Tony Giangreco
asked on
Win7 Pc - Suspect Spyware - very slow
I’m working a Win7 64 bit Ultimate Pc that I suspect has been hit with some type of spyware or virus. There are no popups or browser hijacks that appear, but the system is unbelievably slow.
Below is a detailed description of the system and what I've done to clean it up.
8 Gigs ram
C drive – 720 GB, 340 Gb free
E-drive - 1 .1 Tb, 540 Gb free
Processor AMD Athlon II 64 bit x 4 620 Ghz
It’s a standalone in its own workgroup. I ran the following utilities which helped:
ComboFix
The report is attached but I don’t have the background to evaluate what should be deleted.
Rogue Kill – Found some registry entries that I had it remove.
- I allowed it to remove the auto update tasks for Google and Adobe to lighten up the system overhead.
SuperAntiSpyware – found a few minor items and now it runs clean
Malwarebytes - – found a few minor items and now it runs clean
TDsKiller – found a few items with the following options selected
- Verify the file digital signatures
- Detect TDLFS file system
Attached are three reports
Conflicker Checker from Symantec – found nothing
Symantec Endpoint protection 12.15.xx – Just found cookies which it deleted
Symantec Endpoint Protection displays a message at boot up saying it’s found a process and want to know if I should block it… I respond yes. I don’t know how to identify that process.
The system boots faster now but is still slower than normal.
TDS-Killer-text-based-report.txt
Combofix.txt
TDS-Killer-Recap.pdf
Below is a detailed description of the system and what I've done to clean it up.
8 Gigs ram
C drive – 720 GB, 340 Gb free
E-drive - 1 .1 Tb, 540 Gb free
Processor AMD Athlon II 64 bit x 4 620 Ghz
It’s a standalone in its own workgroup. I ran the following utilities which helped:
ComboFix
The report is attached but I don’t have the background to evaluate what should be deleted.
Rogue Kill – Found some registry entries that I had it remove.
- I allowed it to remove the auto update tasks for Google and Adobe to lighten up the system overhead.
SuperAntiSpyware – found a few minor items and now it runs clean
Malwarebytes - – found a few minor items and now it runs clean
TDsKiller – found a few items with the following options selected
- Verify the file digital signatures
- Detect TDLFS file system
Attached are three reports
Conflicker Checker from Symantec – found nothing
Symantec Endpoint protection 12.15.xx – Just found cookies which it deleted
Symantec Endpoint Protection displays a message at boot up saying it’s found a process and want to know if I should block it… I respond yes. I don’t know how to identify that process.
The system boots faster now but is still slower than normal.
TDS-Killer-text-based-report.txt
Combofix.txt
TDS-Killer-Recap.pdf
Defragment the drive and also run a disk-check.
Couple of things..
Go to SysInternals..
Get AutoRuns and Process Explorer
Evaluate what is in Startup..
Evaluate what is in Process/Memory/CPU/etc.
HTH,
Kent
Go to SysInternals..
Get AutoRuns and Process Explorer
Evaluate what is in Startup..
Evaluate what is in Process/Memory/CPU/etc.
HTH,
Kent
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'll run Defrag overnight tonight
I agree a total install is a great option, but this Pc is loaded with apps that will take a while to reinstall. i'm looking for a less time consuming solution.
I'll check the user account.
I agree a total install is a great option, but this Pc is loaded with apps that will take a while to reinstall. i'm looking for a less time consuming solution.
I'll check the user account.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Personally, in the last few years, I've not been a big fan of defrag. It's not that it doesn't "help", but if you're experiencing real slowness, I doubt it will help. And I totally understand about putting apps back on, but if you've run all the antimalware things and even perhaps done a system restore and it's still slow, you can spend hours wiping and reloading everything or you can spend hours continuing to fight what may be a losing battle and then still have to wipe.
My philosophy is to at pretty much all costs, try to fix the issue without having to wipe and reload. But if I've done all the tricks in my book, then I just bite the bullet and wipe.
My philosophy is to at pretty much all costs, try to fix the issue without having to wipe and reload. But if I've done all the tricks in my book, then I just bite the bullet and wipe.
i would start with the basics : is the cpu + ram seen normally?
right click on mycomputer>properties
i would also run a disk diag on BOTH drives, to be sure they're running OK :
Hardware diagnostic CD UBCD
i suggest the UBCD to run some diags first - to be sure about the basics
go to the download page, scroll down to the mirror section, and click on a mirror to start the download
Download the UBCD and make the cd <<==on a WORKING PC, and boot the problem PC from it
Here 2 links, one to the general site, and a direct link to the download
since the downloaded file is an ISO file, you need to use an ISO burning tool
if you don't have that software, install cdburnerXP : http://cdburnerxp.se/
If you want also the Ram tested - run memtest86+ at least 1 full pass, - you should have NO errors!
For disk Diagnostics run the disk diag for your disk brand (eg seagate diag for seagate drive) from the HDD section - long or advanced diag ! (runs at least for30 minutes)
http://www.ultimatebootcd.com/ ultimate boot cd
http://www.ultimatebootcd.com/download.html download page
right click on mycomputer>properties
i would also run a disk diag on BOTH drives, to be sure they're running OK :
Hardware diagnostic CD UBCD
i suggest the UBCD to run some diags first - to be sure about the basics
go to the download page, scroll down to the mirror section, and click on a mirror to start the download
Download the UBCD and make the cd <<==on a WORKING PC, and boot the problem PC from it
Here 2 links, one to the general site, and a direct link to the download
since the downloaded file is an ISO file, you need to use an ISO burning tool
if you don't have that software, install cdburnerXP : http://cdburnerxp.se/
If you want also the Ram tested - run memtest86+ at least 1 full pass, - you should have NO errors!
For disk Diagnostics run the disk diag for your disk brand (eg seagate diag for seagate drive) from the HDD section - long or advanced diag ! (runs at least for30 minutes)
http://www.ultimatebootcd.com/ ultimate boot cd
http://www.ultimatebootcd.com/download.html download page
Your C: is very large - maybe Windows Search indexing is dragging it down?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I'll run it this evening. I'm currently running a full scan of the Microsoft Windows Malicious Software Removal tool. So far, it's not reporting anything found.
ASKER
Here are the logs from Old Timer
Extras.txt
OTL Extras logfile created on: 9/11/2013 6:37:57 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 70.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 360.35 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.79 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA RE\Classes \<extensio n>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWA RE\Classes \<extensio n>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\contro l.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWAR E\Classes\ <extension >]
.html [@ = ChromeHTML] -- C:\Users\XXX\AppData\Local \Google\Ch rome\Appli cation\chr ome.exe (Google Inc.)
.ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit3 2.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit3 2.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit3 2.exe (IDM Computer Solutions, Inc.)
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA RE\Classes \<key>\she ll\[comman d]\command ]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e xe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e xe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfD efaultInst all.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundl l32.exe" "C:\Windows\System32\mshtm l.dll",Pri ntHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSave r %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rund ll32.exe %SystemRoot%\system32\shel l32.dll,Op enAs_RunDL L %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Offic e12\ONENOT E.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069- A2EA-08002 B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWA RE\Classes \<key>\she ll\[comman d]\command ]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\cont rol.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e xe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e xe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfD efaultInst all.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundl l32.exe" "C:\Windows\System32\mshtm l.dll",Pri ntHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSave r %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rund ll32.exe %SystemRoot%\system32\shel l32.dll,Op enAs_RunDL L %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Offic e12\ONENOT E.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069- A2EA-08002 B30309D} [OpenHomePage] -- Reg Error: Value error.
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center\Monitoring\Symantec AntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Securit y Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\Sh aredAccess \Parameter s\Firewall Policy\Dom ainProfile ]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\Sh aredAccess \Parameter s\Firewall Policy\Sta ndardProfi le]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\Sh aredAccess \Parameter s\Firewall Policy\Sta ndardProfi le\Globall yOpenPorts \List]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\Sh aredAccess \Parameter s\Firewall Policy\Pub licProfile ]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\Sh aredAccess \Parameter s\Firewall Policy\Dom ainProfile \Authorize dApplicati ons\List]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\Sh aredAccess \Parameter s\Firewall Policy\Sta ndardProfi le\Authori zedApplica tions\List ]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Unin stall]
"{0225AD21-F3E2-4916-BFF3- 65D3F90525 82}" = iTunes
"{071c9b48-7c32-4621-a0ac- 3f80952328 8f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441- 6616F567A0 F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE- E53CAE5C7D 45}" = Microsoft_VC80_MFCLOC_x86_ x64
"{24F93B56-61F5-415F-85B9- AA444DA34A FC}" = Microsoft Mouse and Keyboard Center
"{27EF252D-800C-ED42-9904- 459FE00462 25}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B0BD3DD-EF7E-43EE-AC58- 061E412BFF EF}" = SonicWALL Global VPN Client
"{2F72F540-1F60-4266-9506- 952B21D664 0D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A- 835434E766 AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3FA063D7-EDC1-AFA8-54AF- 0563C7DEE0 70}" = Windows App Certification Kit Native Components
"{4569AD91-47F4-4D9E-8FC9- 717EC32D7A E1}" = Microsoft_VC80_CRT_x86_x64
"{4ADBF5BE-7CAF-4193-A1F9- DE6820E685 69}" = Symantec Endpoint Protection
"{4B6C7001-C7D6-3710-913E- 5BC23FCE91 E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FB4C443-6BD6-1514-2717- 3827D65AE6 FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8- 22AB8CEDB1 D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE- AB0FED3BFC 5B}" = Windows Mobile Device Center
"{6E3610B2-430D-4EB0-81E3- 2B57E8B9DE 8D}" = Bonjour
"{7346C35D-942D-3CCE-94CB- 7008BA8D63 CB}" = Application Verifier x64 External Package
"{735EF746-77A8-44E8-821F- 4C77F038AA 90}" = Symantec.cloud - Cloud Agent
"{8338783A-0968-3B85-AFC7- BAAE0A63DC 50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3- A2CBC23725 93}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31- C5FB5D47F6 8B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8- 2E5A4BB71E 00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C- 98CD9675E1 C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000- 0000000FF1 CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000- 0000000FF1 CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000- 0000000FF1 CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2- 7E90C6432E 55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95- 5C2600C20F 26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A- AED149DD37 F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000- 0000000FF1 CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D- F64F8E928A AB}" = Microsoft_VC90_MFC_x86_x64
"{a9264802-8a7a-40fe-a135- 5c6d204aed 7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c- b5496a07ab 2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d- 6e54b3d310 28}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32- BAC17E96C2 B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B143BE44-8723-315E-9413- 011C55873C 0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B6E3757B-5E77-3915-866A- CCFC4B8D19 4C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AC6AF5-CAEC-4178-9E75- F21CA107FC BF}" = Symantec Backup Exec.cloud Backup Agent
"{BC741628-0AFC-405C-8946- DD46D1005A 0A}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07- 3A8AD36569 C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B- BCC81A1EEA AA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875- 88A221D5CD 50}" = Windows Live ID Sign-in Assistant
"{EE936C7A-EA40-31D5-9B65- 8E3E089C38 28}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2DEFE25-83D8-55D0-AF90- BF25ED8360 DA}" = ATI Catalyst Install Manager
"{F4D304D9-7647-4253-957E- 44286B8631 F4}" = HP Unified IO
"{F5B09CFD-F0B2-36AF-8DF4- 1DF6B63FC7 B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F- 543E976B2C 66}" = MSVCRT110_amd64
"{FDB89E21-0C9C-743A-15B3- A4E5C3144E 4A}" = ccc-utility64
"49CF605F02C7954F4E139D188 28DE298CD5 9217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Net2Printer RDP/ICA Client_is1" = Net2Printer RDP Client 1.15
"Net2PrinterRDPClient_is1" = Net2Printer RDP Client 1.16.0
"pdfFactory" = pdfFactory
"Symantec Hosted Services ARP" = Symantec.cloud
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Unin stall]
"{02213A81-CB13-7262-5ABE- 1FFA2C7555 9F}" = Windows App Certification Kit x64
"{033E378E-6AD3-4AD5-BDEB- CBD69B3104 6C}" = Microsoft_VC90_ATL_x86
"{04805AB6-F757-496A-8D56- 37A0FC5FF6 F3}" = VMware vSphere Client 5.0
"{06A9E630-DBA6-4D92-9DE7- A235AA6496 C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20- 04BF618CA0 F9}" = QuickBooks Pro 2010
"{08D2E121-7F6A-43EB-97FD- 629B449034 03}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7- CA6C99A832 E7}" = Adobe Community Help
"{0F044C7A-6EE1-4F03-90AC- 329AAF2FCF 12}" = HPLaserJet200color-MFPM276 _HelpLearn Center_SI
"{0F3647F8-E51D-4FCC-8862- 9A8D0C5ACF 25}" = Microsoft_VC80_ATL_x86
"{1057511B-F8FE-4230-9ED3- AB949A57EE 4A}" = Windows Live PIMT Platform
"{14CF9AF8-10A6-4FA7-9E57- D22DBD644C 77}" = HP Unified IO
"{14D4ED84-6A9A-45A0-96F6- 1753768C3C B5}" = ESSPCD
"{15FEDA5F-141C-4127-8D7E- B962D17427 28}" = Adobe Photoshop CS5
"{180D6813-95E0-415C-B58A- 5B9493DE2D DA}" = hppLaserJetService
"{18455581-E099-4BA8-BC6B- F34B2F0660 0C}" = Google Toolbar for Internet Explorer
"{1A8C25A4-A90A-4A0E-91DD- 3753550747 6A}" = LogMeIn Rescue Technician Console
"{1F1C2DFC-2D24-3E06-BCB8- 725134ADF9 89}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23176E97-26CB-C72A-19EB- BFB21AC1D1 5A}" = Windows Software Development Kit DirectX x86 Remote
"{2318C2B1-4965-11d4-9B18- 009027A5CD 4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4- 2F83217025 FF}" = Java 7 Update 25
"{29315CEC-E6CE-4394-84DC- 6F862E8D9A 52}" = Windows Live UX Platform
"{2D03B6F8-DF36-4980-B7B6- 5B93D5BA3A 8F}" = essvaXXXt
"{2D416A80-0BB1-4D8B-B770- 7BE8F53D59 37}" = Windows Live UX Platform Language Pack
"{2EA97C88-0425-4D57-AEBA- 4604DD78DB 8E}" = Symantec PartnerNet
"{3167CC62-C775-4E47-92C1- 73EBB84575 1A}" = QuickBooks
"{363a2c1e-637f-45ce-933b- 5a5463efd9 45}" = Windows Software Development Kit
"{3C631966-387E-4054-85D9- BBFFABE32B D8}" = QuickBooks Pro 2013
"{3DD8DC4E-B908-4CC6-9F42- ACEF950D87 97}" = LightScribe Template Labeler
"{40F55150-F43D-4C9F-9A00- 1A0A6F1EB7 F0}" = Movie Maker
"{42938595-0D83-404D-9F73- F8177FDD53 1A}" = ESScore
"{42F61556-29ED-8122-F39E- 6F04EA5FF2 79}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4537EA4B-F603-4181-89FB- 2953FC695A B1}" = netbrdg
"{45C56AA7-ED1B-4800-A97F- EDDF3F3520 B1}" = Apple Application Support
"{46316411-80D8-4F68-8118- 696E05FCE1 99}" = Windows Live Essentials
"{46A99EAE-98DA-4BE5-94C3- D41BA4C266 DA}" = hpStatusAlerts
"{488F606B-6A1B-4BFB-9AFA- F4BAA4576C E1}" = PLX OutLook AddIn
"{4A03706F-666A-4037-7777- 5F2748764D 10}" = Java Auto Updater
"{4B02D3CE-A011-4475-93A5- 774E0DA4E2 7E}" = hpbM276DSService
"{4F9A382F-4478-4036-905C- F77DF2EA03 70}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5- E0C8A1083D C5}" = Windows Live SOXE Definitions
"{50120000-1105-0000-0000- 0000000FF1 CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{510D2239-6C2E-457B-9590- 485EC552D9 4D}" = Garmin USB Drivers
"{512957F0-B211-C50A-C1FC- 6867FC3348 A1}" = Windows Software Development Kit Redistributables
"{5316DFC9-CE99-4458-9AB3- E8726EDE02 10}" = skin0001
"{54525107-4C4E-44AC-AC65- 8060841510 57}" = hppSendFaxM276
"{553C904F-57A2-4113-888E- BA0C3D1C69 C0}" = Microsoft VC9 runtime libraries
"{5AF4B3C4-C393-48D7-AC7E- 8E76155795 48}" = Adobe AIR
"{5CC4C963-F772-4766-BFF2- DE551E205E E9}" = Photo Common
"{605A4E39-613C-4A12-B56F- DEFBE67572 37}" = SHASTA
"{60A1253C-2D51-4166-95C2- 52E9CF4F8D 64}" = Photo Gallery
"{60D5EF2A-4E0C-2C30-38F6- 59C26E134F 4A}" = Windows Software Development Kit
"{612C34C7-5E90-47D8-9B5C- 0F717DD827 26}" = swMSM
"{61F25370-7465-4404-BE28- 4629BF8086 99}" = LightScribe Applications
"{62022DCB-BA92-4EC2-AE03- 9B946E4DBF 12}" = hpbDSService
"{635FED5B-2C6D-49BE-87E6- 7A6FCD22BC 5A}" = Microsoft_VC90_MFC_x86
"{63B7AC7E-0178-4F4F-A79B- 08D97ADD02 D7}" = System Requirements Lab for Intel
"{643EAE81-920C-4931-9F0B- 4B343B225C A6}" = ESSBrwr
"{64DF7404-9D46-44AF-AFA1- A2F8D5648C 2D}" = Windows Live Photo Common
"{69FDFBB6-351D-4B8C-89D8- 867DC9D0A2 A4}" = Windows Media Player Firefox Plugin
"{6A136292-02AB-428E-8E9A- 2628A52FA9 8E}" = HP LaserJet 200 color MFP M276 Fax
"{710f4c1c-cc18-4c49-8cbf- 51240c89a1 a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074- 4930A8CFB1 AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A- F0FC0A1B7B FE}" = Apple Software Update
"{7A73EFB4-C362-4395-83D5- E0C6C53677 FE}" = LightScribe Diagnostic Utility
"{83AA2913-C123-4146-85BD- AD8F93971D 39}" = BabylonObjectInstaller
"{868291A4-229E-4795-B0B0- E60E87AF53 CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977- E4B79F83C9 09}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8843CC2B-E648-43D8-A763- 1B5F56173F ED}" = WebEx Recorder and Player
"{88B2E402-DE40-4422-9CCB- D285F8602C 93}" = HP Product FWUpdater
"{8943CE61-53BD-475E-90E1- A580869E98 A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA- D727CA0625 89}" = ESSTOOLS
"{8DD46C6A-0056-4FEC-B70A- 28BB16A1F1 1F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3- 1937104D5B DA}" = MSVCRT110
"{8E92D746-CD9F-4B90-9668- 42B74C14F7 65}" = ESSini
"{8FB53850-246A-3507-8ADE- 0060093FFE A6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000- 0000000FF1 CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000- 0000000FF1 CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000- 0000000FF1 CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000- 0000000FF1 CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000- 0000000FF1 CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000- 0000000FF1 CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000- 0000000FF1 CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000- 0000000FF1 CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000- 0000000FF1 CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000- 0000000FF1 CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000- 0000000FF1 CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000- 0000000FF1 CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000- 0000000FF1 CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000- 0000000FF1 CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000- 0000000FF1 CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000- 0000000FF1 CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000- 0000000FF1 CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-2005-0000-0000- 0000000FF1 CE}" = Microsoft Office File Validation Add-In
"{90538B62-F392-4DE1-B886- 7B48123866 E9}" = LightScribe System Software
"{91120000-0030-0000-0000- 0000000FF1 CE}" = Microsoft Office Enterprise 2007
"{91517631-A9F3-4B7C-B482- 43E0068FD5 5A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B- 56C9E884CC 2C}" = Microsoft_VC80_CRT_x86
"{95140000-0137-0409-0000- 0000000FF1 CE}" = Microsoft Works 6-9 Converter
"{986EABFC-92F6-CECD-9E5A- B13CAC40BB 1D}" = WPTx64
"{999D43F4-9709-4887-9B1A- 83EBB15A83 70}" = VPRINTOL
"{9B2E55F8-5BA8-4A45-9682- ACB6F2CC0D A5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4- 87755C0720 0F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5D42D71-4036-5F88-5085- 657C9DF9F1 DD}" = WPT Redistributables
"{A78FE97A-C0C8-49CE-89D0- EDD524A173 92}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6- BC44E68B55 E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760- 0000000000 04}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760- 0000000000 04}_933" = Adobe Acrobat 9.3.3 - CPSID_83708
"{AC76BA86-1033-0000-7760- 0000000000 04}{AC76BA 86-1033-00 00-7760-00 0000000004 }" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44- AB00000000 01}" = Adobe Reader XI (11.0.03)
"{AE1FA02D-E6A4-4EA0-8E58- 6483CAC016 DD}" = ESSCDBK
"{AF0CE7C0-A3E4-4D73-988B- B29187EC6E 9A}" = QuickTime
"{B162D0A6-9A1D-4B7C-91A5- 88FB48113C 45}" = OfotoXMI
"{B361ED10-259E-4B76-B35E- E47BB6DDDD 74}" = hppFaxDrvM276
"{B4B44FE7-41FF-4DAD-8C0A- E406DDA729 92}" = CCScore
"{BA73469B-D8C7-4FE3-B33C- 1340D09F07 09}" = Windows Live Communications Platform
"{C63E7C60-25EB-11D3-8EDA- 00A0C911E8 E5}" = Microsoft Outlook Personal Folders Backup
"{CC38C23C-7824-4DBB-AC73- 997CD0BBFE C7}" = HP LaserJet 200 color MFP M276
"{D11F66FF-82B3-DDB8-1146- 525370552B E1}" = Windows Software Development Kit for Windows Store Apps
"{D17111CB-C992-42A9-9D56- C19395102A AA}" = Garmin WebUpdater
"{D1A19B02-817E-4296-A45B- 07853FD74D 57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53- CF0486F68E BC}" = Kodak EasyShare software
"{D4F102C5-EEA1-CAE1-8E67- 1A7FCE27F6 73}" = Windows Software Development Kit EULA
"{D6610387-8E8B-48ED-AB1C- 0D38DFE31C 55}" = hppM276LaserJetService
"{D71BC54E-A4E6-4E06-866C- FD6EE16EA1 87}" = Movie Maker
"{D7BF9739-8A68-4335-BBEE- 37752AD9E8 6B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C- 4E062F944A B7}" = Microsoft_VC80_MFCLOC_x86
"{DB02F716-6275-42E9-B8D2- 83BA2BF510 0B}" = SFR
"{DE3A9DC5-9A5D-6485-9662- 347162C7E4 CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631- 8EA7239923 AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC- 5ABB6D182D 46}" = Kits Configuration Installer
"{E63A3353-003C-E4C2-230B- F155212D14 79}" = SDK Debuggers
"{EA540E75-A545-4C9D-B42E- 9C8FC09630 C4}" = HP LJ200 M276 HP Scan
"{EF06A6A8-6B81-4A09-8223- 789953972F FF}" = SonicWALL SSL-VPN NetExtender
"{F0B430D1-B6AA-473D-9B06- AA3DD01FD0 B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167- 68EF0DE699 A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4A2E7CC-60CA-4AFA-B67F- AD5E58173C 3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1- 0E669A411D 9F}" = WIRELESS
"{FF66E9F6-83E7-3A3E-AF14- 8DE9A809A6 A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD4184D-7EC6-476E-9A72- E83412AB9D 3B}" = hpStatusAlertsM276
"Active@ Password Changer" = Active@ Password Changer
"Active@ Password Changer Professional" = Active@ Password Changer Professional
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AXIS Media Control" = AXIS Media Control
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73 B8D1702B32 0485DF8CE. 1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB 21EE389F73 B8D1702B32 0485DF8CE. 1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Gadwin PrintScreen" = Gadwin PrintScreen
"iLivid" = iLivid
"InstallShield_{D7BF9739-8 A68-4335-B BEE-37752A D9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IsoBuster_is1" = IsoBuster 2.8.5
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService " = Mozilla Maintenance Service
"PowerISO" = PowerISO
"TreeSize Free_is1" = TreeSize Free V2.4
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite" = Windows Live Essentials
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Unins tall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Torch" = Torch
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 9/10/2013 5:05:10 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:30:35 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:40:41 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:50:33 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:01:13 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:10:45 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 8:01:29 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 9:31:57 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/11/2013 2:23:57 AM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/11/2013 4:02:54 AM | Computer Name = XXX-7 | Source = Windows Search Service | ID = 3007
Description =
[ Media Center Events ]
Error - 5/10/2010 7:14:13 AM | Computer Name = XXX-7 | Source = MCUpdate | ID = 0
Description = 6:14:13 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/28/2013 7:01:28 AM | Computer Name = XXX-7 | Source = MCUpdate | ID = 0
Description = 6:01:26 AM - Error connecting to the internet. 6:01:26 AM - Unable
to contact server..
[ ODiag Events ]
Error - 12/12/2012 8:54:14 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
Error - 12/12/2012 8:54:57 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
[ OSession Events ]
Error - 3/19/2010 11:47:26 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/15/2010 2:21:44 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/29/2010 12:37:54 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/17/2011 1:55:06 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18089
seconds with 4080 seconds of active time. This session ended with a crash.
Error - 12/6/2011 4:21:18 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1060
seconds with 120 seconds of active time. This session ended with a crash.
Error - 4/5/2012 9:32:25 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9568
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 7/10/2012 8:58:47 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8217
seconds with 2520 seconds of active time. This session ended with a crash.
Error - 12/12/2012 8:54:13 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/12/2012 8:54:57 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
[ Symantec Endpoint Protection Client Events ]
Error - 9/10/2013 2:37:52 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:05:10 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:30:35 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:40:41 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:50:33 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:01:13 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:10:45 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 8:01:29 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 9:31:57 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/11/2013 2:23:57 AM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos t.exe
by: SONAR scan. Action: . Action Description: Access Denied
[ System Events ]
Error - 9/7/2013 6:38:57 PM | Computer Name = XXX-7 | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sy s has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 9/7/2013 6:44:35 PM | Computer Name = XXX-7 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 9/7/2013 7:11:36 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 5:55:31 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 8:29:58 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 12:12:06 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 5:30:31 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/9/2013 2:15:13 PM | Computer Name = XXX-7 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 9/11/2013 4:29:23 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/11/2013 4:30:15 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
< End of report >
OTL.txt
OTL logfile created on: 9/11/2013 6:37:57 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 70.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 360.35 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.79 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
PRC - [2013/06/19 14:44:08 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc .exe
PRC - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q BIDPServic e.exe
PRC - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atasho st.exe
PRC - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec.cloud\Platf ormAgent32 \ccSvcHst. exe
PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\ HPStatusAl erts.exe
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService \HPLaserJe tService.e xe
PRC - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\ccS vcHst.exe
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBD SService.e xe
PRC - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us barbitrato r.exe
PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EX E
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\F ramework\v 4.0.30319\ mscorsvw.e xe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo n.exe
PRC - [2009/11/10 09:45:32 | 000,057,616 | ---- | M] (Ipswitch) -- C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.E XE
PRC - [2007/08/20 03:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS creen.exe
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2005/08/26 14:11:14 | 000,169,552 | ---- | M] (PKWARE, Inc.) -- C:\Program Files (x86)\PKWARE\PKZIPM\9.00.0 010\PKTray .exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
MOD - [2012/07/06 14:29:26 | 000,380,848 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWOW64\sysfer .dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_micr osoft.wind ows.common -controls_ 6595b64144 ccf1df_6.0 .7601.1751 4_none_41e 6975e2bd6f 2b2\comctl 32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscri pt.ocx
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:64bit: - [2013/08/08 18:56:10 | 010,455,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Backu pAgent\bas vc.exe -- (SymcBackupAgentSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/31 10:31:40 | 000,191,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf ormAgent\c cSvcHst.ex e -- (SsPaAdm)
SRV:64bit: - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf ormAgent32 \ccSvcHst. exe -- (ssPaSetMgr)
SRV:64bit: - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SAS CORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/04/03 13:25:06 | 000,287,016 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\aties rxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 08:27:27 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp .dll -- (UmRdpService)
SRV:64bit: - [2010/11/20 08:25:59 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsv c.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerD istSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmg mts.dll -- (AppMgmt)
SRV - [2013/07/16 06:28:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macrom ed\Flash\F lashPlayer UpdateServ ice.exe -- (AdobeFlashPlayerUpdateSvc )
SRV - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe -- (QBCFMonitorService)
SRV - [2013/06/08 08:42:35 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint. exe -- (LMIMaint)
SRV - [2013/06/08 08:42:31 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuard ianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc .exe -- (AdobeARMservice)
SRV - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q BIDPServic e.exe -- (QBVSS)
SRV - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atasho st.exe -- (atashost)
SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe -- (Apple Mobile Device)
SRV - [2012/10/22 19:40:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice .exe -- (MozillaMaintenance)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\ TAEF\Wex.S ervices.ex e -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService \HPLaserJe tService.e xe -- (HP LaserJet Service)
SRV - [2012/04/19 03:05:16 | 002,601,544 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin64\S mc.exe -- (SmcService)
SRV - [2012/04/19 02:47:05 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin64\s nac64.exe -- (SNAC)
SRV - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\ccS vcHst.exe -- (SepMasterService)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBD SService.e xe -- (HP DS Service)
SRV - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us barbitrato r.exe -- (VMUSBArbService)
SRV - [2011/07/29 09:49:18 | 000,504,192 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\Ne tExtender\ NEService6 4.exe -- (SONICWALL_NetExtender)
SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn. exe -- (LogMeIn)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\F ramework64 \v4.0.3031 9\aspnet_s tate.exe -- (aspnet_state)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\F ramework64 \v4.0.3031 9\mscorsvw .exe -- (clr_optimization_v4.0.303 19_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\F ramework\v 4.0.30319\ mscorsvw.e xe -- (clr_optimization_v4.0.303 19_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe -- (SwitchBoard)
SRV - [2009/12/02 18:57:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ ice.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FC S\Intuit.Q uickBooks. FCS.exe -- (QBFCService)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAudi tService.e xe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\w cescomm.dl l -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\r apimgr.dll -- (RapiMgr)
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rdvgkmd .sys -- (VGPU)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\tsusbhu b.sys -- (tsusbhub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\synth3d vsc.sys -- (Synth3dVsc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive rs\RimUsb_ AMD64.sys -- (RimUsb)
DRV:64bit: - [2013/09/09 13:58:41 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\MpEng ineStore\M pKslfe9a1c 1e.sys -- (MpKslfe9a1c1e)
DRV:64bit: - [2013/06/08 08:42:32 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRf sClientNP. dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\point64 .sys -- (Point64)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\usbaapl 64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\GEARAsp iWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/06 14:30:23 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\SYMEVEN T64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 14:29:26 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SysPlan t.sys -- (SysPlant)
DRV:64bit: - [2012/04/03 13:24:48 | 000,100,128 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive rs\SWIPsec .sys -- (SWIPsec)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\netaapl 64.sys -- (Netaapl)
DRV:64bit: - [2012/03/21 03:58:58 | 000,274,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\mos24se r_QUADPORT .sys -- (mos24ser_QUADPORT)
DRV:64bit: - [2012/03/18 21:23:44 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\s ymnets.sys -- (SYMNETS)
DRV:64bit: - [2012/03/07 02:09:30 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\s rtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/07 02:09:30 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\s rtspx64.sy s -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/02/26 21:31:39 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\S ymEFA64.sy s -- (SymEFA)
DRV:64bit: - [2011/11/15 21:11:52 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\S ymDS64.sys -- (SymDS)
DRV:64bit: - [2011/11/15 21:05:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\I ronx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/16 04:25:29 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\Teefer. sys -- (Teefer2)
DRV:64bit: - [2011/08/14 08:48:36 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive rs\hcmon.s ys -- (hcmon)
DRV:64bit: - [2011/08/04 00:10:56 | 000,132,184 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\dnelwf6 4.sys -- (DNE)
DRV:64bit: - [2011/08/03 09:49:26 | 000,021,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drive rs\symrg.s ys -- (symrg)
DRV:64bit: - [2011/07/28 19:27:34 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\NxDrv.s ys -- (NxDrv)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas difsv64.sy s -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas kutil64.sy s -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\Rt64win 7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\atikmda g.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\atikmda g.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\atikmpa g.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\amdsata .sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\amdxata .sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\vmbus.s ys -- (vmbus)
DRV:64bit: - [2010/11/20 08:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\vmstorf l.sys -- (storflt)
DRV:64bit: - [2010/11/20 08:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\storvsc .sys -- (storvsc)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\HpSAMD. sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\TsUsbFl t.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rdpvide ominiport. sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\vms3cap .sys -- (s3cap)
DRV:64bit: - [2010/11/20 04:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\VMBusHI D.sys -- (VMBusHID)
DRV:64bit: - [2010/11/20 04:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\csc.sys -- (CSC)
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\viahdua a.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\nusb3xh c.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\nusb3hu b.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\amdsbs. sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\lsi_sas 2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\stexsto r.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\BrSerIb .sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rootmdm .sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\BrUsbSI b.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\evbda.s ys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\bxvbda. sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\b57nd60 a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\hcw85ci r.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\AtiPcie .sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/04 19:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\SWVNIC. sys -- (SWVNIC)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\mcdbus. sys -- (mcdbus)
DRV:64bit: - [2009/02/23 16:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\SSLDrv. sys -- (SSLDrv)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\RimSeri al_AMD64.s ys -- (RimVSerPort)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drive rs\LMIRfsD river.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\lmimirr .sys -- (lmimirr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\wdcsam6 4.sys -- (WDC_SAM)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\ASACPI. sys -- (MTsensor)
DRV - [2013/09/06 20:34:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ VirusDefs\ 20130910.0 16\ex64.sy s -- (NAVEX15)
DRV - [2013/09/06 20:34:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ VirusDefs\ 20130910.0 16\eng64.s ys -- (NAVENG)
DRV - [2013/08/27 07:30:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sy s -- (eeCtrl)
DRV - [2013/08/27 07:30:41 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilR ebootDrv.s ys -- (EraserUtilRebootDrv)
DRV - [2013/05/31 17:35:10 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.s ys -- (LMIInfo)
DRV - [2013/05/31 12:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ BASHDefs\2 0130822.01 1\BHDrvx64 .sys -- (BHDrvx64)
DRV - [2013/01/31 10:31:40 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\driver s\Symantec .cloud\ccS etx64.sys -- (ccSet_Cloud)
DRV - [2012/08/31 19:19:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ IPSDefs\20 130907.001 \IDSviA64. sys -- (IDSVia64)
DRV - [2012/04/19 03:04:59 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin64\S yDvCtrl64. sys -- (SyDvCtrl)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLa b\cpudrv64 .sys -- (cpudrv64)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\driver s\mcdbus.s ys -- (mcdbus)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\In ternet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank. htm
IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\software\mozilla\Fire fox\Extens ions\\{BBD A0591-3099 -440a-AA10 -41764D9DB 4DB}: C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\IP SFFPlgn\ [2013/09/11 03:35:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozi lla Firefox 12.0\extensions\\Component s: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/23 20:42:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozi lla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/20 10:45:40 | 000,000,000 | ---D | M]
[2013/05/23 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami ng\Mozilla \Extension s
[2013/08/07 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions
[2010/12/15 00:50:39 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\{024 50954-cdd9 -410f-b1da -db804e18c 671}
[2012/10/22 19:43:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\{195 A3098-0BD5 -4e90-AE22 -BA1C540AF D1E}
[2013/08/04 19:16:56 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\{7af fbfae-c4e2 -4915-8c0f -00fa3ec61 0a1}
[2011/09/11 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\LogM eInClient@ logmein.co m
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\searc hplugins\S earch_Resu lts.xml
[2013/08/07 17:18:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/22 19:40:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browser comps.dll
[2012/05/29 17:39:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\baby lon.xml
[2012/10/22 19:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing .xml
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Sear ch_Results .xml
[2012/10/22 19:40:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twit ter.xml
O1 HOSTS File: ([2013/09/07 17:44:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drive rs\etc\hos ts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.d ll (Google Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F 4628F01010 C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\IPS \IPSBHO.dl l (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0 BBC1D38A37 E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShel lExtension s.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files (x86)\Java\jre7\bin\ssv.dl l (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.d ll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0 445EE16191 0} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv .dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-6 65D8EE6A07 7} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.d ll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.d ll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8 EC26069D6F 4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser : (no name) - {30F9B915-B755-4826-820B-0 8FBA6BD249 D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser : (Adobe PDF) - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP LaserJet 200 color MFP M276 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInS ystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\Windows\SysNative\spool \DRIVERS\x 64\3\fppdi s3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [SymantecPaui] C:\Program Files\Symantec.cloud\Platf ormAgent\P AUI.exe (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceMana ger\CS5Ser viceManage r.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMoni tor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSy ncManager. exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo n.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EX E (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core- Static\CLI Start.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\ HPStatusAl erts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS creen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP ERANTISPYW ARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\XXX\AppData\Roami ng\Microso ft\Windows \Start Menu\Programs\Startup\Adob e Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\XXX\AppData\Roami ng\Microso ft\Windows \Start Menu\Programs\Startup\OneN ote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.E XE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Mic rosoft\Int ernet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.d ll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.d ll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\ INetRepl.d ll,-222 - {2EAF5BB1-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Windows\WindowsMobile\I NetRepl.dl l (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\ INetRepl.d ll,-223 - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Windows\WindowsMobile\I NetRepl.dl l (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog _Entries\0 0000000000 7 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog _Entries\0 0000000000 8 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog _Entries\0 0000000000 9 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog _Entries\0 0000000000 7 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog _Entries\0 0000000000 8 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog _Entries\0 0000000000 9 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: metii.com ([metrovpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ontrackdatarecovery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0 D8A0B2C008 9} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {108D3206-846A-4A93-BACB-F 0572D043ED 7} http://173.239.131.84/webrec.cab (SurveillanceCtrl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {254AA86E-5655-4518-AA87-1 85D7CC4180 1} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {3C8A6608-67D1-4AD1-AFE3-9 67ED092924 8} http://www.soddns.com/XWebPlayCMS.CAB (XWebPlayOCX Control)
O16 - DPF: {3F932FFA-F092-4FDB-92C5-1 285978614D 2} http://98.227.106.186/WATCH_16R.cab (WATCH_16R Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D 1B4476E479 7} https://metrovpn.metii.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-F FDE2BAC296 7} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D 2D04FBC429 9} http://www.j2kip.com/CAB/RemoteWeb2.cab (RemoteWeb2 Control)
O16 - DPF: {556EEC63-31E2-47C3-BF29-D FF799D2FE0 4} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {745395C8-D0E1-4227-8586-6 24CA9A10A8 D} http://hosting.ivedaxpress.com/components/AMC.cab (AxisMediaControl Class)
O16 - DPF: {748E146C-5842-4AD4-8A01-A CA7E61C6FC E} http://98.227.106.186/DvrOcx.cab (Dvr Net 85 Multidownload)
O16 - DPF: {79D6214F-CFCE-480F-9901-2 7950E78F1E 6} https://metrovpn.metii.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {971FC730-55F1-461F-83FD-B 3BF5E1F039 E} http://192.168.1.102:8080/AVC_AX_742.cab (AMCCtrl Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-1 8920D89842 9} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AA09E7F8-1C11-4B65-9D61-E B6CB0F1E86 C} http://avtech80x-3.ddns.eagleeyes.tw/AVC_AX_35X.cab (CV781Object Object)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9 C7471B9BEC 7} http://usavision.dipmap.com/cab/OCXChecker_8500.cab (OCXDownloadChecker Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-4 4A219113CD D} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8FB8104-FDC9-4339-8AFF-2 EE4C8C9299 8} http://59.125.163.98/AVC_AX_NVR.cab (AMCCtrl Class)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7 CFF1B70F7F F} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0 060082AA75 C} https://symantec.webex.com/client/T26L10NSP49EP23/support/ieaXXXpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-A C9BF37916A 7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B 5AE0DC75AC 9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\T cpip\Param eters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLoc alGWS {88FED34C-F0CA-4636-A375-3 CB6248B04C D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help -qb3 {c5e479ea-0a65-4b05-8c6c-2 fc8cc682eb 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help -qb6 {6898B29B-BF49-43cb-A0B1-D 0B9496AF49 1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0 0c04f8ec29 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5 3150405FD5 7} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLoc alGWS {88FED34C-F0CA-4636-A375-3 CB6248B04C D} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSyst emServices .dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help -qb3 {c5e479ea-0a65-4b05-8c6c-2 fc8cc682eb 4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggablePro tocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help -qb6 {6898B29B-BF49-43cb-A0B1-D 0B9496AF49 1} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggablePro tocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProto colHandler .dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman ce.exe) - C:\Windows\SysNative\Syste mPropertie sPerforman ce.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explor er.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman ce.exe) - C:\Windows\SysWow64\System Properties Performanc e.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-5 2453494E6C D} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShel lExtension s.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\lives sp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livess p.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/09/11 03:13:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui. dll
[2013/09/11 03:13:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.d ll
[2013/09/11 03:13:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesys prep.dll
[2013/09/11 03:13:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysp rep.dll
[2013/09/11 03:13:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Regis terIEPKEYs .exe
[2013/09/11 03:13:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Regist erIEPKEYs. exe
[2013/09/11 03:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieset up.dll
[2013/09/11 03:13:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetu p.dll
[2013/09/11 03:13:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4ui nit.exe
[2013/09/11 03:13:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ierno nce.dll
[2013/09/11 03:13:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernon ce.dll
[2013/09/11 03:13:03 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertu til.dll
[2013/09/11 03:13:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri pt.dll
[2013/09/11 03:13:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip t.dll
[2013/09/11 03:13:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfee ds.dll
[2013/09/11 03:13:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeed s.dll
[2013/09/11 03:13:00 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri pt9.dll
[2013/09/11 03:13:00 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip t9.dll
[2013/09/11 00:50:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drive rs\ataport .sys
[2013/09/11 00:50:42 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnl pa.exe
[2013/09/11 00:50:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntosk rnl.exe
[2013/09/11 00:50:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskr nl.exe
[2013/09/11 00:50:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll .dll
[2013/09/11 00:50:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kerne lBase.dll
[2013/09/11 00:50:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64 .dll
[2013/09/11 00:50:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kerne l32.dll
[2013/09/11 00:50:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64 win.dll
[2013/09/11 00:50:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conho st.exe
[2013/09/11 00:50:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsr v.dll
[2013/09/11 00:50:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss. exe
[2013/09/11 00:50:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsr v.dll
[2013/09/11 00:50:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm 64.dll
[2013/09/11 00:50:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm6 4.dll
[2013/09/11 00:50:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64 cpu.dll
[2013/09/11 00:50:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-secu rity-base- l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- file-l1-1- 0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -file-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32. dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -threadpoo l-l1-1-0.d ll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- processthr eads-l1-1- 0.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -processth reads-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- sysinfo-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -sysinfo-l 1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- synch-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -synch-l1- 1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -rtlsuppor t-l1-1-0.d ll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- processenv ironment-l 1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- namedpipe- l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -misc-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -memory-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -xstate-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -util-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- string-l1- 1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -string-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- rtlsupport -l1-1-0.dl l
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- profile-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -profile-l 1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- misc-l1-1- 0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- localregis try-l1-1-0 .dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -localregi stry-l1-1- 0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -processen vironment- l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -namedpipe -l1-1-0.dl l
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- memory-l1- 1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- libraryloa der-l1-1-0 .dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -librarylo ader-l1-1- 0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- interlocke d-l1-1-0.d ll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- io-l1-1-0. dll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -io-l1-1-0 .dll
[2013/09/11 00:50:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-secur ity-base-l 1-1-0.dll
[2013/09/11 00:50:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- threadpool -l1-1-0.dl l
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- xstate-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- heap-l1-1- 0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -heap-l1-1 -0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- util-l1-1- 0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -interlock ed-l1-1-0. dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- handle-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -handle-l1 -1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- fibers-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -fibers-l1 -1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- errorhandl ing-l1-1-0 .dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -errorhand ling-l1-1- 0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- delayload- l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -delayload -l1-1-0.dl l
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- debug-l1-1 -0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -debug-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- datetime-l 1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -datetime- l1-1-0.dll
[2013/09/11 00:50:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup1 6.exe
[2013/09/11 00:50:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm .exe
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apiset schema.dll
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apise tschema.dl l
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- localizati on-l1-1-0. dll
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -localizat ion-l1-1-0 .dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- console-l1 -1-0.dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -console-l 1-1-0.dll
[2013/09/11 00:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.e xe
[2013/09/11 00:47:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdoc vw.dll
[2013/09/09 13:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEng ineStore
[2013/09/09 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Ive da-Agreeme nt
[2013/09/09 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/09 07:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\My XXX-xxx Details
[2013/09/09 07:23:55 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive rs\4796527 8.sys
[2013/09/07 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\RK_Qu arantine
[2013/09/07 18:15:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/07 17:27:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/07 17:27:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/07 17:27:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/07 17:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 17:24:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/04 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CC Pics
[2013/08/20 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Samsu ng Note 10.1
[2013/08/18 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CC HighRes
[2013/08/17 12:36:11 | 004,111,304 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vf w.dll
[2013/08/17 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Twili ght SP's
[2013/08/13 21:20:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 20:19:07 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt 4.dll
[2013/08/13 20:18:59 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt 32.dll
[2013/08/13 20:18:58 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintr ust.dll
[2013/08/13 20:18:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintru st.dll
[2013/08/13 20:18:57 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt net.dll
[2013/08/13 20:17:24 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDE COD.DLL
[2013/08/13 20:17:24 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDEC OD.DLL
[2013/08/13 20:17:11 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpco rets.dll
[2013/08/13 20:07:17 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Elgin
[2013/08/13 15:06:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Quo te for 821
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/09/11 06:40:51 | 014,155,776 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2013/09/11 06:25:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpd ateTaskMac hineUA.job
[2013/09/11 06:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpd ateTaskMac hineCore.j ob
[2013/09/11 03:43:11 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296 FB0-376B-4 97e-B012-9 C450E1B732 7-5P-1.C74 83456-A289 -439d-8115 -601632D00 5A0
[2013/09/11 03:43:11 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296 FB0-376B-4 97e-B012-9 C450E1B732 7-5P-0.C74 83456-A289 -439d-8115 -601632D00 5A0
[2013/09/11 03:37:53 | 005,144,656 | ---- | M] () -- C:\Windows\SysNative\FNTCA CHE.DAT
[2013/09/11 03:34:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/09/11 03:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 03:33:31 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 03:29:24 | 007,486,285 | -H-- | M] () -- C:\Users\XXX\AppData\Local \IconCache .db
[2013/09/10 21:06:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti Spyware Scheduled Task 4696c2d4-7173-4020-9b34-ba 78588e3f70 .job
[2013/09/10 18:30:58 | 000,002,128 | ---- | M] () -- C:\Users\XXX\Documents\Def ault.rdp
[2013/09/10 10:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti Spyware Scheduled Task 0c97cbdc-9f09-444b-baf9-2c b2c0f93e6d .job
[2013/09/09 07:23:55 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive rs\4796527 8.sys
[2013/09/07 17:45:00 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2013/09/07 17:44:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drive rs\etc\hos ts
[2013/08/29 15:16:21 | 000,821,454 | ---- | M] () -- C:\Windows\SysNative\PerfS tringBacku p.INI
[2013/08/29 15:16:21 | 000,688,574 | ---- | M] () -- C:\Windows\SysNative\perfh 009.dat
[2013/08/29 15:16:21 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc 009.dat
[2013/08/29 12:04:47 | 000,006,060 | ---- | M] () -- C:\Users\XXX\Desktop\Hill Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | M] () -- C:\Users\XXX\Desktop\Bay.p df
[2013/08/29 11:35:55 | 000,111,616 | ---- | M] () -- C:\Users\XXX\Desktop\Bay Colony.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | M] () -- C:\Users\XXX\Desktop\Lomb. xls
[2013/08/21 15:57:55 | 000,002,717 | ---- | M] () -- C:\Users\XXX\Desktop\Lomb. csv
[2013/08/17 21:41:40 | 003,044,432 | ---- | M] () -- C:\Users\XXX\Desktop\Kevin -Rs.xlsx
[2013/08/15 15:44:17 | 000,000,299 | ---- | M] () -- C:\Users\XXX\Desktop\Ax.cs v
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/09/07 17:27:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/07 17:27:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/07 17:27:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/07 17:27:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/07 17:27:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/29 12:04:47 | 000,006,060 | ---- | C] () -- C:\Users\XXX\Desktop\Hill Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | C] () -- C:\Users\XXX\Desktop\Bay Form.pdf
[2013/08/27 14:52:12 | 000,111,616 | ---- | C] () -- C:\Users\XXX\Desktop\Bay Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | C] () -- C:\Users\XXX\Desktop\Lomb. xls
[2013/08/21 15:57:55 | 000,002,717 | ---- | C] () -- C:\Users\XXX\Desktop\Lom.c sv
[2013/08/17 21:36:15 | 003,044,432 | ---- | C] () -- C:\Users\XXX\Desktop\Kevin -Rs.xlsx
[2013/08/17 12:36:12 | 000,000,316 | ---- | C] () -- C:\Windows\SysWow64\XWebPl ay.ini
[2013/08/17 12:36:11 | 000,455,528 | ---- | C] () -- C:\Windows\SysWow64\NVH264 Decoder.dl l
[2013/08/17 12:36:11 | 000,414,568 | ---- | C] () -- C:\Windows\SysWow64\NVPost Proc.dll
[2013/08/17 12:36:11 | 000,086,888 | ---- | C] () -- C:\Windows\SysWow64\NVH264 vfw.dll
[2013/08/17 12:36:11 | 000,063,048 | ---- | C] () -- C:\Windows\SysWow64\NVH264 .ax
[2013/08/17 12:36:11 | 000,030,280 | ---- | C] () -- C:\Windows\SysWow64\G723ad pcm.acm
[2013/08/17 12:36:11 | 000,005,228 | ---- | C] () -- C:\Windows\SysWow64\1049.i ni
[2013/08/17 12:36:11 | 000,004,480 | ---- | C] () -- C:\Windows\SysWow64\1033.i ni
[2013/08/17 12:36:11 | 000,003,598 | ---- | C] () -- C:\Windows\SysWow64\2052.i ni
[2013/08/17 12:36:11 | 000,002,582 | ---- | C] () -- C:\Windows\SysWow64\1055.i ni
[2013/08/17 12:36:11 | 000,002,367 | ---- | C] () -- C:\Windows\SysWow64\1034.i ni
[2013/08/17 12:36:11 | 000,002,340 | ---- | C] () -- C:\Windows\SysWow64\1046.i ni
[2013/08/17 12:36:11 | 000,002,231 | ---- | C] () -- C:\Windows\SysWow64\1042.i ni
[2013/08/17 12:36:11 | 000,002,081 | ---- | C] () -- C:\Windows\SysWow64\1028.i ni
[2013/08/15 15:44:17 | 000,000,299 | ---- | C] () -- C:\Users\XXX\Desktop\Axis. csv
[2013/06/29 15:41:24 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc31 17.DLL
[2013/05/08 17:24:17 | 000,221,056 | ---- | C] () -- C:\Windows\SysWow64\TLDvrL ng.ini
[2013/05/08 17:24:14 | 000,122,254 | ---- | C] () -- C:\Windows\SysWow64\Dvr72X XInwndLang .ini
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrl keyhook.dl l
[2013/01/21 15:35:42 | 000,043,896 | ---- | C] () -- C:\Windows\SysWow64\XPlayD LL.dll
[2013/01/16 14:55:02 | 003,166,208 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_VIEWE R.dll
[2012/10/27 14:28:08 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\VNNCli ent.dll
[2012/10/24 15:21:54 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP _H264.dll
[2012/10/24 15:21:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP _SCALE.dll
[2012/10/24 15:21:54 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP _JPEG.dll
[2012/10/24 15:21:53 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\Deinte rlace.dll
[2012/10/24 15:21:53 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal e-0.11.1.d ll
[2012/10/24 15:21:53 | 000,086,528 | ---- | C] () -- C:\Windows\SysWow64\avform at-52.74.0 .dll
[2012/10/24 15:21:53 | 000,070,675 | ---- | C] () -- C:\Windows\SysWow64\avutil -50.22.0.d ll
[2012/10/24 15:21:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\AVC_H2 64.dll
[2012/10/24 15:21:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_JP EG.dll
[2012/06/25 16:01:50 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _35x_H264. dll
[2012/06/25 16:01:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_H264. dll
[2012/06/25 16:01:28 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _35x_JPEG. dll
[2012/06/25 16:01:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_JPEG. dll
[2012/06/12 08:04:28 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/05/31 15:18:34 | 001,802,240 | ---- | C] () -- C:\Windows\SysWow64\DVR_GU I.dll
[2012/03/13 17:26:58 | 000,127,848 | ---- | C] () -- C:\Windows\SysWow64\NVClie ntDLL.dll
[2012/03/13 17:25:30 | 000,045,928 | ---- | C] () -- C:\Windows\SysWow64\D3DPla yDLL.dll
[2012/01/03 18:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\utf8_2 _font.dll
[2011/11/29 17:10:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ESP.dll
[2011/11/28 09:36:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx CHT.dll
[2011/11/28 09:36:42 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx CHS.dll
[2011/11/26 18:47:20 | 000,242,688 | ---- | C] () -- C:\Windows\SysWow64\DvrNet .dll
[2011/11/22 10:40:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FRA(yuxin) .dll
[2011/11/18 19:16:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_SCALE .dll
[2011/11/16 11:02:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\winpub f6.dll
[2011/11/15 11:07:56 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FAR(changs hi).dll
[2011/11/01 18:19:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FRA.dll
[2011/10/19 18:27:32 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx HEB.dll
[2011/09/13 11:15:04 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx HRV.dll
[2011/08/23 17:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\NetMsg DLL.dll
[2011/08/20 12:34:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx DEU.dll
[2011/08/04 17:48:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx RUS.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx PXXX.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx PTB.dll
[2011/06/16 16:49:36 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx PLK.dll
[2011/06/16 16:49:34 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx TRK.dll
[2011/06/16 16:49:32 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ITA.dll
[2011/06/16 16:49:30 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ROM.dll
[2011/06/16 16:49:28 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx RUS(DIT).d ll
[2011/06/16 16:48:56 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx THA.dll
[2011/06/16 16:48:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FAR.dll
[2011/06/14 11:20:06 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ARS.dll
[2011/05/12 15:23:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx CSY.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx HUN.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ELL.dll
[2011/05/12 15:22:58 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx NLD.dll
[2011/04/29 18:27:12 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx TRK(KNOWLE DGE).dll
[2011/03/25 16:32:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _35x_SCALE .dll
[2011/03/25 16:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\SysWow64\avcode c-52.84.0. dll
[2011/03/11 10:11:00 | 000,080,915 | ---- | C] () -- C:\Windows\SysWow64\avutil -50.36.0.d ll
[2011/03/11 10:10:58 | 000,824,851 | ---- | C] () -- C:\Windows\SysWow64\avcode c-52.108.0 .dll
[2011/03/11 10:10:58 | 000,171,539 | ---- | C] () -- C:\Windows\SysWow64\swscal e-0.12.0.d ll
[2011/03/11 10:10:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\avform at-52.93.0 .dll
[2011/03/11 10:10:58 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avcore -0.16.1.dl l
[2011/03/09 18:18:52 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _742_JPEG. dll
[2011/03/09 18:14:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _742_H264. dll
[2011/03/09 18:06:42 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _742_SCALE .dll
[2010/06/17 18:07:24 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal e-0.11.0.d ll
[2010/06/17 18:07:24 | 000,070,163 | ---- | C] () -- C:\Windows\SysWow64\avutil -50.19.0.d ll
[2010/06/17 18:07:22 | 000,798,739 | ---- | C] () -- C:\Windows\SysWow64\avcode c-52.77.0. dll
[2010/06/17 18:07:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\avform at-52.68.0 .dll
[2010/04/10 23:25:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.in i
[2009/11/27 17:29:55 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/27 17:29:55 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/25 08:52:03 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trig ger.ini
[2009/11/16 22:58:21 | 000,834,460 | ---- | C] () -- C:\Windows\SysWow64\PerfSt ringBackup .INI
[2009/09/03 10:13:38 | 000,003,920 | ---- | C] () -- C:\Windows\Language(Config )_TI.ini
[2009/07/14 16:31:32 | 000,003,660 | ---- | C] () -- C:\Windows\Language(Config )_HB.ini
[2009/07/14 16:29:04 | 000,001,861 | ---- | C] () -- C:\Windows\Language(Config )_EN.ini
[2009/07/14 16:29:00 | 000,003,952 | ---- | C] () -- C:\Windows\Language(Config )_DE.ini
[2009/07/14 16:28:58 | 000,004,028 | ---- | C] () -- C:\Windows\Language(Config )_CZ.ini
[2009/07/14 16:28:50 | 000,001,706 | ---- | C] () -- C:\Windows\Language(Config )_TC.ini
[2009/07/14 16:28:46 | 000,004,094 | ---- | C] () -- C:\Windows\Language(Config )_SWE.ini
[2009/07/14 16:28:42 | 000,002,798 | ---- | C] () -- C:\Windows\Language(Config )_SC.ini
[2009/07/14 16:28:30 | 000,004,152 | ---- | C] () -- C:\Windows\Language(Config )_RU.ini
[2009/07/14 16:28:26 | 000,004,432 | ---- | C] () -- C:\Windows\Language(Config )_PT.ini
[2009/07/14 16:28:22 | 000,004,240 | ---- | C] () -- C:\Windows\Language(Config )_PL.ini
[2009/07/14 16:28:16 | 000,004,090 | ---- | C] () -- C:\Windows\Language(Config )_NL.ini
[2009/07/14 16:28:12 | 000,004,666 | ---- | C] () -- C:\Windows\Language(Config )_IT.ini
[2009/07/14 16:28:06 | 000,004,338 | ---- | C] () -- C:\Windows\Language(Config )_FR.ini
[2009/07/14 16:28:00 | 000,004,174 | ---- | C] () -- C:\Windows\Language(Config )_FIN.ini
[2009/07/14 16:27:56 | 000,004,516 | ---- | C] () -- C:\Windows\Language(Config )_ES.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWCont extHandler .dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjeto ledb40.dll
[2009/04/08 17:01:34 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\np_hoe m_x.dll
[2008/03/27 18:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Remote Socket.dll
[2008/03/17 14:50:26 | 000,802,321 | ---- | C] () -- C:\Windows\SysWow64\avcode c_0.4.9_pr e1.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil _0.4.9_pre 1-49.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil _0.4.9_pre 1.dll
[2007/11/02 00:58:12 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\SkinMa nager.dll
[2007/09/07 15:50:34 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\J2K_De code.dll
[2007/09/06 16:02:24 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\PTZMan ager.dll
[2006/10/16 04:10:28 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.d ll
[2005/01/17 08:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPC ON.DLL
[2004/08/09 17:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW0 3A.INI
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1 CA
< End of report >
Extras.txt
OTL Extras logfile created on: 9/11/2013 6:37:57 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 70.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 360.35 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.79 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWA
.cpl [@ = cplfile] -- C:\Windows\SysWow64\contro
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWAR
.html [@ = ChromeHTML] -- C:\Users\XXX\AppData\Local
.ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit3
.js [@ = UltraEdit.js] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit3
.txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit3
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfD
InternetShortcut [print] -- "C:\Windows\System32\rundl
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSave
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rund
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Offic
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-
[HKEY_LOCAL_MACHINE\SOFTWA
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\cont
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.e
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfD
InternetShortcut [print] -- "C:\Windows\System32\rundl
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSave
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rund
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Offic
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWA
64bit: [HKEY_LOCAL_MACHINE\SOFTWA
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWA
[HKEY_LOCAL_MACHINE\SOFTWA
[HKEY_LOCAL_MACHINE\SOFTWA
[HKEY_LOCAL_MACHINE\SOFTWA
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWA
[HKEY_LOCAL_MACHINE\SYSTEM
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM
[HKEY_LOCAL_MACHINE\SYSTEM
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM
[HKEY_LOCAL_MACHINE\SYSTEM
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWA
"{0225AD21-F3E2-4916-BFF3-
"{071c9b48-7c32-4621-a0ac-
"{1D8E6291-B0D5-35EC-8441-
"{1E9FC118-651D-4934-97BE-
"{24F93B56-61F5-415F-85B9-
"{27EF252D-800C-ED42-9904-
"{2B0BD3DD-EF7E-43EE-AC58-
"{2F72F540-1F60-4266-9506-
"{350AA351-21FA-3270-8B7A-
"{3FA063D7-EDC1-AFA8-54AF-
"{4569AD91-47F4-4D9E-8FC9-
"{4ADBF5BE-7CAF-4193-A1F9-
"{4B6C7001-C7D6-3710-913E-
"{5FB4C443-6BD6-1514-2717-
"{5FCE6D76-F5DC-37AB-B2B8-
"{626672CD-BFCF-49A9-AEFE-
"{6E3610B2-430D-4EB0-81E3-
"{7346C35D-942D-3CCE-94CB-
"{735EF746-77A8-44E8-821F-
"{8338783A-0968-3B85-AFC7-
"{8557397C-A42D-486F-97B3-
"{889DF117-14D1-44EE-9F31-
"{89F4137D-6C26-4A84-BDB8-
"{8E34682C-8118-31F1-BC4C-
"{90120000-002A-0000-1000-
"{90120000-002A-0409-1000-
"{90120000-0116-0409-1000-
"{925D058B-564A-443A-B4B2-
"{92A3CA0D-55CD-4C5D-BA95-
"{92DBCA36-9B41-4DD1-941A-
"{95120000-00B9-0409-1000-
"{A472B9E4-0AFF-4F7B-B25D-
"{a9264802-8a7a-40fe-a135-
"{aac9fcc4-dd9e-4add-901c-
"{ad8a2fa1-06e7-4b0d-927d-
"{B0A5A6EE-F8BA-48B1-BB32-
"{B143BE44-8723-315E-9413-
"{B6E3757B-5E77-3915-866A-
"{B8AC6AF5-CAEC-4178-9E75-
"{BC741628-0AFC-405C-8946-
"{C8C1BAD5-54E6-4146-AD07-
"{CDDCBBF1-2703-46BC-938B-
"{CE52672C-A0E9-4450-8875-
"{EE936C7A-EA40-31D5-9B65-
"{F2DEFE25-83D8-55D0-AF90-
"{F4D304D9-7647-4253-957E-
"{F5B09CFD-F0B2-36AF-8DF4-
"{F842F8B0-6942-4930-821F-
"{FDB89E21-0C9C-743A-15B3-
"49CF605F02C7954F4E139D188
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Net2Printer RDP/ICA Client_is1" = Net2Printer RDP Client 1.15
"Net2PrinterRDPClient_is1"
"pdfFactory" = pdfFactory
"Symantec Hosted Services ARP" = Symantec.cloud
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWA
"{02213A81-CB13-7262-5ABE-
"{033E378E-6AD3-4AD5-BDEB-
"{04805AB6-F757-496A-8D56-
"{06A9E630-DBA6-4D92-9DE7-
"{0700E22B-A422-40A5-BD20-
"{08D2E121-7F6A-43EB-97FD-
"{0D2DBE8A-43D0-7830-7AE7-
"{0F044C7A-6EE1-4F03-90AC-
"{0F3647F8-E51D-4FCC-8862-
"{1057511B-F8FE-4230-9ED3-
"{14CF9AF8-10A6-4FA7-9E57-
"{14D4ED84-6A9A-45A0-96F6-
"{15FEDA5F-141C-4127-8D7E-
"{180D6813-95E0-415C-B58A-
"{18455581-E099-4BA8-BC6B-
"{1A8C25A4-A90A-4A0E-91DD-
"{1F1C2DFC-2D24-3E06-BCB8-
"{23176E97-26CB-C72A-19EB-
"{2318C2B1-4965-11d4-9B18-
"{26A24AE4-039D-4CA4-87B4-
"{29315CEC-E6CE-4394-84DC-
"{2D03B6F8-DF36-4980-B7B6-
"{2D416A80-0BB1-4D8B-B770-
"{2EA97C88-0425-4D57-AEBA-
"{3167CC62-C775-4E47-92C1-
"{363a2c1e-637f-45ce-933b-
"{3C631966-387E-4054-85D9-
"{3DD8DC4E-B908-4CC6-9F42-
"{40F55150-F43D-4C9F-9A00-
"{42938595-0D83-404D-9F73-
"{42F61556-29ED-8122-F39E-
"{4537EA4B-F603-4181-89FB-
"{45C56AA7-ED1B-4800-A97F-
"{46316411-80D8-4F68-8118-
"{46A99EAE-98DA-4BE5-94C3-
"{488F606B-6A1B-4BFB-9AFA-
"{4A03706F-666A-4037-7777-
"{4B02D3CE-A011-4475-93A5-
"{4F9A382F-4478-4036-905C-
"{4FA8F084-C42F-45E1-B7E5-
"{50120000-1105-0000-0000-
"{510D2239-6C2E-457B-9590-
"{512957F0-B211-C50A-C1FC-
"{5316DFC9-CE99-4458-9AB3-
"{54525107-4C4E-44AC-AC65-
"{553C904F-57A2-4113-888E-
"{5AF4B3C4-C393-48D7-AC7E-
"{5CC4C963-F772-4766-BFF2-
"{605A4E39-613C-4A12-B56F-
"{60A1253C-2D51-4166-95C2-
"{60D5EF2A-4E0C-2C30-38F6-
"{612C34C7-5E90-47D8-9B5C-
"{61F25370-7465-4404-BE28-
"{62022DCB-BA92-4EC2-AE03-
"{635FED5B-2C6D-49BE-87E6-
"{63B7AC7E-0178-4F4F-A79B-
"{643EAE81-920C-4931-9F0B-
"{64DF7404-9D46-44AF-AFA1-
"{69FDFBB6-351D-4B8C-89D8-
"{6A136292-02AB-428E-8E9A-
"{710f4c1c-cc18-4c49-8cbf-
"{76EE8FE7-1957-4C51-9074-
"{789A5B64-9DD9-4BA5-915A-
"{7A73EFB4-C362-4395-83D5-
"{83AA2913-C123-4146-85BD-
"{868291A4-229E-4795-B0B0-
"{86CE85E6-DBAC-3FFD-B977-
"{8843CC2B-E648-43D8-A763-
"{88B2E402-DE40-4422-9CCB-
"{8943CE61-53BD-475E-90E1-
"{8A502E38-29C9-49FA-BCFA-
"{8DD46C6A-0056-4FEC-B70A-
"{8E14DDC8-EA60-4E18-B3E3-
"{8E92D746-CD9F-4B90-9668-
"{8FB53850-246A-3507-8ADE-
"{90120000-0015-0409-0000-
"{90120000-0016-0409-0000-
"{90120000-0018-0409-0000-
"{90120000-0019-0409-0000-
"{90120000-001A-0409-0000-
"{90120000-001B-0409-0000-
"{90120000-001F-0409-0000-
"{90120000-001F-040C-0000-
"{90120000-001F-0C0A-0000-
"{90120000-002C-0409-0000-
"{90120000-0044-0409-0000-
"{90120000-006E-0409-0000-
"{90120000-00A1-0409-0000-
"{90120000-00BA-0409-0000-
"{90120000-0114-0409-0000-
"{90120000-0115-0409-0000-
"{90120000-0117-0409-0000-
"{90140000-2005-0000-0000-
"{90538B62-F392-4DE1-B886-
"{91120000-0030-0000-0000-
"{91517631-A9F3-4B7C-B482-
"{92D58719-BBC1-4CC3-A08B-
"{95140000-0137-0409-0000-
"{986EABFC-92F6-CECD-9E5A-
"{999D43F4-9709-4887-9B1A-
"{9B2E55F8-5BA8-4A45-9682-
"{9BE518E6-ECC6-35A9-88E4-
"{A5D42D71-4036-5F88-5085-
"{A78FE97A-C0C8-49CE-89D0-
"{A92DAB39-4E2C-4304-9AB6-
"{AC76BA86-1033-0000-7760-
"{AC76BA86-1033-0000-7760-
"{AC76BA86-1033-0000-7760-
"{AC76BA86-7AD7-1033-7B44-
"{AE1FA02D-E6A4-4EA0-8E58-
"{AF0CE7C0-A3E4-4D73-988B-
"{B162D0A6-9A1D-4B7C-91A5-
"{B361ED10-259E-4B76-B35E-
"{B4B44FE7-41FF-4DAD-8C0A-
"{BA73469B-D8C7-4FE3-B33C-
"{C63E7C60-25EB-11D3-8EDA-
"{CC38C23C-7824-4DBB-AC73-
"{D11F66FF-82B3-DDB8-1146-
"{D17111CB-C992-42A9-9D56-
"{D1A19B02-817E-4296-A45B-
"{D32470A1-B10C-4059-BA53-
"{D4F102C5-EEA1-CAE1-8E67-
"{D6610387-8E8B-48ED-AB1C-
"{D71BC54E-A4E6-4E06-866C-
"{D7BF9739-8A68-4335-BBEE-
"{D92BBB52-82FF-42ED-8A3C-
"{DB02F716-6275-42E9-B8D2-
"{DE3A9DC5-9A5D-6485-9662-
"{E09C4DB7-630C-4F06-A631-
"{E14DDED2-919B-FCCB-84AC-
"{E63A3353-003C-E4C2-230B-
"{EA540E75-A545-4C9D-B42E-
"{EF06A6A8-6B81-4A09-8223-
"{F0B430D1-B6AA-473D-9B06-
"{F0C3E5D1-1ADE-321E-8167-
"{F4A2E7CC-60CA-4AFA-B67F-
"{F9593CFB-D836-49BC-BFF1-
"{FF66E9F6-83E7-3A3E-AF14-
"{FFD4184D-7EC6-476E-9A72-
"Active@ Password Changer" = Active@ Password Changer
"Active@ Password Changer Professional" = Active@ Password Changer Professional
"ActiveTouchMeetingClient"
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AXIS Media Control" = AXIS Media Control
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73
"com.adobe.amp.4875E02D9FB
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Gadwin PrintScreen" = Gadwin PrintScreen
"iLivid" = iLivid
"InstallShield_{D7BF9739-8
"IsoBuster_is1" = IsoBuster 2.8.5
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService
"PowerISO" = PowerISO
"TreeSize Free_is1" = TreeSize Free V2.4
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite" = Windows Live Essentials
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWAR
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Torch" = Torch
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 9/10/2013 5:05:10 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:30:35 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:40:41 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:50:33 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:01:13 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:10:45 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 8:01:29 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 9:31:57 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/11/2013 2:23:57 AM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/11/2013 4:02:54 AM | Computer Name = XXX-7 | Source = Windows Search Service | ID = 3007
Description =
[ Media Center Events ]
Error - 5/10/2010 7:14:13 AM | Computer Name = XXX-7 | Source = MCUpdate | ID = 0
Description = 6:14:13 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/28/2013 7:01:28 AM | Computer Name = XXX-7 | Source = MCUpdate | ID = 0
Description = 6:01:26 AM - Error connecting to the internet. 6:01:26 AM - Unable
to contact server..
[ ODiag Events ]
Error - 12/12/2012 8:54:14 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
Error - 12/12/2012 8:54:57 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
[ OSession Events ]
Error - 3/19/2010 11:47:26 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/15/2010 2:21:44 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/29/2010 12:37:54 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/17/2011 1:55:06 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18089
seconds with 4080 seconds of active time. This session ended with a crash.
Error - 12/6/2011 4:21:18 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1060
seconds with 120 seconds of active time. This session ended with a crash.
Error - 4/5/2012 9:32:25 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9568
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 7/10/2012 8:58:47 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8217
seconds with 2520 seconds of active time. This session ended with a crash.
Error - 12/12/2012 8:54:13 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/12/2012 8:54:57 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
[ Symantec Endpoint Protection Client Events ]
Error - 9/10/2013 2:37:52 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:05:10 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:30:35 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:40:41 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 5:50:33 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:01:13 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 6:10:45 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 8:01:29 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/10/2013 9:31:57 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
Error - 9/11/2013 2:23:57 AM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchos
by: SONAR scan. Action: . Action Description: Access Denied
[ System Events ]
Error - 9/7/2013 6:38:57 PM | Computer Name = XXX-7 | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sy
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 9/7/2013 6:44:35 PM | Computer Name = XXX-7 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 9/7/2013 7:11:36 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 5:55:31 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 8:29:58 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 12:12:06 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/8/2013 5:30:31 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/9/2013 2:15:13 PM | Computer Name = XXX-7 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 9/11/2013 4:29:23 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
Error - 9/11/2013 4:30:15 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
< End of report >
OTL.txt
OTL logfile created on: 9/11/2013 6:37:57 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 70.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 360.35 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.79 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
PRC - [2013/06/19 14:44:08 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc
PRC - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q
PRC - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atasho
PRC - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec.cloud\Platf
PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService
PRC - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBD
PRC - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us
PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EX
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\F
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo
PRC - [2009/11/10 09:45:32 | 000,057,616 | ---- | M] (Ipswitch) -- C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.E
PRC - [2007/08/20 03:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2005/08/26 14:11:14 | 000,169,552 | ---- | M] (PKWARE, Inc.) -- C:\Program Files (x86)\PKWARE\PKZIPM\9.00.0
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
MOD - [2012/07/06 14:29:26 | 000,380,848 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWOW64\sysfer
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_micr
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscri
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:64bit: - [2013/08/08 18:56:10 | 010,455,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Backu
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/31 10:31:40 | 000,191,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf
SRV:64bit: - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf
SRV:64bit: - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SAS
SRV:64bit: - [2012/04/03 13:25:06 | 000,287,016 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\aties
SRV:64bit: - [2010/11/20 08:27:27 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp
SRV:64bit: - [2010/11/20 08:25:59 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsv
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerD
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmg
SRV - [2013/07/16 06:28:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macrom
SRV - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB
SRV - [2013/06/08 08:42:35 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.
SRV - [2013/06/08 08:42:31 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuard
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc
SRV - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q
SRV - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atasho
SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
SRV - [2012/10/22 19:40:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService
SRV - [2012/04/19 03:05:16 | 002,601,544 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
SRV - [2012/04/19 02:47:05 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
SRV - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBD
SRV - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us
SRV - [2011/07/29 09:49:18 | 000,504,192 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\Ne
SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\F
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\F
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\F
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
SRV - [2009/12/02 18:57:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FC
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAudi
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\w
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\r
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive
DRV:64bit: - [2013/09/09 13:58:41 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\MpEng
DRV:64bit: - [2013/06/08 08:42:32 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRf
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/07/06 14:30:23 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/07/06 14:29:26 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/04/03 13:24:48 | 000,100,128 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/21 03:58:58 | 000,274,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/18 21:23:44 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/07 02:09:30 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/07 02:09:30 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/02/26 21:31:39 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/11/15 21:11:52 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/11/15 21:05:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/16 04:25:29 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/14 08:48:36 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/04 00:10:56 | 000,132,184 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/03 09:49:26 | 000,021,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/07/28 19:27:34 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 04:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 04:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 04:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/03/04 19:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/02/23 16:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV - [2013/09/06 20:34:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2013/09/06 20:34:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2013/08/27 07:30:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sy
DRV - [2013/08/27 07:30:41 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilR
DRV - [2013/05/31 17:35:10 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.s
DRV - [2013/05/31 12:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2013/01/31 10:31:40 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\driver
DRV - [2012/08/31 19:19:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2012/04/19 03:04:59 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLa
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\driver
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\In
IE - HKCU\SOFTWARE\Microsoft\In
IE - HKCU\SOFTWARE\Microsoft\In
IE - HKCU\SOFTWARE\Microsoft\In
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Wi
IE - HKCU\Software\Microsoft\Wi
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\software\mozilla\Fire
FF - HKLM\software\mozilla\Mozi
FF - HKLM\software\mozilla\Mozi
[2013/05/23 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami
[2013/08/07 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami
[2010/12/15 00:50:39 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roami
[2012/10/22 19:43:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXX\AppData\Roami
[2013/08/04 19:16:56 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\XXX\AppData\Roami
[2011/09/11 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Users\XXX\AppData\Roami
[2013/08/07 17:18:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/22 19:40:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browser
[2012/05/29 17:39:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\baby
[2012/10/22 19:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Sear
[2012/10/22 19:40:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twit
O1 HOSTS File: ([2013/09/07 17:44:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drive
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-6
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser
O3 - HKCU\..\Toolbar\WebBrowser
O4:64bit: - HKLM..\Run: [HP LaserJet 200 color MFP M276 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInS
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\Windows\SysNative\spool
O4:64bit: - HKLM..\Run: [SymantecPaui] C:\Program Files\Symantec.cloud\Platf
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceMana
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMoni
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSy
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EX
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP
O4 - Startup: C:\Users\XXX\AppData\Roami
O4 - Startup: C:\Users\XXX\AppData\Roami
O6 - HKLM\Software\Policies\Mic
O6 - HKLM\SOFTWARE\Microsoft\Wi
O6 - HKLM\SOFTWARE\Microsoft\Wi
O6 - HKLM\SOFTWARE\Microsoft\Wi
O6 - HKLM\SOFTWARE\Microsoft\Wi
O7 - HKCU\Software\Policies\Mic
O7 - HKCU\SOFTWARE\Microsoft\Wi
O7 - HKCU\SOFTWARE\Microsoft\Wi
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra Button: @C:\Windows\WindowsMobile\
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\
O10:64bit: - NameSpace_Catalog5\Catalog
O10:64bit: - NameSpace_Catalog5\Catalog
O10:64bit: - NameSpace_Catalog5\Catalog
O10 - NameSpace_Catalog5\Catalog
O10 - NameSpace_Catalog5\Catalog
O10 - NameSpace_Catalog5\Catalog
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: metii.com ([metrovpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ontrackdatarecovery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {108D3206-846A-4A93-BACB-F
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {254AA86E-5655-4518-AA87-1
O16 - DPF: {3C8A6608-67D1-4AD1-AFE3-9
O16 - DPF: {3F932FFA-F092-4FDB-92C5-1
O16 - DPF: {44C1E3A2-B594-401C-B27A-D
O16 - DPF: {4871A87A-BFDD-4106-8153-F
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D
O16 - DPF: {556EEC63-31E2-47C3-BF29-D
O16 - DPF: {745395C8-D0E1-4227-8586-6
O16 - DPF: {748E146C-5842-4AD4-8A01-A
O16 - DPF: {79D6214F-CFCE-480F-9901-2
O16 - DPF: {971FC730-55F1-461F-83FD-B
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-1
O16 - DPF: {AA09E7F8-1C11-4B65-9D61-E
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-4
O16 - DPF: {B8FB8104-FDC9-4339-8AFF-2
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B
O17 - HKLM\System\CCS\Services\T
O18:64bit: - Protocol\Handler\grooveLoc
O18:64bit: - Protocol\Handler\intu-help
O18:64bit: - Protocol\Handler\intu-help
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8
O18 - Protocol\Handler\grooveLoc
O18 - Protocol\Handler\intu-help
O18 - Protocol\Handler\intu-help
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explor
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-5
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\lives
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livess
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/09/11 03:13:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.
[2013/09/11 03:13:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.d
[2013/09/11 03:13:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesys
[2013/09/11 03:13:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysp
[2013/09/11 03:13:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Regis
[2013/09/11 03:13:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Regist
[2013/09/11 03:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieset
[2013/09/11 03:13:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetu
[2013/09/11 03:13:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4ui
[2013/09/11 03:13:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ierno
[2013/09/11 03:13:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernon
[2013/09/11 03:13:03 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertu
[2013/09/11 03:13:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri
[2013/09/11 03:13:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip
[2013/09/11 03:13:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfee
[2013/09/11 03:13:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeed
[2013/09/11 03:13:00 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri
[2013/09/11 03:13:00 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip
[2013/09/11 00:50:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drive
[2013/09/11 00:50:42 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnl
[2013/09/11 00:50:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntosk
[2013/09/11 00:50:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskr
[2013/09/11 00:50:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll
[2013/09/11 00:50:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kerne
[2013/09/11 00:50:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64
[2013/09/11 00:50:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kerne
[2013/09/11 00:50:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64
[2013/09/11 00:50:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conho
[2013/09/11 00:50:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsr
[2013/09/11 00:50:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.
[2013/09/11 00:50:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsr
[2013/09/11 00:50:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm
[2013/09/11 00:50:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm6
[2013/09/11 00:50:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64
[2013/09/11 00:50:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup1
[2013/09/11 00:50:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apiset
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apise
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.e
[2013/09/11 00:47:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdoc
[2013/09/09 13:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEng
[2013/09/09 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Ive
[2013/09/09 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/09 07:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\My XXX-xxx Details
[2013/09/09 07:23:55 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive
[2013/09/07 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\RK_Qu
[2013/09/07 18:15:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/07 17:27:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/07 17:27:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/07 17:27:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/07 17:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 17:24:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/04 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CC Pics
[2013/08/20 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Samsu
[2013/08/18 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CC HighRes
[2013/08/17 12:36:11 | 004,111,304 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vf
[2013/08/17 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Twili
[2013/08/13 21:20:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 20:19:07 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt
[2013/08/13 20:18:59 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt
[2013/08/13 20:18:58 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintr
[2013/08/13 20:18:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintru
[2013/08/13 20:18:57 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt
[2013/08/13 20:17:24 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDE
[2013/08/13 20:17:24 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDEC
[2013/08/13 20:17:11 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpco
[2013/08/13 20:07:17 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Elgin
[2013/08/13 15:06:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Quo
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/09/11 06:40:51 | 014,155,776 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2013/09/11 06:25:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpd
[2013/09/11 06:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpd
[2013/09/11 03:43:11 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296
[2013/09/11 03:43:11 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296
[2013/09/11 03:37:53 | 005,144,656 | ---- | M] () -- C:\Windows\SysNative\FNTCA
[2013/09/11 03:34:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/09/11 03:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 03:33:31 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 03:29:24 | 007,486,285 | -H-- | M] () -- C:\Users\XXX\AppData\Local
[2013/09/10 21:06:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti
[2013/09/10 18:30:58 | 000,002,128 | ---- | M] () -- C:\Users\XXX\Documents\Def
[2013/09/10 10:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti
[2013/09/09 07:23:55 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive
[2013/09/07 17:45:00 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2013/09/07 17:44:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drive
[2013/08/29 15:16:21 | 000,821,454 | ---- | M] () -- C:\Windows\SysNative\PerfS
[2013/08/29 15:16:21 | 000,688,574 | ---- | M] () -- C:\Windows\SysNative\perfh
[2013/08/29 15:16:21 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc
[2013/08/29 12:04:47 | 000,006,060 | ---- | M] () -- C:\Users\XXX\Desktop\Hill Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | M] () -- C:\Users\XXX\Desktop\Bay.p
[2013/08/29 11:35:55 | 000,111,616 | ---- | M] () -- C:\Users\XXX\Desktop\Bay Colony.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | M] () -- C:\Users\XXX\Desktop\Lomb.
[2013/08/21 15:57:55 | 000,002,717 | ---- | M] () -- C:\Users\XXX\Desktop\Lomb.
[2013/08/17 21:41:40 | 003,044,432 | ---- | M] () -- C:\Users\XXX\Desktop\Kevin
[2013/08/15 15:44:17 | 000,000,299 | ---- | M] () -- C:\Users\XXX\Desktop\Ax.cs
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/09/07 17:27:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/07 17:27:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/07 17:27:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/07 17:27:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/07 17:27:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/29 12:04:47 | 000,006,060 | ---- | C] () -- C:\Users\XXX\Desktop\Hill Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | C] () -- C:\Users\XXX\Desktop\Bay Form.pdf
[2013/08/27 14:52:12 | 000,111,616 | ---- | C] () -- C:\Users\XXX\Desktop\Bay Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | C] () -- C:\Users\XXX\Desktop\Lomb.
[2013/08/21 15:57:55 | 000,002,717 | ---- | C] () -- C:\Users\XXX\Desktop\Lom.c
[2013/08/17 21:36:15 | 003,044,432 | ---- | C] () -- C:\Users\XXX\Desktop\Kevin
[2013/08/17 12:36:12 | 000,000,316 | ---- | C] () -- C:\Windows\SysWow64\XWebPl
[2013/08/17 12:36:11 | 000,455,528 | ---- | C] () -- C:\Windows\SysWow64\NVH264
[2013/08/17 12:36:11 | 000,414,568 | ---- | C] () -- C:\Windows\SysWow64\NVPost
[2013/08/17 12:36:11 | 000,086,888 | ---- | C] () -- C:\Windows\SysWow64\NVH264
[2013/08/17 12:36:11 | 000,063,048 | ---- | C] () -- C:\Windows\SysWow64\NVH264
[2013/08/17 12:36:11 | 000,030,280 | ---- | C] () -- C:\Windows\SysWow64\G723ad
[2013/08/17 12:36:11 | 000,005,228 | ---- | C] () -- C:\Windows\SysWow64\1049.i
[2013/08/17 12:36:11 | 000,004,480 | ---- | C] () -- C:\Windows\SysWow64\1033.i
[2013/08/17 12:36:11 | 000,003,598 | ---- | C] () -- C:\Windows\SysWow64\2052.i
[2013/08/17 12:36:11 | 000,002,582 | ---- | C] () -- C:\Windows\SysWow64\1055.i
[2013/08/17 12:36:11 | 000,002,367 | ---- | C] () -- C:\Windows\SysWow64\1034.i
[2013/08/17 12:36:11 | 000,002,340 | ---- | C] () -- C:\Windows\SysWow64\1046.i
[2013/08/17 12:36:11 | 000,002,231 | ---- | C] () -- C:\Windows\SysWow64\1042.i
[2013/08/17 12:36:11 | 000,002,081 | ---- | C] () -- C:\Windows\SysWow64\1028.i
[2013/08/15 15:44:17 | 000,000,299 | ---- | C] () -- C:\Users\XXX\Desktop\Axis.
[2013/06/29 15:41:24 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc31
[2013/05/08 17:24:17 | 000,221,056 | ---- | C] () -- C:\Windows\SysWow64\TLDvrL
[2013/05/08 17:24:14 | 000,122,254 | ---- | C] () -- C:\Windows\SysWow64\Dvr72X
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrl
[2013/01/21 15:35:42 | 000,043,896 | ---- | C] () -- C:\Windows\SysWow64\XPlayD
[2013/01/16 14:55:02 | 003,166,208 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/10/27 14:28:08 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\VNNCli
[2012/10/24 15:21:54 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP
[2012/10/24 15:21:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP
[2012/10/24 15:21:54 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP
[2012/10/24 15:21:53 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\Deinte
[2012/10/24 15:21:53 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal
[2012/10/24 15:21:53 | 000,086,528 | ---- | C] () -- C:\Windows\SysWow64\avform
[2012/10/24 15:21:53 | 000,070,675 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2012/10/24 15:21:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\AVC_H2
[2012/10/24 15:21:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_JP
[2012/06/25 16:01:50 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/25 16:01:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/25 16:01:28 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/25 16:01:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/12 08:04:28 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/05/31 15:18:34 | 001,802,240 | ---- | C] () -- C:\Windows\SysWow64\DVR_GU
[2012/03/13 17:26:58 | 000,127,848 | ---- | C] () -- C:\Windows\SysWow64\NVClie
[2012/03/13 17:25:30 | 000,045,928 | ---- | C] () -- C:\Windows\SysWow64\D3DPla
[2012/01/03 18:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\utf8_2
[2011/11/29 17:10:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/28 09:36:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/28 09:36:42 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/26 18:47:20 | 000,242,688 | ---- | C] () -- C:\Windows\SysWow64\DvrNet
[2011/11/22 10:40:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/18 19:16:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/11/16 11:02:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\winpub
[2011/11/15 11:07:56 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/01 18:19:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/10/19 18:27:32 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/09/13 11:15:04 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/08/23 17:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\NetMsg
[2011/08/20 12:34:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/08/04 17:48:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:36 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:34 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:32 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:30 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:28 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:48:56 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:48:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/14 11:20:06 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:23:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:22:58 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/04/29 18:27:12 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/03/25 16:32:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/03/25 16:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2011/03/11 10:11:00 | 000,080,915 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2011/03/11 10:10:58 | 000,824,851 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2011/03/11 10:10:58 | 000,171,539 | ---- | C] () -- C:\Windows\SysWow64\swscal
[2011/03/11 10:10:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\avform
[2011/03/11 10:10:58 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avcore
[2011/03/09 18:18:52 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/03/09 18:14:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/03/09 18:06:42 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2010/06/17 18:07:24 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal
[2010/06/17 18:07:24 | 000,070,163 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2010/06/17 18:07:22 | 000,798,739 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2010/06/17 18:07:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\avform
[2010/04/10 23:25:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.in
[2009/11/27 17:29:55 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/27 17:29:55 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/25 08:52:03 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trig
[2009/11/16 22:58:21 | 000,834,460 | ---- | C] () -- C:\Windows\SysWow64\PerfSt
[2009/09/03 10:13:38 | 000,003,920 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:31:32 | 000,003,660 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:29:04 | 000,001,861 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:29:00 | 000,003,952 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:58 | 000,004,028 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:50 | 000,001,706 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:46 | 000,004,094 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:42 | 000,002,798 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:30 | 000,004,152 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:26 | 000,004,432 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:22 | 000,004,240 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:16 | 000,004,090 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:12 | 000,004,666 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:06 | 000,004,338 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:00 | 000,004,174 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:27:56 | 000,004,516 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWCont
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjeto
[2009/04/08 17:01:34 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\np_hoe
[2008/03/27 18:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Remote
[2008/03/17 14:50:26 | 000,802,321 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2007/11/02 00:58:12 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\SkinMa
[2007/09/07 15:50:34 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\J2K_De
[2007/09/06 16:02:24 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\PTZMan
[2006/10/16 04:10:28 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.d
[2005/01/17 08:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPC
[2004/08/09 17:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW0
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1
< End of report >
ASKER
The pc appears to be running well today. I'm not sure why because other than running what I mentioned above, nothing other than Microsoft updates have been applied.
I checked the Event logs and found these entries.
1. When I open IE10 and go to Google News, I get a message saying "Internet Explorer blocked this website from displaying content with security certificate errors". After I click Show Content a few times, it goes away.
Event Log Entry
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
2. This message is found in the event log multiple times every day from Symantec Endpoint Protection 12.1.1101.401
Security Risk Found! Hosts File Change in File: c:\windows\system32\svchos t.exe by: SONAR scan. Action: . Action Description: Access Denied
I checked the Event logs and found these entries.
1. When I open IE10 and go to Google News, I get a message saying "Internet Explorer blocked this website from displaying content with security certificate errors". After I click Show Content a few times, it goes away.
Event Log Entry
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
2. This message is found in the event log multiple times every day from Symantec Endpoint Protection 12.1.1101.401
Security Risk Found! Hosts File Change in File: c:\windows\system32\svchos
ASKER
Hi SSharma,
Can you evaluate the Old Timers log and let me know what the next step is?
Thanks for your help!
Can you evaluate the Old Timers log and let me know what the next step is?
Thanks for your help!
Hello
Run this custom script and when it is complete I need to know how the computer is doing
Run OTL Script
Double-click OTL.exe to start the program.
Copy and Paste the following code into the Custom Scans/Fixes textbox.
========================== ========== ====
:otl
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rdvgkmd .sys -- (VGPU)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\tsusbhu b.sys -- (tsusbhub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\synth3d vsc.sys -- (Synth3dVsc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive rs\RimUsb_ AMD64.sys -- (RimUsb)
IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8 EC26069D6F 4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser : (no name) - {30F9B915-B755-4826-820B-0 8FBA6BD249 D} - No CLSID value found.
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\grooveLoc alGWS {88FED34C-F0CA-4636-A375-3 CB6248B04C D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help -qb3 {c5e479ea-0a65-4b05-8c6c-2 fc8cc682eb 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help -qb6 {6898B29B-BF49-43cb-A0B1-D 0B9496AF49 1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0 0c04f8ec29 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5 3150405FD5 7} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1 CA
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]
========================== ========== ==========
Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Sudeep
Run this custom script and when it is complete I need to know how the computer is doing
Run OTL Script
Double-click OTL.exe to start the program.
Copy and Paste the following code into the Custom Scans/Fixes textbox.
==========================
:otl
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive
IE - HKCU\SOFTWARE\Microsoft\In
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\grooveLoc
O18:64bit: - Protocol\Handler\intu-help
O18:64bit: - Protocol\Handler\intu-help
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]
==========================
Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Sudeep
ASKER
Here is the OTL report after running it with your custom script.
It did not ask for a reboot.
OTL logfile created on: 9/13/2013 6:58:01 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 359.60 Gb Free Space | 51.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.63 Gb Free Space | 29.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
PRC - [2013/06/19 14:44:08 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc .exe
PRC - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q BIDPServic e.exe
PRC - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atasho st.exe
PRC - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec.cloud\Platf ormAgent32 \ccSvcHst. exe
PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\ HPStatusAl erts.exe
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService \HPLaserJe tService.e xe
PRC - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\ccS vcHst.exe
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBD SService.e xe
PRC - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us barbitrato r.exe
PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EX E
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo n.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.E XE
PRC - [2007/08/20 03:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS creen.exe
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2005/08/26 14:11:14 | 000,169,552 | ---- | M] (PKWARE, Inc.) -- C:\Program Files (x86)\PKWARE\PKZIPM\9.00.0 010\PKTray .exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
MOD - [2012/07/06 14:29:26 | 000,380,848 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWOW64\sysfer .dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_micr osoft.wind ows.common -controls_ 6595b64144 ccf1df_6.0 .7601.1751 4_none_41e 6975e2bd6f 2b2\comctl 32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscri pt.ocx
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:64bit: - [2013/08/08 18:56:10 | 010,455,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Backu pAgent\bas vc.exe -- (SymcBackupAgentSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/31 10:31:40 | 000,191,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf ormAgent\c cSvcHst.ex e -- (SsPaAdm)
SRV:64bit: - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf ormAgent32 \ccSvcHst. exe -- (ssPaSetMgr)
SRV:64bit: - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SAS CORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/04/03 13:25:06 | 000,287,016 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\aties rxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 08:27:27 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp .dll -- (UmRdpService)
SRV:64bit: - [2010/11/20 08:25:59 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsv c.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerD istSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmg mts.dll -- (AppMgmt)
SRV - [2013/07/16 06:28:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macrom ed\Flash\F lashPlayer UpdateServ ice.exe -- (AdobeFlashPlayerUpdateSvc )
SRV - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe -- (QBCFMonitorService)
SRV - [2013/06/08 08:42:35 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint. exe -- (LMIMaint)
SRV - [2013/06/08 08:42:31 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuard ianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc .exe -- (AdobeARMservice)
SRV - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q BIDPServic e.exe -- (QBVSS)
SRV - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atasho st.exe -- (atashost)
SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe -- (Apple Mobile Device)
SRV - [2012/10/22 19:40:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice .exe -- (MozillaMaintenance)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\ TAEF\Wex.S ervices.ex e -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService \HPLaserJe tService.e xe -- (HP LaserJet Service)
SRV - [2012/04/19 03:05:16 | 002,601,544 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin64\S mc.exe -- (SmcService)
SRV - [2012/04/19 02:47:05 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin64\s nac64.exe -- (SNAC)
SRV - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\ccS vcHst.exe -- (SepMasterService)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBD SService.e xe -- (HP DS Service)
SRV - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us barbitrato r.exe -- (VMUSBArbService)
SRV - [2011/07/29 09:49:18 | 000,504,192 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\Ne tExtender\ NEService6 4.exe -- (SONICWALL_NetExtender)
SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn. exe -- (LogMeIn)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\F ramework64 \v4.0.3031 9\aspnet_s tate.exe -- (aspnet_state)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\F ramework64 \v4.0.3031 9\mscorsvw .exe -- (clr_optimization_v4.0.303 19_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\F ramework\v 4.0.30319\ mscorsvw.e xe -- (clr_optimization_v4.0.303 19_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe -- (SwitchBoard)
SRV - [2009/12/02 18:57:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ ice.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FC S\Intuit.Q uickBooks. FCS.exe -- (QBFCService)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAudi tService.e xe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\w cescomm.dl l -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\r apimgr.dll -- (RapiMgr)
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rdvgkmd .sys -- (VGPU)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\tsusbhu b.sys -- (tsusbhub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\synth3d vsc.sys -- (Synth3dVsc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive rs\RimUsb_ AMD64.sys -- (RimUsb)
DRV:64bit: - [2013/06/08 08:42:32 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRf sClientNP. dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\point64 .sys -- (Point64)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\usbaapl 64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\GEARAsp iWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/06 14:30:23 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\SYMEVEN T64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 14:29:26 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SysPlan t.sys -- (SysPlant)
DRV:64bit: - [2012/04/03 13:24:48 | 000,100,128 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive rs\SWIPsec .sys -- (SWIPsec)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\netaapl 64.sys -- (Netaapl)
DRV:64bit: - [2012/03/21 03:58:58 | 000,274,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\mos24se r_QUADPORT .sys -- (mos24ser_QUADPORT)
DRV:64bit: - [2012/03/18 21:23:44 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\s ymnets.sys -- (SYMNETS)
DRV:64bit: - [2012/03/07 02:09:30 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\s rtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/07 02:09:30 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\s rtspx64.sy s -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/02/26 21:31:39 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\S ymEFA64.sy s -- (SymEFA)
DRV:64bit: - [2011/11/15 21:11:52 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\S ymDS64.sys -- (SymDS)
DRV:64bit: - [2011/11/15 21:05:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\SEP\0C0 1044D\0191 .105\x64\I ronx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/16 04:25:29 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\Teefer. sys -- (Teefer2)
DRV:64bit: - [2011/08/14 08:48:36 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive rs\hcmon.s ys -- (hcmon)
DRV:64bit: - [2011/08/04 00:10:56 | 000,132,184 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\dnelwf6 4.sys -- (DNE)
DRV:64bit: - [2011/08/03 09:49:26 | 000,021,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drive rs\symrg.s ys -- (symrg)
DRV:64bit: - [2011/07/28 19:27:34 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\NxDrv.s ys -- (NxDrv)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas difsv64.sy s -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas kutil64.sy s -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\Rt64win 7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\atikmda g.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\atikmda g.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\atikmpa g.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\amdsata .sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\amdxata .sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\vmbus.s ys -- (vmbus)
DRV:64bit: - [2010/11/20 08:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\vmstorf l.sys -- (storflt)
DRV:64bit: - [2010/11/20 08:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\storvsc .sys -- (storvsc)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\HpSAMD. sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\TsUsbFl t.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rdpvide ominiport. sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\vms3cap .sys -- (s3cap)
DRV:64bit: - [2010/11/20 04:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\VMBusHI D.sys -- (VMBusHID)
DRV:64bit: - [2010/11/20 04:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive rs\csc.sys -- (CSC)
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\viahdua a.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\nusb3xh c.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\nusb3hu b.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\amdsbs. sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\lsi_sas 2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\stexsto r.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\BrSerIb .sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rootmdm .sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\BrUsbSI b.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\evbda.s ys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\bxvbda. sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\b57nd60 a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\hcw85ci r.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive rs\AtiPcie .sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/04 19:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\SWVNIC. sys -- (SWVNIC)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\mcdbus. sys -- (mcdbus)
DRV:64bit: - [2009/02/23 16:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\SSLDrv. sys -- (SSLDrv)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\RimSeri al_AMD64.s ys -- (RimVSerPort)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drive rs\LMIRfsD river.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\lmimirr .sys -- (lmimirr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\wdcsam6 4.sys -- (WDC_SAM)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive rs\ASACPI. sys -- (MTsensor)
DRV - [2013/09/06 20:34:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ VirusDefs\ 20130912.0 01\ex64.sy s -- (NAVEX15)
DRV - [2013/09/06 20:34:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ VirusDefs\ 20130912.0 01\eng64.s ys -- (NAVENG)
DRV - [2013/08/27 07:30:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sy s -- (eeCtrl)
DRV - [2013/08/27 07:30:41 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilR ebootDrv.s ys -- (EraserUtilRebootDrv)
DRV - [2013/05/31 17:35:10 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.s ys -- (LMIInfo)
DRV - [2013/05/31 12:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ BASHDefs\2 0130822.01 1\BHDrvx64 .sys -- (BHDrvx64)
DRV - [2013/01/31 10:31:40 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\driver s\Symantec .cloud\ccS etx64.sys -- (ccSet_Cloud)
DRV - [2012/08/31 19:19:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\De finitions\ IPSDefs\20 130907.001 \IDSviA64. sys -- (IDSVia64)
DRV - [2012/04/19 03:04:59 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin64\S yDvCtrl64. sys -- (SyDvCtrl)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLa b\cpudrv64 .sys -- (cpudrv64)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\driver s\mcdbus.s ys -- (mcdbus)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\In ternet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank. htm
IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\software\mozilla\Fire fox\Extens ions\\{BBD A0591-3099 -440a-AA10 -41764D9DB 4DB}: C:\ProgramData\Symantec\Sy mantec Endpoint Protection\12.1.1101.401.1 05\Data\IP SFFPlgn\ [2013/09/13 06:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozi lla Firefox 12.0\extensions\\Component s: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/11 13:47:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozi lla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/11 13:47:51 | 000,000,000 | ---D | M]
[2013/05/23 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami ng\Mozilla \Extension s
[2013/08/07 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions
[2010/12/15 00:50:39 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\{024 50954-cdd9 -410f-b1da -db804e18c 671}
[2012/10/22 19:43:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\{195 A3098-0BD5 -4e90-AE22 -BA1C540AF D1E}
[2013/08/04 19:16:56 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\{7af fbfae-c4e2 -4915-8c0f -00fa3ec61 0a1}
[2011/09/11 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\exten sions\LogM eInClient@ logmein.co m
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Users\XXX\AppData\Roami ng\Mozilla \Firefox\P rofiles\6f qq0v2p.def ault\searc hplugins\S earch_Resu lts.xml
[2013/08/07 17:18:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/22 19:40:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browser comps.dll
[2012/05/29 17:39:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\baby lon.xml
[2012/10/22 19:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing .xml
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Sear ch_Results .xml
[2012/10/22 19:40:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twit ter.xml
O1 HOSTS File: ([2013/09/11 11:34:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drive rs\etc\hos ts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.d ll (Google Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F 4628F01010 C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\IPS \IPSBHO.dl l (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0 BBC1D38A37 E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShel lExtension s.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files (x86)\Java\jre7\bin\ssv.dl l (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.d ll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0 445EE16191 0} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv .dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-6 65D8EE6A07 7} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.d ll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.d ll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8 EC26069D6F 4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser : (no name) - {30F9B915-B755-4826-820B-0 8FBA6BD249 D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser : (Adobe PDF) - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP LaserJet 200 color MFP M276 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInS ystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\Windows\SysNative\spool \DRIVERS\x 64\3\fppdi s3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [SymantecPaui] C:\Program Files\Symantec.cloud\Platf ormAgent\P AUI.exe (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceMana ger\CS5Ser viceManage r.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMoni tor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSy ncManager. exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo n.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EX E (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core- Static\CLI Start.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\ HPStatusAl erts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS creen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP ERANTISPYW ARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\XXX\AppData\Roami ng\Microso ft\Windows \Start Menu\Programs\Startup\Adob e Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\XXX\AppData\Roami ng\Microso ft\Windows \Start Menu\Programs\Startup\OneN ote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.E XE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Mic rosoft\Int ernet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.d ll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.d ll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\ INetRepl.d ll,-222 - {2EAF5BB1-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Windows\WindowsMobile\I NetRepl.dl l (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\ INetRepl.d ll,-223 - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Windows\WindowsMobile\I NetRepl.dl l (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog _Entries\0 0000000000 7 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog _Entries\0 0000000000 8 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog _Entries\0 0000000000 9 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog _Entries\0 0000000000 7 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog _Entries\0 0000000000 8 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog _Entries\0 0000000000 9 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: metii.com ([metrovpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ontrackdatarecovery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0 D8A0B2C008 9} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {108D3206-846A-4A93-BACB-F 0572D043ED 7} http://173.239.131.84/webrec.cab (SurveillanceCtrl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {254AA86E-5655-4518-AA87-1 85D7CC4180 1} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {3C8A6608-67D1-4AD1-AFE3-9 67ED092924 8} http://www.soddns.com/XWebPlayCMS.CAB (XWebPlayOCX Control)
O16 - DPF: {3F932FFA-F092-4FDB-92C5-1 285978614D 2} http://98.227.106.186/WATCH_16R.cab (WATCH_16R Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D 1B4476E479 7} https://metrovpn.metii.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-F FDE2BAC296 7} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D 2D04FBC429 9} http://www.j2kip.com/CAB/RemoteWeb2.cab (RemoteWeb2 Control)
O16 - DPF: {556EEC63-31E2-47C3-BF29-D FF799D2FE0 4} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {745395C8-D0E1-4227-8586-6 24CA9A10A8 D} http://hosting.ivedaxpress.com/components/AMC.cab (AxisMediaControl Class)
O16 - DPF: {748E146C-5842-4AD4-8A01-A CA7E61C6FC E} http://98.227.106.186/DvrOcx.cab (Dvr Net 85 Multidownload)
O16 - DPF: {79D6214F-CFCE-480F-9901-2 7950E78F1E 6} https://metrovpn.metii.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {971FC730-55F1-461F-83FD-B 3BF5E1F039 E} http://192.168.1.102:8080/AVC_AX_742.cab (AMCCtrl Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-1 8920D89842 9} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AA09E7F8-1C11-4B65-9D61-E B6CB0F1E86 C} http://avtech80x-3.ddns.eagleeyes.tw/AVC_AX_35X.cab (CV781Object Object)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9 C7471B9BEC 7} http://usavision.dipmap.com/cab/OCXChecker_8500.cab (OCXDownloadChecker Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-4 4A219113CD D} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8FB8104-FDC9-4339-8AFF-2 EE4C8C9299 8} http://59.125.163.98/AVC_AX_NVR.cab (AMCCtrl Class)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7 CFF1B70F7F F} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0 060082AA75 C} https://symantec.webex.com/client/T26L10NSP49EP23/support/ieaXXXpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-A C9BF37916A 7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B 5AE0DC75AC 9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\T cpip\Param eters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLoc alGWS {88FED34C-F0CA-4636-A375-3 CB6248B04C D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help -qb3 {c5e479ea-0a65-4b05-8c6c-2 fc8cc682eb 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help -qb6 {6898B29B-BF49-43cb-A0B1-D 0B9496AF49 1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0 0c04f8ec29 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5 3150405FD5 7} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLoc alGWS {88FED34C-F0CA-4636-A375-3 CB6248B04C D} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSyst emServices .dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help -qb3 {c5e479ea-0a65-4b05-8c6c-2 fc8cc682eb 4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggablePro tocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help -qb6 {6898B29B-BF49-43cb-A0B1-D 0B9496AF49 1} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggablePro tocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProto colHandler .dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman ce.exe) - C:\Windows\SysNative\Syste mPropertie sPerforman ce.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explor er.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman ce.exe) - C:\Windows\SysWow64\System Properties Performanc e.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-5 2453494E6C D} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShel lExtension s.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\lives sp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livess p.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/09/11 13:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E5 96-4e99-A1 91-52C6199 EBF69
[2013/09/11 13:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/09/11 12:02:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/11 03:13:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui. dll
[2013/09/11 03:13:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.d ll
[2013/09/11 03:13:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesys prep.dll
[2013/09/11 03:13:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysp rep.dll
[2013/09/11 03:13:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Regis terIEPKEYs .exe
[2013/09/11 03:13:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Regist erIEPKEYs. exe
[2013/09/11 03:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieset up.dll
[2013/09/11 03:13:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetu p.dll
[2013/09/11 03:13:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4ui nit.exe
[2013/09/11 03:13:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ierno nce.dll
[2013/09/11 03:13:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernon ce.dll
[2013/09/11 03:13:03 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertu til.dll
[2013/09/11 03:13:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri pt.dll
[2013/09/11 03:13:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip t.dll
[2013/09/11 03:13:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfee ds.dll
[2013/09/11 03:13:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeed s.dll
[2013/09/11 03:13:00 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri pt9.dll
[2013/09/11 03:13:00 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip t9.dll
[2013/09/11 00:50:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drive rs\ataport .sys
[2013/09/11 00:50:42 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnl pa.exe
[2013/09/11 00:50:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntosk rnl.exe
[2013/09/11 00:50:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskr nl.exe
[2013/09/11 00:50:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll .dll
[2013/09/11 00:50:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kerne lBase.dll
[2013/09/11 00:50:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64 .dll
[2013/09/11 00:50:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kerne l32.dll
[2013/09/11 00:50:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64 win.dll
[2013/09/11 00:50:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conho st.exe
[2013/09/11 00:50:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsr v.dll
[2013/09/11 00:50:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss. exe
[2013/09/11 00:50:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsr v.dll
[2013/09/11 00:50:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm 64.dll
[2013/09/11 00:50:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm6 4.dll
[2013/09/11 00:50:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64 cpu.dll
[2013/09/11 00:50:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-secu rity-base- l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- file-l1-1- 0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -file-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32. dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -threadpoo l-l1-1-0.d ll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- processthr eads-l1-1- 0.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -processth reads-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- sysinfo-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -sysinfo-l 1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- synch-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -synch-l1- 1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -rtlsuppor t-l1-1-0.d ll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- processenv ironment-l 1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- namedpipe- l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -misc-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -memory-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -xstate-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -util-l1-1 -0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- string-l1- 1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -string-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- rtlsupport -l1-1-0.dl l
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- profile-l1 -1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -profile-l 1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- misc-l1-1- 0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- localregis try-l1-1-0 .dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -localregi stry-l1-1- 0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -processen vironment- l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -namedpipe -l1-1-0.dl l
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- memory-l1- 1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- libraryloa der-l1-1-0 .dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -librarylo ader-l1-1- 0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- interlocke d-l1-1-0.d ll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- io-l1-1-0. dll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -io-l1-1-0 .dll
[2013/09/11 00:50:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-secur ity-base-l 1-1-0.dll
[2013/09/11 00:50:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- threadpool -l1-1-0.dl l
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- xstate-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- heap-l1-1- 0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -heap-l1-1 -0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- util-l1-1- 0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -interlock ed-l1-1-0. dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- handle-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -handle-l1 -1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- fibers-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -fibers-l1 -1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- errorhandl ing-l1-1-0 .dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -errorhand ling-l1-1- 0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- delayload- l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -delayload -l1-1-0.dl l
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- debug-l1-1 -0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -debug-l1- 1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- datetime-l 1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -datetime- l1-1-0.dll
[2013/09/11 00:50:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup1 6.exe
[2013/09/11 00:50:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm .exe
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apiset schema.dll
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apise tschema.dl l
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- localizati on-l1-1-0. dll
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -localizat ion-l1-1-0 .dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms -win-core- console-l1 -1-0.dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m s-win-core -console-l 1-1-0.dll
[2013/09/11 00:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.e xe
[2013/09/11 00:47:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdoc vw.dll
[2013/09/09 13:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEng ineStore
[2013/09/09 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\T-I v-Agreemen t
[2013/09/09 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/09 07:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\My XXX-xxx Details
[2013/09/09 07:23:55 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive rs\4796527 8.sys
[2013/09/07 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\RK_Qu arantine
[2013/09/07 17:27:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/07 17:27:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/07 17:27:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/07 17:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 17:24:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/04 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CCTV Pics
[2013/08/20 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Samsu ng Note 10.1
[2013/08/18 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CCTV HighRes
[2013/08/17 12:36:11 | 004,111,304 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vf w.dll
[2013/08/17 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Twili ght SP's
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/09/13 06:59:36 | 014,155,776 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2013/09/13 06:42:06 | 000,002,128 | ---- | M] () -- C:\Users\XXX\Documents\Def ault.rdp
[2013/09/13 06:25:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpd ateTaskMac hineUA.job
[2013/09/13 06:19:24 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296 FB0-376B-4 97e-B012-9 C450E1B732 7-5P-1.C74 83456-A289 -439d-8115 -601632D00 5A0
[2013/09/13 06:19:24 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296 FB0-376B-4 97e-B012-9 C450E1B732 7-5P-0.C74 83456-A289 -439d-8115 -601632D00 5A0
[2013/09/13 06:10:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpd ateTaskMac hineCore.j ob
[2013/09/13 06:08:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/09/13 06:08:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/13 06:07:30 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/12 17:21:36 | 001,904,725 | -H-- | M] () -- C:\Users\XXX\AppData\Local \IconCache .db
[2013/09/12 10:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti Spyware Scheduled Task 0c97cbdc-9f09-444b-baf9-2c b2c0f93e6d .job
[2013/09/11 21:06:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti Spyware Scheduled Task 4696c2d4-7173-4020-9b34-ba 78588e3f70 .job
[2013/09/11 13:54:39 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iT unes.lnk
[2013/09/11 11:34:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2013/09/11 11:34:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drive rs\etc\hos ts
[2013/09/11 03:37:53 | 005,144,656 | ---- | M] () -- C:\Windows\SysNative\FNTCA CHE.DAT
[2013/09/09 07:23:55 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive rs\4796527 8.sys
[2013/08/29 15:16:21 | 000,821,454 | ---- | M] () -- C:\Windows\SysNative\PerfS tringBacku p.INI
[2013/08/29 15:16:21 | 000,688,574 | ---- | M] () -- C:\Windows\SysNative\perfh 009.dat
[2013/08/29 15:16:21 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc 009.dat
[2013/08/29 12:04:47 | 000,006,060 | ---- | M] () -- C:\Users\XXX\Desktop\HL Inspection Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | M] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.pdf
[2013/08/29 11:35:55 | 000,111,616 | ---- | M] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | M] () -- C:\Users\XXX\Desktop\L-Res turants.xl s
[2013/08/21 15:57:55 | 000,002,717 | ---- | M] () -- C:\Users\XXX\Desktop\L-Res turants.cs v
[2013/08/17 21:41:40 | 003,044,432 | ---- | M] () -- C:\Users\XXX\Desktop\K--DV Rs.xlsx
[2013/08/15 15:44:17 | 000,000,299 | ---- | M] () -- C:\Users\XXX\Desktop\Axis. csv
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/09/11 13:54:38 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iT unes.lnk
[2013/09/07 17:27:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/07 17:27:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/07 17:27:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/07 17:27:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/07 17:27:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/29 12:04:47 | 000,006,060 | ---- | C] () -- C:\Users\XXX\Desktop\HL Inspection Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | C] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.pdf
[2013/08/27 14:52:12 | 000,111,616 | ---- | C] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | C] () -- C:\Users\XXX\Desktop\L-Res turants.xl s
[2013/08/21 15:57:55 | 000,002,717 | ---- | C] () -- C:\Users\XXX\Desktop\L-Res turants.cs v
[2013/08/17 21:36:15 | 003,044,432 | ---- | C] () -- C:\Users\XXX\Desktop\K--DV Rs.xlsx
[2013/08/17 12:36:12 | 000,000,316 | ---- | C] () -- C:\Windows\SysWow64\XWebPl ay.ini
[2013/08/17 12:36:11 | 000,455,528 | ---- | C] () -- C:\Windows\SysWow64\NVH264 Decoder.dl l
[2013/08/17 12:36:11 | 000,414,568 | ---- | C] () -- C:\Windows\SysWow64\NVPost Proc.dll
[2013/08/17 12:36:11 | 000,086,888 | ---- | C] () -- C:\Windows\SysWow64\NVH264 vfw.dll
[2013/08/17 12:36:11 | 000,063,048 | ---- | C] () -- C:\Windows\SysWow64\NVH264 .ax
[2013/08/17 12:36:11 | 000,030,280 | ---- | C] () -- C:\Windows\SysWow64\G723ad pcm.acm
[2013/08/17 12:36:11 | 000,005,228 | ---- | C] () -- C:\Windows\SysWow64\1049.i ni
[2013/08/17 12:36:11 | 000,004,480 | ---- | C] () -- C:\Windows\SysWow64\1033.i ni
[2013/08/17 12:36:11 | 000,003,598 | ---- | C] () -- C:\Windows\SysWow64\2052.i ni
[2013/08/17 12:36:11 | 000,002,582 | ---- | C] () -- C:\Windows\SysWow64\1055.i ni
[2013/08/17 12:36:11 | 000,002,367 | ---- | C] () -- C:\Windows\SysWow64\1034.i ni
[2013/08/17 12:36:11 | 000,002,340 | ---- | C] () -- C:\Windows\SysWow64\1046.i ni
[2013/08/17 12:36:11 | 000,002,231 | ---- | C] () -- C:\Windows\SysWow64\1042.i ni
[2013/08/17 12:36:11 | 000,002,081 | ---- | C] () -- C:\Windows\SysWow64\1028.i ni
[2013/08/15 15:44:17 | 000,000,299 | ---- | C] () -- C:\Users\XXX\Desktop\Axis. csv
[2013/06/29 15:41:24 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc31 17.DLL
[2013/05/08 17:24:17 | 000,221,056 | ---- | C] () -- C:\Windows\SysWow64\TLDvrL ng.ini
[2013/05/08 17:24:14 | 000,122,254 | ---- | C] () -- C:\Windows\SysWow64\Dvr72X XInwndLang .ini
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrl keyhook.dl l
[2013/01/21 15:35:42 | 000,043,896 | ---- | C] () -- C:\Windows\SysWow64\XPlayD LL.dll
[2013/01/16 14:55:02 | 003,166,208 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_VIEWE R.dll
[2012/10/27 14:28:08 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\VNNCli ent.dll
[2012/10/24 15:21:54 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP _H264.dll
[2012/10/24 15:21:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP _SCALE.dll
[2012/10/24 15:21:54 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP _JPEG.dll
[2012/10/24 15:21:53 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\Deinte rlace.dll
[2012/10/24 15:21:53 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal e-0.11.1.d ll
[2012/10/24 15:21:53 | 000,086,528 | ---- | C] () -- C:\Windows\SysWow64\avform at-52.74.0 .dll
[2012/10/24 15:21:53 | 000,070,675 | ---- | C] () -- C:\Windows\SysWow64\avutil -50.22.0.d ll
[2012/10/24 15:21:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\AVC_H2 64.dll
[2012/10/24 15:21:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_JP EG.dll
[2012/06/25 16:01:50 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _35x_H264. dll
[2012/06/25 16:01:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_H264. dll
[2012/06/25 16:01:28 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _35x_JPEG. dll
[2012/06/25 16:01:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_JPEG. dll
[2012/06/12 08:04:28 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/05/31 15:18:34 | 001,802,240 | ---- | C] () -- C:\Windows\SysWow64\DVR_GU I.dll
[2012/03/13 17:26:58 | 000,127,848 | ---- | C] () -- C:\Windows\SysWow64\NVClie ntDLL.dll
[2012/03/13 17:25:30 | 000,045,928 | ---- | C] () -- C:\Windows\SysWow64\D3DPla yDLL.dll
[2012/01/03 18:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\utf8_2 _font.dll
[2011/11/29 17:10:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ESP.dll
[2011/11/28 09:36:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx CHT.dll
[2011/11/28 09:36:42 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx CHS.dll
[2011/11/26 18:47:20 | 000,242,688 | ---- | C] () -- C:\Windows\SysWow64\DvrNet .dll
[2011/11/22 10:40:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FRA(yuxin) .dll
[2011/11/18 19:16:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _NVR_SCALE .dll
[2011/11/16 11:02:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\winpub f6.dll
[2011/11/15 11:07:56 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FAR(changs hi).dll
[2011/11/01 18:19:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FRA.dll
[2011/10/19 18:27:32 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx HEB.dll
[2011/09/13 11:15:04 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx HRV.dll
[2011/08/23 17:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\NetMsg DLL.dll
[2011/08/20 12:34:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx DEU.dll
[2011/08/04 17:48:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx RUS.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx PXXX.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx PTB.dll
[2011/06/16 16:49:36 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx PLK.dll
[2011/06/16 16:49:34 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx TRK.dll
[2011/06/16 16:49:32 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ITA.dll
[2011/06/16 16:49:30 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ROM.dll
[2011/06/16 16:49:28 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx RUS(DIT).d ll
[2011/06/16 16:48:56 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx THA.dll
[2011/06/16 16:48:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx FAR.dll
[2011/06/14 11:20:06 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ARS.dll
[2011/05/12 15:23:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx CSY.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx HUN.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx ELL.dll
[2011/05/12 15:22:58 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx NLD.dll
[2011/04/29 18:27:12 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx TRK(KNOWLE DGE).dll
[2011/03/25 16:32:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _35x_SCALE .dll
[2011/03/25 16:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\SysWow64\avcode c-52.84.0. dll
[2011/03/11 10:11:00 | 000,080,915 | ---- | C] () -- C:\Windows\SysWow64\avutil -50.36.0.d ll
[2011/03/11 10:10:58 | 000,824,851 | ---- | C] () -- C:\Windows\SysWow64\avcode c-52.108.0 .dll
[2011/03/11 10:10:58 | 000,171,539 | ---- | C] () -- C:\Windows\SysWow64\swscal e-0.12.0.d ll
[2011/03/11 10:10:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\avform at-52.93.0 .dll
[2011/03/11 10:10:58 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avcore -0.16.1.dl l
[2011/03/09 18:18:52 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _742_JPEG. dll
[2011/03/09 18:14:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _742_H264. dll
[2011/03/09 18:06:42 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX _742_SCALE .dll
[2010/06/17 18:07:24 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal e-0.11.0.d ll
[2010/06/17 18:07:24 | 000,070,163 | ---- | C] () -- C:\Windows\SysWow64\avutil -50.19.0.d ll
[2010/06/17 18:07:22 | 000,798,739 | ---- | C] () -- C:\Windows\SysWow64\avcode c-52.77.0. dll
[2010/06/17 18:07:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\avform at-52.68.0 .dll
[2010/04/10 23:25:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.in i
[2009/11/27 17:29:55 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/27 17:29:55 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/25 08:52:03 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trig ger.ini
[2009/11/16 22:58:21 | 000,834,460 | ---- | C] () -- C:\Windows\SysWow64\PerfSt ringBackup .INI
[2009/09/03 10:13:38 | 000,003,920 | ---- | C] () -- C:\Windows\Language(Config )_TI.ini
[2009/07/14 16:31:32 | 000,003,660 | ---- | C] () -- C:\Windows\Language(Config )_HB.ini
[2009/07/14 16:29:04 | 000,001,861 | ---- | C] () -- C:\Windows\Language(Config )_EN.ini
[2009/07/14 16:29:00 | 000,003,952 | ---- | C] () -- C:\Windows\Language(Config )_DE.ini
[2009/07/14 16:28:58 | 000,004,028 | ---- | C] () -- C:\Windows\Language(Config )_CZ.ini
[2009/07/14 16:28:50 | 000,001,706 | ---- | C] () -- C:\Windows\Language(Config )_TC.ini
[2009/07/14 16:28:46 | 000,004,094 | ---- | C] () -- C:\Windows\Language(Config )_SWE.ini
[2009/07/14 16:28:42 | 000,002,798 | ---- | C] () -- C:\Windows\Language(Config )_SC.ini
[2009/07/14 16:28:30 | 000,004,152 | ---- | C] () -- C:\Windows\Language(Config )_RU.ini
[2009/07/14 16:28:26 | 000,004,432 | ---- | C] () -- C:\Windows\Language(Config )_PT.ini
[2009/07/14 16:28:22 | 000,004,240 | ---- | C] () -- C:\Windows\Language(Config )_PL.ini
[2009/07/14 16:28:16 | 000,004,090 | ---- | C] () -- C:\Windows\Language(Config )_NL.ini
[2009/07/14 16:28:12 | 000,004,666 | ---- | C] () -- C:\Windows\Language(Config )_IT.ini
[2009/07/14 16:28:06 | 000,004,338 | ---- | C] () -- C:\Windows\Language(Config )_FR.ini
[2009/07/14 16:28:00 | 000,004,174 | ---- | C] () -- C:\Windows\Language(Config )_FIN.ini
[2009/07/14 16:27:56 | 000,004,516 | ---- | C] () -- C:\Windows\Language(Config )_ES.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWCont extHandler .dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjeto ledb40.dll
[2009/04/08 17:01:34 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\np_hoe m_x.dll
[2008/03/27 18:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Remote Socket.dll
[2008/03/17 14:50:26 | 000,802,321 | ---- | C] () -- C:\Windows\SysWow64\avcode c_0.4.9_pr e1.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil _0.4.9_pre 1-49.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil _0.4.9_pre 1.dll
[2007/11/02 00:58:12 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\SkinMa nager.dll
[2007/09/07 15:50:34 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\J2K_De code.dll
[2007/09/06 16:02:24 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\PTZMan ager.dll
[2006/10/16 04:10:28 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.d ll
[2005/01/17 08:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPC ON.DLL
[2004/08/09 17:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW0 3A.INI
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< :otl >[/color]
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\rdvgkmd .sys -- (VGPU) >[/color]
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\tsusbhu b.sys -- (tsusbhub) >[/color]
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive rs\synth3d vsc.sys -- (Synth3dVsc) >[/color]
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive rs\RimUsb_ AMD64.sys -- (RimUsb) >[/color]
[color=#A23BEC]< IE - HKCU\SOFTWARE\Microsoft\In ternet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01 [binary data] >[/color]
[color=#A23BEC]< IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8 EC26069D6F 4} - No CLSID value found. >[/color]
[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. >[/color]
[color=#A23BEC]< O3 - HKCU\..\Toolbar\WebBrowser : (no name) - {30F9B915-B755-4826-820B-0 8FBA6BD249 D} - No CLSID value found. >[/color]
[color=#A23BEC]< O13 - gopher Prefix: missing >[/color]
[color=#A23BEC]< O18:64bit: - Protocol\Handler\grooveLoc alGWS {88FED34C-F0CA-4636-A375-3 CB6248B04C D} - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O18:64bit: - Protocol\Handler\intu-help -qb3 {c5e479ea-0a65-4b05-8c6c-2 fc8cc682eb 4} - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O18:64bit: - Protocol\Handler\intu-help -qb6 {6898B29B-BF49-43cb-A0B1-D 0B9496AF49 1} - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0 0c04f8ec29 4} - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5 3150405FD5 7} - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found >[/color]
Invalid Switch: pagefile) - File not found
[color=#A23BEC]< O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found >[/color]
Invalid Switch: pagefile) - File not found
[color=#A23BEC]< O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1 05\Bin\Win LogoutNoti fier.dll File not found >[/color]
[color=#A23BEC]< O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found. >[/color]
[color=#A23BEC]< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found. >[/color]
[color=#A23BEC]< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >[/color]
[color=#A23BEC]< @Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1 CA >[/color]
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
[color=#A23BEC]< :Commands >[/color]
[color=#A23BEC]< [PURITY] >[/color]
[color=#A23BEC]< [EMPTYTEMP] >[/color]
[color=#A23BEC]< [emptyjava] >[/color]
[color=#A23BEC]< [EMPTYFLASH] >[/color]
[color=#A23BEC]< [RESETHOSTS] >[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1 CA
< End of report >
It did not ask for a reboot.
OTL logfile created on: 9/13/2013 6:58:01 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 359.60 Gb Free Space | 51.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.63 Gb Free Space | 29.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
PRC - [2013/06/19 14:44:08 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc
PRC - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q
PRC - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atasho
PRC - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec.cloud\Platf
PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService
PRC - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBD
PRC - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us
PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EX
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.E
PRC - [2007/08/20 03:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2005/08/26 14:11:14 | 000,169,552 | ---- | M] (PKWARE, Inc.) -- C:\Program Files (x86)\PKWARE\PKZIPM\9.00.0
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
MOD - [2012/07/06 14:29:26 | 000,380,848 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWOW64\sysfer
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_micr
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscri
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:64bit: - [2013/08/08 18:56:10 | 010,455,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Backu
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/31 10:31:40 | 000,191,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf
SRV:64bit: - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\Platf
SRV:64bit: - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SAS
SRV:64bit: - [2012/04/03 13:25:06 | 000,287,016 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\aties
SRV:64bit: - [2010/11/20 08:27:27 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp
SRV:64bit: - [2010/11/20 08:25:59 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsv
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerD
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmg
SRV - [2013/07/16 06:28:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macrom
SRV - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QB
SRV - [2013/06/08 08:42:35 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.
SRV - [2013/06/08 08:42:31 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuard
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc
SRV - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\Q
SRV - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atasho
SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
SRV - [2012/10/22 19:40:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService
SRV - [2012/04/19 03:05:16 | 002,601,544 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
SRV - [2012/04/19 02:47:05 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
SRV - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBD
SRV - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-us
SRV - [2011/07/29 09:49:18 | 000,504,192 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\Ne
SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\F
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\F
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\F
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
SRV - [2009/12/02 18:57:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FC
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAudi
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\w
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\r
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive
DRV:64bit: - [2013/06/08 08:42:32 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRf
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/07/06 14:30:23 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/07/06 14:29:26 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/04/03 13:24:48 | 000,100,128 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/21 03:58:58 | 000,274,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/18 21:23:44 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/07 02:09:30 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/03/07 02:09:30 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2012/02/26 21:31:39 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/11/15 21:11:52 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/11/15 21:05:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/16 04:25:29 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/14 08:48:36 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/04 00:10:56 | 000,132,184 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/08/03 09:49:26 | 000,021,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/07/28 19:27:34 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sas
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 04:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 04:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/11/20 04:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/03/04 19:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/02/23 16:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drive
DRV - [2013/09/06 20:34:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2013/09/06 20:34:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2013/08/27 07:30:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sy
DRV - [2013/08/27 07:30:41 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilR
DRV - [2013/05/31 17:35:10 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.s
DRV - [2013/05/31 12:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2013/01/31 10:31:40 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\driver
DRV - [2012/08/31 19:19:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Sy
DRV - [2012/04/19 03:04:59 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLa
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\driver
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\In
IE - HKCU\SOFTWARE\Microsoft\In
IE - HKCU\SOFTWARE\Microsoft\In
IE - HKCU\SOFTWARE\Microsoft\In
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Wi
IE - HKCU\Software\Microsoft\Wi
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\software\mozilla\Fire
FF - HKLM\software\mozilla\Mozi
FF - HKLM\software\mozilla\Mozi
[2013/05/23 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami
[2013/08/07 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami
[2010/12/15 00:50:39 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roami
[2012/10/22 19:43:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXX\AppData\Roami
[2013/08/04 19:16:56 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\XXX\AppData\Roami
[2011/09/11 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roami
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Users\XXX\AppData\Roami
[2013/08/07 17:18:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/22 19:40:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browser
[2012/05/29 17:39:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\baby
[2012/10/22 19:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Sear
[2012/10/22 19:40:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twit
O1 HOSTS File: ([2013/09/11 11:34:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drive
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-6
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-0
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser
O3 - HKCU\..\Toolbar\WebBrowser
O4:64bit: - HKLM..\Run: [HP LaserJet 200 color MFP M276 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInS
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\Windows\SysNative\spool
O4:64bit: - HKLM..\Run: [SymantecPaui] C:\Program Files\Symantec.cloud\Platf
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceMana
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMoni
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSy
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mo
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EX
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintS
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP
O4 - Startup: C:\Users\XXX\AppData\Roami
O4 - Startup: C:\Users\XXX\AppData\Roami
O6 - HKLM\Software\Policies\Mic
O6 - HKLM\SOFTWARE\Microsoft\Wi
O6 - HKLM\SOFTWARE\Microsoft\Wi
O6 - HKLM\SOFTWARE\Microsoft\Wi
O6 - HKLM\SOFTWARE\Microsoft\Wi
O7 - HKCU\Software\Policies\Mic
O7 - HKCU\SOFTWARE\Microsoft\Wi
O7 - HKCU\SOFTWARE\Microsoft\Wi
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra Button: @C:\Windows\WindowsMobile\
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\
O10:64bit: - NameSpace_Catalog5\Catalog
O10:64bit: - NameSpace_Catalog5\Catalog
O10:64bit: - NameSpace_Catalog5\Catalog
O10 - NameSpace_Catalog5\Catalog
O10 - NameSpace_Catalog5\Catalog
O10 - NameSpace_Catalog5\Catalog
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: metii.com ([metrovpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ontrackdatarecovery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {108D3206-846A-4A93-BACB-F
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {254AA86E-5655-4518-AA87-1
O16 - DPF: {3C8A6608-67D1-4AD1-AFE3-9
O16 - DPF: {3F932FFA-F092-4FDB-92C5-1
O16 - DPF: {44C1E3A2-B594-401C-B27A-D
O16 - DPF: {4871A87A-BFDD-4106-8153-F
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D
O16 - DPF: {556EEC63-31E2-47C3-BF29-D
O16 - DPF: {745395C8-D0E1-4227-8586-6
O16 - DPF: {748E146C-5842-4AD4-8A01-A
O16 - DPF: {79D6214F-CFCE-480F-9901-2
O16 - DPF: {971FC730-55F1-461F-83FD-B
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-1
O16 - DPF: {AA09E7F8-1C11-4B65-9D61-E
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-4
O16 - DPF: {B8FB8104-FDC9-4339-8AFF-2
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B
O17 - HKLM\System\CCS\Services\T
O18:64bit: - Protocol\Handler\grooveLoc
O18:64bit: - Protocol\Handler\intu-help
O18:64bit: - Protocol\Handler\intu-help
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8
O18 - Protocol\Handler\grooveLoc
O18 - Protocol\Handler\intu-help
O18 - Protocol\Handler\intu-help
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explor
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerforman
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-5
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\lives
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livess
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/09/11 13:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E5
[2013/09/11 13:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/09/11 12:02:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/11 03:13:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.
[2013/09/11 03:13:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.d
[2013/09/11 03:13:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesys
[2013/09/11 03:13:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysp
[2013/09/11 03:13:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Regis
[2013/09/11 03:13:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Regist
[2013/09/11 03:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieset
[2013/09/11 03:13:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetu
[2013/09/11 03:13:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4ui
[2013/09/11 03:13:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ierno
[2013/09/11 03:13:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernon
[2013/09/11 03:13:03 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertu
[2013/09/11 03:13:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri
[2013/09/11 03:13:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip
[2013/09/11 03:13:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfee
[2013/09/11 03:13:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeed
[2013/09/11 03:13:00 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscri
[2013/09/11 03:13:00 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscrip
[2013/09/11 00:50:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drive
[2013/09/11 00:50:42 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnl
[2013/09/11 00:50:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntosk
[2013/09/11 00:50:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskr
[2013/09/11 00:50:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll
[2013/09/11 00:50:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kerne
[2013/09/11 00:50:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64
[2013/09/11 00:50:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kerne
[2013/09/11 00:50:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64
[2013/09/11 00:50:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conho
[2013/09/11 00:50:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsr
[2013/09/11 00:50:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.
[2013/09/11 00:50:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsr
[2013/09/11 00:50:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm
[2013/09/11 00:50:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm6
[2013/09/11 00:50:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64
[2013/09/11 00:50:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup1
[2013/09/11 00:50:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apiset
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apise
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-m
[2013/09/11 00:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.e
[2013/09/11 00:47:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdoc
[2013/09/09 13:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEng
[2013/09/09 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\T-I
[2013/09/09 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/09 07:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\My XXX-xxx Details
[2013/09/09 07:23:55 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive
[2013/09/07 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\RK_Qu
[2013/09/07 17:27:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/07 17:27:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/07 17:27:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/07 17:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 17:24:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/04 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CCTV Pics
[2013/08/20 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Samsu
[2013/08/18 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CCTV HighRes
[2013/08/17 12:36:11 | 004,111,304 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vf
[2013/08/17 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Twili
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/09/13 06:59:36 | 014,155,776 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2013/09/13 06:42:06 | 000,002,128 | ---- | M] () -- C:\Users\XXX\Documents\Def
[2013/09/13 06:25:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpd
[2013/09/13 06:19:24 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296
[2013/09/13 06:19:24 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296
[2013/09/13 06:10:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpd
[2013/09/13 06:08:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/09/13 06:08:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/13 06:07:30 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/12 17:21:36 | 001,904,725 | -H-- | M] () -- C:\Users\XXX\AppData\Local
[2013/09/12 10:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti
[2013/09/11 21:06:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAnti
[2013/09/11 13:54:39 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iT
[2013/09/11 11:34:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2013/09/11 11:34:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drive
[2013/09/11 03:37:53 | 005,144,656 | ---- | M] () -- C:\Windows\SysNative\FNTCA
[2013/09/09 07:23:55 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drive
[2013/08/29 15:16:21 | 000,821,454 | ---- | M] () -- C:\Windows\SysNative\PerfS
[2013/08/29 15:16:21 | 000,688,574 | ---- | M] () -- C:\Windows\SysNative\perfh
[2013/08/29 15:16:21 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc
[2013/08/29 12:04:47 | 000,006,060 | ---- | M] () -- C:\Users\XXX\Desktop\HL Inspection Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | M] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.pdf
[2013/08/29 11:35:55 | 000,111,616 | ---- | M] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | M] () -- C:\Users\XXX\Desktop\L-Res
[2013/08/21 15:57:55 | 000,002,717 | ---- | M] () -- C:\Users\XXX\Desktop\L-Res
[2013/08/17 21:41:40 | 003,044,432 | ---- | M] () -- C:\Users\XXX\Desktop\K--DV
[2013/08/15 15:44:17 | 000,000,299 | ---- | M] () -- C:\Users\XXX\Desktop\Axis.
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/09/11 13:54:38 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iT
[2013/09/07 17:27:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/07 17:27:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/07 17:27:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/07 17:27:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/07 17:27:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/29 12:04:47 | 000,006,060 | ---- | C] () -- C:\Users\XXX\Desktop\HL Inspection Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | C] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.pdf
[2013/08/27 14:52:12 | 000,111,616 | ---- | C] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | C] () -- C:\Users\XXX\Desktop\L-Res
[2013/08/21 15:57:55 | 000,002,717 | ---- | C] () -- C:\Users\XXX\Desktop\L-Res
[2013/08/17 21:36:15 | 003,044,432 | ---- | C] () -- C:\Users\XXX\Desktop\K--DV
[2013/08/17 12:36:12 | 000,000,316 | ---- | C] () -- C:\Windows\SysWow64\XWebPl
[2013/08/17 12:36:11 | 000,455,528 | ---- | C] () -- C:\Windows\SysWow64\NVH264
[2013/08/17 12:36:11 | 000,414,568 | ---- | C] () -- C:\Windows\SysWow64\NVPost
[2013/08/17 12:36:11 | 000,086,888 | ---- | C] () -- C:\Windows\SysWow64\NVH264
[2013/08/17 12:36:11 | 000,063,048 | ---- | C] () -- C:\Windows\SysWow64\NVH264
[2013/08/17 12:36:11 | 000,030,280 | ---- | C] () -- C:\Windows\SysWow64\G723ad
[2013/08/17 12:36:11 | 000,005,228 | ---- | C] () -- C:\Windows\SysWow64\1049.i
[2013/08/17 12:36:11 | 000,004,480 | ---- | C] () -- C:\Windows\SysWow64\1033.i
[2013/08/17 12:36:11 | 000,003,598 | ---- | C] () -- C:\Windows\SysWow64\2052.i
[2013/08/17 12:36:11 | 000,002,582 | ---- | C] () -- C:\Windows\SysWow64\1055.i
[2013/08/17 12:36:11 | 000,002,367 | ---- | C] () -- C:\Windows\SysWow64\1034.i
[2013/08/17 12:36:11 | 000,002,340 | ---- | C] () -- C:\Windows\SysWow64\1046.i
[2013/08/17 12:36:11 | 000,002,231 | ---- | C] () -- C:\Windows\SysWow64\1042.i
[2013/08/17 12:36:11 | 000,002,081 | ---- | C] () -- C:\Windows\SysWow64\1028.i
[2013/08/15 15:44:17 | 000,000,299 | ---- | C] () -- C:\Users\XXX\Desktop\Axis.
[2013/06/29 15:41:24 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc31
[2013/05/08 17:24:17 | 000,221,056 | ---- | C] () -- C:\Windows\SysWow64\TLDvrL
[2013/05/08 17:24:14 | 000,122,254 | ---- | C] () -- C:\Windows\SysWow64\Dvr72X
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrl
[2013/01/21 15:35:42 | 000,043,896 | ---- | C] () -- C:\Windows\SysWow64\XPlayD
[2013/01/16 14:55:02 | 003,166,208 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/10/27 14:28:08 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\VNNCli
[2012/10/24 15:21:54 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP
[2012/10/24 15:21:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP
[2012/10/24 15:21:54 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP
[2012/10/24 15:21:53 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\Deinte
[2012/10/24 15:21:53 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal
[2012/10/24 15:21:53 | 000,086,528 | ---- | C] () -- C:\Windows\SysWow64\avform
[2012/10/24 15:21:53 | 000,070,675 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2012/10/24 15:21:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\AVC_H2
[2012/10/24 15:21:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_JP
[2012/06/25 16:01:50 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/25 16:01:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/25 16:01:28 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/25 16:01:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2012/06/12 08:04:28 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/05/31 15:18:34 | 001,802,240 | ---- | C] () -- C:\Windows\SysWow64\DVR_GU
[2012/03/13 17:26:58 | 000,127,848 | ---- | C] () -- C:\Windows\SysWow64\NVClie
[2012/03/13 17:25:30 | 000,045,928 | ---- | C] () -- C:\Windows\SysWow64\D3DPla
[2012/01/03 18:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\utf8_2
[2011/11/29 17:10:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/28 09:36:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/28 09:36:42 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/26 18:47:20 | 000,242,688 | ---- | C] () -- C:\Windows\SysWow64\DvrNet
[2011/11/22 10:40:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/18 19:16:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/11/16 11:02:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\winpub
[2011/11/15 11:07:56 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/11/01 18:19:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/10/19 18:27:32 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/09/13 11:15:04 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/08/23 17:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\NetMsg
[2011/08/20 12:34:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/08/04 17:48:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:36 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:34 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:32 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:30 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:49:28 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:48:56 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/16 16:48:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/06/14 11:20:06 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:23:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/05/12 15:22:58 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/04/29 18:27:12 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcx
[2011/03/25 16:32:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/03/25 16:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2011/03/11 10:11:00 | 000,080,915 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2011/03/11 10:10:58 | 000,824,851 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2011/03/11 10:10:58 | 000,171,539 | ---- | C] () -- C:\Windows\SysWow64\swscal
[2011/03/11 10:10:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\avform
[2011/03/11 10:10:58 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avcore
[2011/03/09 18:18:52 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/03/09 18:14:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2011/03/09 18:06:42 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX
[2010/06/17 18:07:24 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscal
[2010/06/17 18:07:24 | 000,070,163 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2010/06/17 18:07:22 | 000,798,739 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2010/06/17 18:07:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\avform
[2010/04/10 23:25:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.in
[2009/11/27 17:29:55 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/27 17:29:55 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/25 08:52:03 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trig
[2009/11/16 22:58:21 | 000,834,460 | ---- | C] () -- C:\Windows\SysWow64\PerfSt
[2009/09/03 10:13:38 | 000,003,920 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:31:32 | 000,003,660 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:29:04 | 000,001,861 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:29:00 | 000,003,952 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:58 | 000,004,028 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:50 | 000,001,706 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:46 | 000,004,094 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:42 | 000,002,798 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:30 | 000,004,152 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:26 | 000,004,432 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:22 | 000,004,240 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:16 | 000,004,090 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:12 | 000,004,666 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:06 | 000,004,338 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:28:00 | 000,004,174 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/14 16:27:56 | 000,004,516 | ---- | C] () -- C:\Windows\Language(Config
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWCont
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjeto
[2009/04/08 17:01:34 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\np_hoe
[2008/03/27 18:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Remote
[2008/03/17 14:50:26 | 000,802,321 | ---- | C] () -- C:\Windows\SysWow64\avcode
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil
[2007/11/02 00:58:12 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\SkinMa
[2007/09/07 15:50:34 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\J2K_De
[2007/09/06 16:02:24 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\PTZMan
[2006/10/16 04:10:28 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.d
[2005/01/17 08:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPC
[2004/08/09 17:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW0
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< :otl >[/color]
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drive
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drive
[color=#A23BEC]< IE - HKCU\SOFTWARE\Microsoft\In
[color=#A23BEC]< IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found >[/color]
[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8
[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. >[/color]
[color=#A23BEC]< O3 - HKCU\..\Toolbar\WebBrowser
[color=#A23BEC]< O13 - gopher Prefix: missing >[/color]
[color=#A23BEC]< O18:64bit: - Protocol\Handler\grooveLoc
[color=#A23BEC]< O18:64bit: - Protocol\Handler\intu-help
[color=#A23BEC]< O18:64bit: - Protocol\Handler\intu-help
[color=#A23BEC]< O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0
[color=#A23BEC]< O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-5
[color=#A23BEC]< O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8
[color=#A23BEC]< O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found >[/color]
Invalid Switch: pagefile) - File not found
[color=#A23BEC]< O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found >[/color]
Invalid Switch: pagefile) - File not found
[color=#A23BEC]< O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.1
[color=#A23BEC]< O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
[color=#A23BEC]< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
[color=#A23BEC]< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >[/color]
[color=#A23BEC]< @Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
[color=#A23BEC]< :Commands >[/color]
[color=#A23BEC]< [PURITY] >[/color]
[color=#A23BEC]< [EMPTYTEMP] >[/color]
[color=#A23BEC]< [emptyjava] >[/color]
[color=#A23BEC]< [EMPTYFLASH] >[/color]
[color=#A23BEC]< [RESETHOSTS] >[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1
< End of report >
Hi TG-TIS,
You have SUPERAntiSpyware installed and running it in realtime scanning mode and you also have Symantec Anti-Virus.
Windows Defender Service running as well.
I would recommend you to Uninstall SuperAntiSpyware and stop the Windows Defender Service.
Logs also suggests that the NIC dirvers are quite old (2009 make), you should update them as well.
I would also suggest you to install Secunia PSI which would tell you which programs need update on your system.
http://www.bleepingcomputer.com/download/secunia-psi/
Sudeep
You have SUPERAntiSpyware installed and running it in realtime scanning mode and you also have Symantec Anti-Virus.
Windows Defender Service running as well.
I would recommend you to Uninstall SuperAntiSpyware and stop the Windows Defender Service.
Logs also suggests that the NIC dirvers are quite old (2009 make), you should update them as well.
I would also suggest you to install Secunia PSI which would tell you which programs need update on your system.
http://www.bleepingcomputer.com/download/secunia-psi/
Sudeep
ASKER
I updated the nic driver and disabled superAntiSpyware frun running at startup and also disabled it's realtime protection.
I don't see a place to disable Windows defender and can't find that service.
Any suggestions?
I don't see a place to disable Windows defender and can't find that service.
Any suggestions?
ASKER
I installed Secunia PSI 3.0 but when I launched it, it displayed an error saying the user ID was not found. It just came back and is running a scan.
ASKER
Hi Sudeep,
I got Secunia to run, but it takes a while. It did help me update a few apps.
Any feedback on the Old Timers Log?
I got Secunia to run, but it takes a while. It did help me update a few apps.
Any feedback on the Old Timers Log?
On Windows 7 Windows Defender is named as "Windows Defender" if you look at the services. If it is running stop it.
OTL logs are fine, They removed the entries which we wanted it to remove.
Now run a full system scan of ESET Online Scanner and post the logs if it founds any infection.
ESET online scan
http://www.eset.com/us/online-scanner
If the above link doesn't work for you try the installer for online scanning from the link below:
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
Sudeep
OTL logs are fine, They removed the entries which we wanted it to remove.
Now run a full system scan of ESET Online Scanner and post the logs if it founds any infection.
ESET online scan
http://www.eset.com/us/online-scanner
If the above link doesn't work for you try the installer for online scanning from the link below:
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
Sudeep
ASKER
I ended up performing a clean re-install. The other suggestions were good, but did not provide the cleanup it needed.
Thanks to all experts.
Thanks to all experts.
Great. You got it working. :-)
User account might be corrupted.
Ded9