:59:20]
AdwCleaner[R1].txt - [4148 octets] - [29/08/2014 14:12:15]
AdwCleaner[R2].txt - [1118 octets] - [30/08/2014 15:55:38]
AdwCleaner[S0].txt - [3677 octets] - [29/08/2014 14:16:40]
AdwCleaner[S1].txt - [1044 octets] - [30/08/2014 15:57:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1104 octets] ##########

Regards

Mike

#8
zep516

Posted 30 August 2014 - 06:32 PM

Trusted Helper

Malware Removal
7,892 posts

Hello,

OK. Thanks. Good enough.

Lets run an online scan and see what shows, this scan will show what has been already quarantined too.

Next this scan may take a while!

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

In your next reply post:

1- ESET scan results.

Thanks
Joe

#9
MikeBac

Posted 31 August 2014 - 10:50 AM

Member

Topic Starter
Member
11 posts

Hi Joe

Here is the ESET scan log:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8d7a670213522548847374d7e9a69047
# engine=19924
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-31 03:47:25
# local_time=2014-08-31 05:47:25 (+0200, South Africa Standard Time)
# country="South Africa"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 515056 160162541 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2580587 161129895 0 0
# scanned=842680
# found=104
# cleaned=0
# scan_time=22548
sh=60264EDEF848C7D42FC2E12EBBD25E9C184C152A ft=1 fh=71500cf28925eb94 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillion.exe.vir"
sh=97773785D2677C88624C07CD9E119C9A9D349D4C ft=1 fh=d53c09acef8d928a vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v2.22.exe.vir"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\MikeB\My Documents\DownLoads\ccsetup411.exe"
sh=41A0CEC659065599D33DA4911AD2952F26331CB9 ft=1 fh=4bb8f7aeb3bcb827 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Documents and Settings\MikeB\My Documents\DownLoads\registry-cleaner-setup-ifo.exe"
sh=99820BBA134EB698C84389152627D51D5DDD86FA ft=1 fh=5b431b0342859da1 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Documents and Settings\MikeB\My Documents\DownLoads\Adelantado Trilogy - Book One - Full PreCracked - Foxy Games\Adelantado Trilogy - Book One - Full PreCracked - Foxy Games.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\user\Downloads\ccsetup414.exe"
sh=4F0DAC00A18FE6A365DFB9BFA59B4ACA60CF4D20 ft=1 fh=b7c431462b2ce118 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Documents and Settings\user\Downloads\disk-defrag-setup.exe"
sh=97773785D2677C88624C07CD9E119C9A9D349D4C ft=1 fh=d53c09acef8d928a vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Documents and Settings\user\Downloads\doxillionsetup.exe"
sh=220A5EE5314FEB1E4D974116F57ED2EE4C0EF0BA ft=1 fh=39b2ce745c174f8e vn="a variant of Win32/InstallCore.PL potentially unwanted application" ac=I fn="C:\Documents and Settings\user\Downloads\FirefoxSetup.exe"
sh=8BE4067FC2953895D55C97FD950F28DAA449D384 ft=1 fh=52b9d551b6404b9e vn="a variant of Win32/InstallCore.PP potentially unwanted application" ac=I fn="C:\Documents and Settings\user\Downloads\winzip18-dl_v3.exe"
sh=410A291BBCFF606B53CF0C7BCA623D0CC8DD0463 ft=1 fh=642f2500adcd11ea vn="Win32/Somoto.G potentially unwanted application" ac=I fn="C:\Documents and Settings\user\Downloads\WinZip18Keygen_downloader-IcsvXXkPA.exe"
sh=B72746BDF4AC476920FB456081B8B75EA82A05B2 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="C:\Downloads\Downloads\SketchUp 2013 Pro\Google_SketchUp_Pro_2013_v13.0.4124_Final_Eng.rar"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="probably a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=4A56F8FC54F18AAD96FCFD0AD972612D7B54A924 ft=1 fh=64584fffcd3c0785 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="C:\Program Files (x86)\Enigma Software Group\SpyHunter\spyhunter.4.3.32-patch.exe"
sh=1D0AEFA288494F61CE9CC50D054503621B07C281 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CX potentially unsafe application" ac=I fn="C:\transfer\SketchUp-1\SUP 7\Google.SketchUP.part1.rar"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\MikeB\My Documents\DownLoads\ccsetup411.exe"
sh=41A0CEC659065599D33DA4911AD2952F26331CB9 ft=1 fh=4bb8f7aeb3bcb827 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Users\MikeB\My Documents\DownLoads\registry-cleaner-setup-ifo.exe"
sh=99820BBA134EB698C84389152627D51D5DDD86FA ft=1 fh=5b431b0342859da1 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\MikeB\My Documents\DownLoads\Adelantado Trilogy - Book One - Full PreCracked - Foxy Games\Adelantado Trilogy - Book One - Full PreCracked - Foxy Games.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\user\Downloads\ccsetup414.exe"
sh=4F0DAC00A18FE6A365DFB9BFA59B4ACA60CF4D20 ft=1 fh=b7c431462b2ce118 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Users\user\Downloads\disk-defrag-setup.exe"
sh=97773785D2677C88624C07CD9E119C9A9D349D4C ft=1 fh=d53c09acef8d928a vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Users\user\Downloads\doxillionsetup.exe"
sh=220A5EE5314FEB1E4D974116F57ED2EE4C0EF0BA ft=1 fh=39b2ce745c174f8e vn="a variant of Win32/InstallCore.PL potentially unwanted application" ac=I fn="C:\Users\user\Downloads\FirefoxSetup.exe"
sh=8BE4067FC2953895D55C97FD950F28DAA449D384 ft=1 fh=52b9d551b6404b9e vn="a variant of Win32/InstallCore.PP potentially unwanted application" ac=I fn="C:\Users\user\Downloads\winzip18-dl_v3.exe"
sh=410A291BBCFF606B53CF0C7BCA623D0CC8DD0463 ft=1 fh=642f2500adcd11ea vn="Win32/Somoto.G potentially unwanted application" ac=I fn="C:\Users\user\Downloads\WinZip18Keygen_downloader-IcsvXXkPA.exe"
sh=9CE317C3749C254138FB6F1995A7580894F5F8D6 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Windows\Installer\413ed0.msi"
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\_OTL\MovedFiles\08292014_134549\C_Users\user\Documents\APNSetup1.exe"
sh=09F1732928137C4A347092A8E4EF9E6B670CF30B ft=1 fh=dc3949a150b672eb vn="a variant of Win32/BrowseFox.I potentially unwanted application" ac=I fn="E:\Avenger\outobox.BrowserAdapter.exe"
sh=9FDFC8F9E942DB7644CE0D83A61A0E2609742B03 ft=1 fh=81e9b878cc7f1bab vn="a variant of Win32/BrowseFox.I potentially unwanted application" ac=I fn="E:\Avenger\outoboxBAApp.dll"
sh=EC43CA212608C1292C107D5BA1619AF456BA3EDC ft=1 fh=fb9d47102b80aa4a vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="E:\Avenger\{1a147621-8c9a-4d6b-a557-6513a40d3207}.dll"
sh=895F2B5607F4AFAA59A57E3D683241A0A1EF0495 ft=1 fh=aeb83106504ad707 vn="Win32/Toolbar.DefaultTab.A potentially unwanted application" ac=I fn="E:\Avenger\DefaultTab-ren-924\DTUpdate.exe"
sh=F0BA99472AFF60ED7E556763E3D0C13A3B19AC14 ft=1 fh=bfd974bebad57386 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="E:\Program Files\NETGATE\Spy Emergency\Patch_x64.exe"
sh=2EE2E3E45DF66D69D4362753F3D8B05B38586838 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="F:\Rendering Progs\Rendering Progs-1\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt.rar"
sh=2F5204D6273C791584489AEE06010D7997B8122D ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="F:\Rendering Progs\Rendering Progs-1\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt\zwt.rar"
sh=4F15813D92DF5994C5C43F10B79FD6324C99E8BC ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="F:\Rendering Progs\Rendering Progs-1\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt\zwtestc2.zip"
sh=9DA43CCB528CE03A16054B9D37FCFC853D8D49E1 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CX potentially unsafe application" ac=I fn="F:\Rendering Progs\Rendering Progs-1\Texture Software\EArt.Media.Software.Seamless.Texture.Creator.v2.0.Incl.Keymaker-ZWT.zip"
sh=2EE2E3E45DF66D69D4362753F3D8B05B38586838 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="F:\Rendering Progs\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt.rar"
sh=2F5204D6273C791584489AEE06010D7997B8122D ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="F:\Rendering Progs\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt\zwt.rar"
sh=4F15813D92DF5994C5C43F10B79FD6324C99E8BC ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="F:\Rendering Progs\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt\zwtestc2.zip"
sh=9DA43CCB528CE03A16054B9D37FCFC853D8D49E1 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CX potentially unsafe application" ac=I fn="F:\Rendering Progs\Texture Software\EArt.Media.Software.Seamless.Texture.Creator.v2.0.Incl.Keymaker-ZWT.zip"
sh=5B8509C61DB6579AE0670E63F8263EE897B717A9 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="F:\SketchUp\SketchUp 8.0.3117\Google SketchUp Pro 8.0.3117. Includes V-Ray and IDX.rar"
sh=CA8D171CF017038BB3BDEC4287169B9F59476AC7 ft=1 fh=c71c0011c260c053 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="F:\SU8\Google SketchUp Pro 8.0.3117. Includes V-Ray and IDX\SketchUp 8\crack\google.sketchup.pro.8.0.3117-MPT.exe"
sh=7E4395344A02FFA469BAC8CBBD82CCD1D7F5F7BA ft=1 fh=320af2a5299399bf vn="a variant of Win32/Keygen.AF potentially unsafe application" ac=I fn="H:\Corel Draw graphic suite X5 with Keygen\keygen.exe"
sh=3B30E0AF22A981EB2FA188D5D17D7970264A5DE3 ft=1 fh=96ceea378f0ebc3d vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="H:\Installed Downloads\Alcohol52_FE_2.0.2.3931.exe"
sh=9D9BD34F1647397FEF714D2FC73E905127ADB30A ft=1 fh=c45ba454c600224c vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="H:\Installed Downloads\oi_spybotsd-208-beta6exe.exe"
sh=2BA66AF5D37020C9D636761285D049746FA4A081 ft=1 fh=0bf39c2977f78088 vn="a variant of Win32/InstallCore.AD potentially unwanted application" ac=I fn="H:\Installed Downloads\PDFConverterSetup.exe"
sh=D0F1C0D42F67E8FBB4E2BEED3584258C56DBE065 ft=0 fh=0000000000000000 vn="Win32/Keygen.BL potentially unsafe application" ac=I fn="H:\Installed Downloads\AutoCad 2012\32 Bit\aca2012_x32.iso"
sh=BA254845F8089669EB39B64B4F4B77DBF7733606 ft=0 fh=0000000000000000 vn="Win32/Keygen.BL potentially unsafe application" ac=I fn="H:\Installed Downloads\AutoCad 2012\64 Bit\Autodesk AutoCAD Architecture v2012 (64 Bit) - Cool Release.iso"
sh=660D1B46027860CBE265F1903F4E74310C5A0782 ft=1 fh=ec0d8f5f48ede648 vn="Win32/Tenga.gen virus" ac=I fn="H:\Installed Downloads\AutoCad 2012\64 Bit\AutoCad 2012 64 Bit Extracted\x64\ACA\Program Files\Root\Locked\acad.exe"
sh=2501E6F1F16DCBB361092D70A2F58D6B247863F4 ft=0 fh=0000000000000000 vn="Win32/Keygen.BL potentially unsafe application" ac=I fn="H:\Installed Downloads\AutoCad 2012\64 Bit-2\acad2012_x64.iso"
sh=082354A70A7643A94E76C581E144B38FBFBBF851 ft=1 fh=1b20774ca278a942 vn="Win32/Keygen.BL potentially unsafe application" ac=I fn="H:\Installed Downloads\AutoCad 2012\64 Bit-2\xf-adesk2012x64.exe"
sh=2501E6F1F16DCBB361092D70A2F58D6B247863F4 ft=0 fh=0000000000000000 vn="Win32/Keygen.BL potentially unsafe application" ac=I fn="H:\Installed Downloads\AutoCad 2012\64 Bit-2\64 Bit-2 Extracted\acad2012_x64.iso"
sh=CB48DBCA1D047AFB0788B5B9660676486DE30908 ft=1 fh=b7e57d846d036ef4 vn="a variant of Win32/Adware.AdvPCTweak application" ac=I fn="I:\DOWN LOADS\AdvancedPCTweaker_Setup.exe"
sh=9AAB2859255AE606936F0A755281414A4877ACD7 ft=1 fh=634a6b20a6c9c4cf vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="I:\DOWN LOADS\ashampoo_3d_cad_architecture_3_3.0.2_sm.exe"
sh=CA2CB05B61F636376E8B7D0F043A82BC67F97BFB ft=1 fh=ea30dfbfa2fb4e94 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="I:\DOWN LOADS\ashampoo_3d_cad_professional_3_3.0.2_sm.exe"
sh=E90591CAFF65276EAE162DB1E02A2FFA750B05F7 ft=1 fh=a2673d36b4c032b8 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="I:\DOWN LOADS\ashampoo_hdd_control_1.12_8559.exe"
sh=10C2A47DEE8D2987D98AC6E167A4DBE0DC914FEB ft=1 fh=c346676e3eca5474 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="I:\DOWN LOADS\ashampoo_internet_accelerator_3_3.20_8560.exe"
sh=A06FE2AF6D70C194C4C2EAA2605B982E37B70895 ft=1 fh=2491823e0b415d27 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="I:\DOWN LOADS\BitTorrent-6.3.exe"
sh=CC4D38CBA5A7E1ACF430179C64314930008136F9 ft=1 fh=05454cf745e43892 vn="a variant of Win32/Toolbar.Conduit.AI potentially unwanted application" ac=I fn="I:\DOWN LOADS\bubbles_premium.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="I:\DOWN LOADS\ccsetup318.exe"
sh=9676A9F5A1A673137F1930432721631865A15B43 ft=1 fh=d7223b11f8c47e7a vn="multiple threats" ac=I fn="I:\DOWN LOADS\DeviceDoctor_Bundle.exe"
sh=B2B30A473EC7DEA2FF1585BE415E96D1B9D94487 ft=1 fh=6be67b9554477a4f vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="I:\DOWN LOADS\JDownloader_0.9579.exe"
sh=6B88DFB305134B7AF6D61442A534056DB5647A19 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.E potentially unsafe application" ac=I fn="I:\DOWN LOADS\quick3d_pro_4_0_crk_fff_zip_11193.zip"
sh=ABCBE5A8FE321377E5DBFB3BB060A862E04706AE ft=1 fh=250619b7bdb129ed vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="I:\DOWN LOADS\Setup_FreeConverter.exe"
sh=2DA1A7DEE115F5827E6C30D0A0E321EA168F42B8 ft=1 fh=d9acd49dcaababbb vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="I:\DOWN LOADS\siw-setup.exe"
sh=D0B714C34C3B1D453D2F0136364CBC9C420E9CCD ft=1 fh=1ff338ec4173bf5f vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="I:\DOWN LOADS\smart-defrag-setup-beta.exe"
sh=D5EB2B92ED7E0E28C9CD603995FE5AA9D72CD616 ft=1 fh=43bffa59672ad400 vn="Win32/SoftonicDownloader.D potentially unwanted application" ac=I fn="I:\DOWN LOADS\SoftonicDownloader_for_smartsoft-free-pdf-to-word-converter.exe"
sh=9AAB2859255AE606936F0A755281414A4877ACD7 ft=1 fh=634a6b20a6c9c4cf vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="I:\DOWN LOADS\A Shampoo 3D CAD\Ashampoo_3D_CAD_Architecture_3_v3\ashampoo_3d_cad_architecture_3_3.0.2_sm.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="a variant of Win32/ExpressFiles potentially unwanted application" ac=I fn="I:\DOWN LOADS\Chief Architect\chief_architect_x3_crack.rar_downloader.exe"
sh=2659F6D12907C36EAB4FB54EEA2D3E01F4C3B853 ft=1 fh=4312f4a12d9c0fd8 vn="probably a variant of Win32/Systweak potentially unwanted application" ac=I fn="I:\DOWN LOADS\Downloads\winzip155.exe"
sh=77C41069FE35E476DDA56FDAE37612700431AAE7 ft=1 fh=1bb12da0ad71df90 vn="a variant of Win32/Kryptik.KGY trojan" ac=I fn="I:\DOWN LOADS\DRPSu12.3-Final\tools\DrvUpdater.exe"
sh=17BEED11035F8ECFC62C9E6DDE013F6E29CA8C7D ft=1 fh=c7dc9d3ef5fcb405 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="I:\DOWN LOADS\System Speed Fix Software\hwmonitor_1.19-setup.exe"
sh=D07F0F83B6B36984DE97FDB422430C77586E3A6B ft=1 fh=38f672b5d0868b48 vn="Win32/PrcView potentially unsafe application" ac=I fn="I:\DOWN LOADS\System Speed Fix Software\SmitfraudFix.exe"
sh=607887949DE027DE46AF4F864A12FB83227A770E ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="I:\Downloads TB Installed\Nero 12(1).rar"
sh=AA72EFA7FDF9172EC2672DF1648D24986BA3D6F8 ft=1 fh=cb2c7fc8c582efb0 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="I:\Installed Downloads\4shared_Desktop-4.0.0c.exe"
sh=39DC562895B927B2A000EE497F02A853A87DB47F ft=1 fh=57319bf3f6e9fd8d vn="Win32/InstalleRex.E potentially unwanted application" ac=I fn="I:\Installed Downloads\Autocad 2006 Lt Activation Code And Serial Key.exe.exe"
sh=57F90032DD4BE30758AA5DBC5E25816C798ED60B ft=1 fh=a76a8ed0f19fb746 vn="Win32/TopMedia.B potentially unwanted application" ac=I fn="I:\Installed Downloads\AUTODESK.AUTOCAD.V2012.WIN64-ISO_secure.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="I:\Installed Downloads\cbsidlm-tr1_13-Free_Convert_to_DIVX_AVI_WMV_MP4_MPEG_Converter-ORG-10906593.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="I:\Installed Downloads\ccsetup326.exe"
sh=5F4E50CCFB7EFBA30C0A3E5B32BBB6E0C373796E ft=1 fh=16f75965f975083e vn="Win32/OpenCandy potentially unsafe application" ac=I fn="I:\Installed Downloads\FreeStudio.exe"
sh=14B6A9415F1A2EAD0AF3C90756DEAF4BB39988CC ft=1 fh=414d8d15abe69707 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="I:\Installed Downloads\hwmonitor_1.21-setup.exe"
sh=BA254845F8089669EB39B64B4F4B77DBF7733606 ft=0 fh=0000000000000000 vn="Win32/Keygen.BL potentially unsafe application" ac=I fn="I:\Installed Downloads\Autodesk AutoCAD Architecture v2012 (64 Bit) - Cool Release\Autodesk AutoCAD Architecture v2012 (64 Bit) - Cool Release.iso"
sh=5132A8BB97D203B6AAC0B41B8B91298FF5A813EB ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="I:\Installed Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated)\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso"
sh=7E5CF9DC783BFBEB0D92C74619D643A27D003752 ft=1 fh=5118b0ab43dca3d2 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="I:\Installed Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated)\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office 2010 Toolkit\Office 2010 Toolkit.exe"
sh=607887949DE027DE46AF4F864A12FB83227A770E ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="I:\Installed Downloads\Nero 12 Platinum v12.0.02900 Retail + Patch-iOTA\Nero 12.rar"
sh=D805EBD577AC68BCE9507F1836DD7C25A07C13DB ft=1 fh=c71c0011b8c613bb vn="a variant of Win32/TrojanDownloader.Adload.NKS trojan" ac=I fn="I:\Installed Downloads\Nero 12 Platinum v12.0.02900 Retail + Patch-iOTA\Nero_ContentPack-12.0.00400.exe"
sh=E31FCCE6DDD90C1BF795C0B6895BAA24CD117704 ft=1 fh=c71c0011e97435fe vn="a variant of Win32/TrojanDownloader.Adload.NKS trojan" ac=I fn="I:\Installed Downloads\Nero 12 Platinum v12.0.02900 Retail + Patch-iOTA\Nero_Platinum-12.0.02900.exe"
sh=E171B8520C8D58C40006FB11E5C945FEC5380F5A ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BF potentially unsafe application" ac=I fn="I:\Installed Downloads\Nero 9.4.26.0+keygen [GR420]\nero 9 keygen.rar"
sh=78EF1746BCE016293661B35133259004DE2F2BB7 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="I:\Mozilla Firefox\Firefox\Profiles\11woe7r4.default\extensions\[email protected]"
sh=E6D8AF853C1DFAC4555B8B4166AAA79149C6EF64 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="I:\Mozilla Firefox\Firefox\Profiles\11woe7r4.default\extensions\[email protected]"
sh=3FAD039648584864B4DFC341C27E20A17CBE271C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="I:\Mozilla Firefox\Firefox\Profiles\11woe7r4.default\extensions\[email protected]\content\bg.js"
sh=F8FCE14748EB3381FFE46B5368056C72401B4B84 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="I:\Mozilla Firefox\Firefox\Profiles\11woe7r4.default\extensions\[email protected]\content\bg.js"
sh=7959FA3A408B13B6B2E912BA3999B1B5D193DBA4 ft=0 fh=0000000000000000 vn="a variant of Generik.CHQXRTL trojan" ac=I fn="I:\Zipped Programmes\BadCopy Pro 4.10 (Build 1215).rar"
sh=CCC5A4E5C073F0AC858A09D2576B741CFDF3B995 ft=0 fh=0000000000000000 vn="Win32/Keygen.BL potentially unsafe application" ac=I fn="J:\DOWNLOADS-2\WDK\AUTODESK.AUTOCAD.V2012.WIN32-ISO\acad2012_x32.iso"
sh=A06FE2AF6D70C194C4C2EAA2605B982E37B70895 ft=1 fh=2491823e0b415d27 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\E-Backup\Downloads\BitTorrent-6.3.exe"
sh=B2B30A473EC7DEA2FF1585BE415E96D1B9D94487 ft=1 fh=6be67b9554477a4f vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="J:\E-Backup\Downloads\JDownloader_0.9579.exe"
sh=6B88DFB305134B7AF6D61442A534056DB5647A19 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.E potentially unsafe application" ac=I fn="J:\E-Backup\Downloads\quick3d_pro_4_0_crk_fff_zip_11193.zip"
sh=2EE2E3E45DF66D69D4362753F3D8B05B38586838 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="J:\E-Backup\Downloads\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt.rar"
sh=2F5204D6273C791584489AEE06010D7997B8122D ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="J:\E-Backup\Downloads\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt\zwt.rar"
sh=4F15813D92DF5994C5C43F10B79FD6324C99E8BC ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Molebox.G potentially unwanted application" ac=I fn="J:\E-Backup\Downloads\Seamless Texture Creator\EArt.Media.Software.Seamless.Texture.Creator-v2.0.Inc.Keymaker-zwt\zwtestc2.zip"
sh=9DA43CCB528CE03A16054B9D37FCFC853D8D49E1 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CX potentially unsafe application" ac=I fn="J:\E-Backup\Downloads\Texture Software\EArt.Media.Software.Seamless.Texture.Creator.v2.0.Incl.Keymaker-ZWT.zip"
sh=78EF1746BCE016293661B35133259004DE2F2BB7 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="K:\C-Backup\Docs & Settings\Mike\Application Data\Mozilla\Firefox\Profiles\11woe7r4.default\extensions\[email protected]"
sh=E6D8AF853C1DFAC4555B8B4166AAA79149C6EF64 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="K:\C-Backup\Docs & Settings\Mike\Application Data\Mozilla\Firefox\Profiles\11woe7r4.default\extensions\[email protected]"
sh=3FAD039648584864B4DFC341C27E20A17CBE271C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="K:\C-Backup\Docs & Settings\Mike\Application Data\Mozilla\Firefox\Profiles\11woe7r4.default\extensions\[email protected]\content\bg.js"
sh=F8FCE14748EB3381FFE46B5368056C72401B4B84 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="K:\C-Backup\Docs & Settings\Mike\Application Data\Mozilla\Firefox\Profiles\11woe7r4.default\extensions\[email protected]\content\bg.js"

#10
zep516

Posted 31 August 2014 - 11:22 AM

Trusted Helper

Malware Removal
7,892 posts

Hello MikeBac,

Run ESET Scan again. This time let it remove all found threats, that is--> Make sure the option to remove "Found threats" is checked.

Let me know when that is done.
Let me know how things are with the computer.

Thanks
Joe

#11
MikeBac

Posted 31 August 2014 - 11:53 AM

Member

Topic Starter
Member
11 posts

Hi Joe

Some of the programmes that have been listed in the Threats log, are programmes that I have been using for years on both the XP machine and now on the Win & machine and are essential to my work. Is there any way to exclude these from the removal.

#12
zep516

Posted 31 August 2014 - 12:07 PM

Trusted Helper

Malware Removal
7,892 posts

How is the computer running?

#13
MikeBac

Posted 31 August 2014 - 02:24 PM

Member

Topic Starter
Member
11 posts

Hi Joe

Computers running like a dream, no more highlighted words in I.E. or Firefox.

Thank you for your assistance.

I will go to the link and follow their instructions.

Regards

Mike

#14
zep516

Posted 01 September 2014 - 12:27 PM

Trusted Helper

Malware Removal
7,892 posts

Hello,

At this time we need / should remove all the tools that were used to clean the computer.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
Push Run.
The program will run for a few seconds and display a notepad report.

Paste it for my review.

#15
MikeBac

Posted 01 September 2014 - 12:51 PM

Member

Topic Starter
Member
11 posts

Hi Joe

I apologise for the misunderstanding in the last post. I miss read the link at the top of the email post and thought it was for another site.

There are a lot of items in the ESET Scan list that I would like to remove. But there are also programmes that I use daily that have been shown. Can I manually remove the unwanted programmes?

Here is the Delfix report.

# DelFix v10.8 - Logfile created 01/09/2014 at 20:45:18
# Updated 29/07/2014 by Xplode
# Username : user - MIKE-WIN7
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\user\Desktop\AdwCleaner.lnk
Deleted : C:\Users\user\Desktop\AdwCleaner[R1].txt
Deleted : C:\Users\user\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\user\Desktop\OTL-QS.Txt
Deleted : C:\Users\user\Downloads\Extras.Txt
Deleted : C:\Users\user\Downloads\OTL.Txt
Deleted : C:\Users\user\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #98 [Removed SpyHunter | 08/27/2014 12:57:10]
Deleted : RP #99 [Installed DirectX | 08/28/2014 21:53:48]
Deleted : RP #100 [Windows Update | 08/29/2014 01:00:12]
Deleted : RP #101 [OTL Restore Point - 2014/08/29 01:46:00 PM | 08/29/2014 11:46:05]

New restore point created !

########## - EOF - ##########

Thanks for your assistance and time.

Regards

Mike