Win7 Pc - Suspect Spyware - very slow

I’m working a Win7 64 bit Ultimate Pc that I suspect has been hit with some type of spyware or virus. There are no popups or browser hijacks that appear, but the system is unbelievably slow.

Below is a detailed description of the system and what I've done to clean it up.

8 Gigs ram
C drive –  720 GB, 340 Gb free
E-drive -  1 .1 Tb, 540 Gb free
Processor AMD Athlon II 64 bit x 4 620 Ghz

It’s a standalone in its own workgroup. I ran the following utilities which helped:

ComboFix
The report is attached but I don’t have the background to evaluate what should be deleted.

Rogue Kill – Found some registry entries that I had it remove.
-      I allowed it to remove the auto update tasks for Google and Adobe to lighten up the system overhead.

SuperAntiSpyware – found a few minor items and now it runs clean

Malwarebytes -  – found a few minor items and now it runs clean

TDsKiller – found a few items with the following options selected
-      Verify the file digital signatures
-      Detect TDLFS file system
Attached are three reports

Conflicker  Checker from Symantec – found nothing

Symantec Endpoint protection  12.15.xx – Just found cookies which it deleted

Symantec Endpoint Protection displays a message at boot up saying it’s found a process and want to know if I should block it… I respond yes. I don’t know how to identify that process.

The system boots faster now but is still slower than normal.
TDS-Killer-text-based-report.txt
Combofix.txt
TDS-Killer-Recap.pdf
LVL 25
Tony GiangrecoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ded9Commented:
Create a new user account ...restart login under the new user account and check.


User account might be corrupted.






Ded9
0
aadihCommented:
Defragment the drive and also run a disk-check.
0
Kent DyerIT Security Analyst SeniorCommented:
Couple of things..

Go to SysInternals..
Get AutoRuns and Process Explorer

Evaluate what is in Startup..
Evaluate what is in Process/Memory/CPU/etc.

HTH,

Kent
0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

jhyieslaCommented:
Here's a suggestion for you.  Assuming that you are right, if the potential infection is this heavy I'd try two things.  One is, can you identify a time when things seemed to run OK, and if so, can you do a system restore back to that time?  This would potentially be pre-spyware.  

Second, if none of the anti-malware programs you have run or doing a system restore fix the issues, then I'd pull off any important data and wipe and reload Windows - this is the for SURE way to remove any spyware.

I had something like this recently on a work computer and I don't think I had an infection of some kind and there were no disk errors in the System event log so I just assumed that Windows had just screwed up.  After doing a wipe and reload, everything is working OK.
0
Tony GiangrecoAuthor Commented:
I'll run Defrag overnight tonight

I agree a total install is a great option, but this Pc is loaded with apps that will take a while to reinstall. i'm looking for a less time consuming solution.

I'll check the user account.
0
lauchangkwangCommented:
For me in this kind of situation, and I am always with the mindset that no antivirus is 100% to remove all the viruses, once the laptop found few viruses and I am not notify of, that is it, a reformat will be done. This is just because there are few thousand of virus / spyware that able to split itself silently, at the back end, without any notice of the anti-virus, a clean install is always 100% safe.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jhyieslaCommented:
Personally, in the last few years, I've not been a big fan of defrag. It's not that it doesn't "help", but if you're experiencing real slowness, I doubt it will help. And I totally understand about putting apps back on, but if you've run all the antimalware things and even perhaps done a system restore and it's still slow, you can spend hours wiping and reloading everything or you can spend hours continuing to fight what may be a losing battle and then still have to wipe.

My philosophy is to at pretty much all costs, try to fix the issue without having to wipe and reload. But if I've done all the tricks in my book, then I just bite the bullet and wipe.
0
nobusCommented:
i would start with the basics : is the cpu + ram seen normally?
right click on mycomputer>properties

i would also run a disk diag on BOTH drives, to be sure they're running OK :
Hardware diagnostic CD    UBCD
 i suggest the UBCD  to run some diags first - to be sure about the basics
go to the download page, scroll down to the mirror section, and  click on a mirror to start the download
Download the UBCD and make the cd   <<==on a WORKING PC, and boot the problem PC from it
Here 2 links, one to the general site, and a direct link to the download

since the downloaded file is an ISO file, you need to use an ISO burning tool
if you don't have that software, install cdburnerXP : http://cdburnerxp.se/

If you want also the Ram tested - run memtest86+ at least 1 full pass,  - you should have NO errors!
 
For disk Diagnostics run the disk diag for your disk brand (eg seagate diag for seagate drive)  from the HDD section -  long or advanced diag !  (runs at least for30 minutes)

http://www.ultimatebootcd.com/                        ultimate boot cd
http://www.ultimatebootcd.com/download.html             download page
0
terencinoCommented:
Your C: is very large - maybe Windows Search indexing is dragging it down?
0
Sudeep SharmaTechnical DesignerCommented:
Combofix did his work well as per the logs:

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\XXX\AppData\Local\assembly\tmp
c:\users\XXX\Documents\$AP4939.tmp
c:\users\XXX\Documents\$AP7D6.tmp
c:\users\XXX\g2mdlhlpx.exe
c:\users\XXX\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

And here:

- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{343db173-0e5a-4f2a-b7bb-71a49085d70e} - (no file)
Toolbar-{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
Toolbar-10 - (no file)
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{343DB173-0E5A-4F2A-B7BB-71A49085D70E} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
- - - - ORPHANS REMOVED - - - -

I would recommend you to further scan the system with OTL. OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.

Download:
http://oldtimer.geekstogo.com/OTL/OTL.exe

Alternate downloads and locations:

Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
OTL.com: http://oldtimer.geekstogo.com/OTL.com
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr

Mirrors:
OTL.com: http://www.itxassociates.com/OT-Tools/OTL.com
OTL.scr: http://www.itxassociates.com/OT-Tools/OTL.scr
OTL.exe: http://www.itxassociates.com/OT-Tools/OTL.exe

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here

Sudeep
0
Tony GiangrecoAuthor Commented:
Ok, I'll run it this evening. I'm currently running a full scan of the Microsoft Windows Malicious Software Removal tool. So far, it's not reporting anything found.
0
Tony GiangrecoAuthor Commented:
Here are the logs from Old Timer

Extras.txt
OTL Extras logfile created on: 9/11/2013 6:37:57 AM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 70.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 360.35 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.79 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B0BD3DD-EF7E-43EE-AC58-061E412BFFEF}" = SonicWALL Global VPN Client
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4ADBF5BE-7CAF-4193-A1F9-DE6820E68569}" = Symantec Endpoint Protection
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7346C35D-942D-3CCE-94CB-7008BA8D63CB}" = Application Verifier x64 External Package
"{735EF746-77A8-44E8-821F-4C77F038AA90}" = Symantec.cloud - Cloud Agent
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AC6AF5-CAEC-4178-9E75-F21CA107FCBF}" = Symantec Backup Exec.cloud Backup Agent
"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2DEFE25-83D8-55D0-AF90-BF25ED8360DA}" = ATI Catalyst Install Manager
"{F4D304D9-7647-4253-957E-44286B8631F4}" = HP Unified IO
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FDB89E21-0C9C-743A-15B3-A4E5C3144E4A}" = ccc-utility64
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Net2Printer RDP/ICA Client_is1" = Net2Printer RDP Client 1.15
"Net2PrinterRDPClient_is1" = Net2Printer RDP Client 1.16.0
"pdfFactory" = pdfFactory
"Symantec Hosted Services ARP" = Symantec.cloud
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}" = HPLaserJet200color-MFPM276_HelpLearnCenter_SI
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{14CF9AF8-10A6-4FA7-9E57-D22DBD644C77}" = HP Unified IO
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{180D6813-95E0-415C-B58A-5B9493DE2DDA}" = hppLaserJetService
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A8C25A4-A90A-4A0E-91DD-37535507476A}" = LogMeIn Rescue Technician Console
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvaXXXt
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2EA97C88-0425-4D57-AEBA-4604DD78DB8E}" = Symantec PartnerNet
"{3167CC62-C775-4E47-92C1-73EBB845751A}" = QuickBooks
"{363a2c1e-637f-45ce-933b-5a5463efd945}" = Windows Software Development Kit
"{3C631966-387E-4054-85D9-BBFFABE32BD8}" = QuickBooks Pro 2013
"{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{46A99EAE-98DA-4BE5-94C3-D41BA4C266DA}" = hpStatusAlerts
"{488F606B-6A1B-4BFB-9AFA-F4BAA4576CE1}" = PLX OutLook AddIn
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B02D3CE-A011-4475-93A5-774E0DA4E27E}" = hpbM276DSService
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{512957F0-B211-C50A-C1FC-6867FC3348A1}" = Windows Software Development Kit Redistributables
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54525107-4C4E-44AC-AC65-806084151057}" = hppSendFaxM276
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A136292-02AB-428E-8E9A-2628A52FA98E}" = HP LaserJet 200 color MFP M276 Fax
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A73EFB4-C362-4395-83D5-E0C6C53677FE}" = LightScribe Diagnostic Utility
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8843CC2B-E648-43D8-A763-1B5F56173FED}" = WebEx Recorder and Player
"{88B2E402-DE40-4422-9CCB-D285F8602C93}" = HP Product FWUpdater
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{986EABFC-92F6-CECD-9E5A-B13CAC40BB1D}" = WPTx64
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5D42D71-4036-5F88-5085-657C9DF9F1DD}" = WPT Redistributables
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B361ED10-259E-4B76-B35E-E47BB6DDDD74}" = hppFaxDrvM276
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}" = HP LaserJet 200 color MFP M276
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
"{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}" = hppM276LaserJetService
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E63A3353-003C-E4C2-230B-F155212D1479}" = SDK Debuggers
"{EA540E75-A545-4C9D-B42E-9C8FC09630C4}" = HP LJ200 M276 HP Scan
"{EF06A6A8-6B81-4A09-8223-789953972FFF}" = SonicWALL SSL-VPN NetExtender
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}" = hpStatusAlertsM276
"Active@ Password Changer" = Active@ Password Changer
"Active@ Password Changer Professional" = Active@ Password Changer Professional
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AXIS Media Control" = AXIS Media Control
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Gadwin PrintScreen" = Gadwin PrintScreen
"iLivid" = iLivid
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IsoBuster_is1" = IsoBuster 2.8.5
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"TreeSize Free_is1" = TreeSize Free V2.4
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite" = Windows Live Essentials
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Torch" = Torch
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 9/10/2013 5:05:10 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 5:30:35 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 5:40:41 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 5:50:33 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 6:01:13 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 6:10:45 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 8:01:29 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 9:31:57 PM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/11/2013 2:23:57 AM | Computer Name = XXX-7 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/11/2013 4:02:54 AM | Computer Name = XXX-7 | Source = Windows Search Service | ID = 3007
Description =
 
[ Media Center Events ]
Error - 5/10/2010 7:14:13 AM | Computer Name = XXX-7 | Source = MCUpdate | ID = 0
Description = 6:14:13 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/28/2013 7:01:28 AM | Computer Name = XXX-7 | Source = MCUpdate | ID = 0
Description = 6:01:26 AM - Error connecting to the internet.  6:01:26 AM -     Unable
 to contact server..  
 
[ ODiag Events ]
Error - 12/12/2012 8:54:14 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
 
Error - 12/12/2012 8:54:57 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
 
[ OSession Events ]
Error - 3/19/2010 11:47:26 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/15/2010 2:21:44 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/29/2010 12:37:54 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2/17/2011 1:55:06 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18089
 seconds with 4080 seconds of active time.  This session ended with a crash.
 
Error - 12/6/2011 4:21:18 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1060
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 4/5/2012 9:32:25 PM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9568
 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error - 7/10/2012 8:58:47 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8217
 seconds with 2520 seconds of active time.  This session ended with a crash.
 
Error - 12/12/2012 8:54:13 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/12/2012 8:54:57 AM | Computer Name = XXX-7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ Symantec Endpoint Protection Client Events ]
Error - 9/10/2013 2:37:52 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 5:05:10 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 5:30:35 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 5:40:41 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 5:50:33 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 6:01:13 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 6:10:45 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 8:01:29 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/10/2013 9:31:57 PM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
Error - 9/11/2013 2:23:57 AM | Computer Name = XXX-7 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
 by: SONAR scan.  Action: .  Action Description: Access Denied    
 
[ System Events ]
Error - 9/7/2013 6:38:57 PM | Computer Name = XXX-7 | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
 with this system. Please contact your software vendor for a compatible version
of the driver.
 
Error - 9/7/2013 6:44:35 PM | Computer Name = XXX-7 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 9/7/2013 7:11:36 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
 
Error - 9/8/2013 5:55:31 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
 
Error - 9/8/2013 8:29:58 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
 
Error - 9/8/2013 12:12:06 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
 
Error - 9/8/2013 5:30:31 PM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
 
Error - 9/9/2013 2:15:13 PM | Computer Name = XXX-7 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Error Reporting Service service to connect.
 
Error - 9/11/2013 4:29:23 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
 
Error - 9/11/2013 4:30:15 AM | Computer Name = XXX-7 | Source = DCOM | ID = 10010
Description =
 
 
< End of report >


OTL.txt
OTL logfile created on: 9/11/2013 6:37:57 AM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 70.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 360.35 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.79 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
PRC - [2013/06/19 14:44:08 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe
PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
PRC - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/10 09:45:32 | 000,057,616 | ---- | M] (Ipswitch) -- C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007/08/20 03:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2005/08/26 14:11:14 | 000,169,552 | ---- | M] (PKWARE, Inc.) -- C:\Program Files (x86)\PKWARE\PKZIPM\9.00.0010\PKTray.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
MOD - [2012/07/06 14:29:26 | 000,380,848 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWOW64\sysfer.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:64bit: - [2013/08/08 18:56:10 | 010,455,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\BackupAgent\basvc.exe -- (SymcBackupAgentSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/31 10:31:40 | 000,191,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe -- (SsPaAdm)
SRV:64bit: - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe -- (ssPaSetMgr)
SRV:64bit: - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/04/03 13:25:06 | 000,287,016 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 08:27:27 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2010/11/20 08:25:59 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/16 06:28:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/06/08 08:42:35 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2013/06/08 08:42:31 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/10/22 19:40:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2012/04/19 03:05:16 | 002,601,544 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe -- (SmcService)
SRV - [2012/04/19 02:47:05 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe -- (SNAC)
SRV - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/07/29 09:49:18 | 000,504,192 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe -- (SONICWALL_NetExtender)
SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/02 18:57:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdvgkmd.sys -- (VGPU)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2013/09/09 13:58:41 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\MpEngineStore\MpKslfe9a1c1e.sys -- (MpKslfe9a1c1e)
DRV:64bit: - [2013/06/08 08:42:32 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/06 14:30:23 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 14:29:26 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2012/04/03 13:24:48 | 000,100,128 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/21 03:58:58 | 000,274,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mos24ser_QUADPORT.sys -- (mos24ser_QUADPORT)
DRV:64bit: - [2012/03/18 21:23:44 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2012/03/07 02:09:30 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/07 02:09:30 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/02/26 21:31:39 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/11/15 21:11:52 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/11/15 21:05:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/16 04:25:29 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2011/08/14 08:48:36 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/04 00:10:56 | 000,132,184 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dnelwf64.sys -- (DNE)
DRV:64bit: - [2011/08/03 09:49:26 | 000,021,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\symrg.sys -- (symrg)
DRV:64bit: - [2011/07/28 19:27:34 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NxDrv.sys -- (NxDrv)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2010/11/20 08:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2010/11/20 08:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2010/11/20 04:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2010/11/20 04:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/04 19:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/23 16:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SSLDrv.sys -- (SSLDrv)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/09/06 20:34:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130910.016\ex64.sys -- (NAVEX15)
DRV - [2013/09/06 20:34:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130910.016\eng64.sys -- (NAVENG)
DRV - [2013/08/27 07:30:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 07:30:41 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/31 17:35:10 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2013/05/31 12:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130822.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/31 10:31:40 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\Symantec.cloud\ccSetx64.sys -- (ccSet_Cloud)
DRV - [2012/08/31 19:19:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130907.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/19 03:04:59 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFFPlgn\ [2013/09/11 03:35:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/23 20:42:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/20 10:45:40 | 000,000,000 | ---D | M]
 
[2013/05/23 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla\Extensions
[2013/08/07 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions
[2010/12/15 00:50:39 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2012/10/22 19:43:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/08/04 19:16:56 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/09/11 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\LogMeInClient@logmein.com
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\searchplugins\Search_Results.xml
[2013/08/07 17:18:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/22 19:40:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2012/05/29 17:39:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2012/10/22 19:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
[2012/10/22 19:40:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/09/07 17:44:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP LaserJet 200 color MFP M276 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\Windows\SysNative\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [SymantecPaui] C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: metii.com ([metrovpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ontrackdatarecovery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://173.239.131.84/webrec.cab (SurveillanceCtrl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {3C8A6608-67D1-4AD1-AFE3-967ED0929248} http://www.soddns.com/XWebPlayCMS.CAB (XWebPlayOCX Control)
O16 - DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} http://98.227.106.186/WATCH_16R.cab (WATCH_16R Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://metrovpn.metii.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} http://www.j2kip.com/CAB/RemoteWeb2.cab (RemoteWeb2 Control)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://hosting.ivedaxpress.com/components/AMC.cab (AxisMediaControl Class)
O16 - DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://98.227.106.186/DvrOcx.cab (Dvr Net 85 Multidownload)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://metrovpn.metii.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} http://192.168.1.102:8080/AVC_AX_742.cab (AMCCtrl Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AA09E7F8-1C11-4B65-9D61-EB6CB0F1E86C} http://avtech80x-3.ddns.eagleeyes.tw/AVC_AX_35X.cab (CV781Object Object)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://usavision.dipmap.com/cab/OCXChecker_8500.cab (OCXDownloadChecker Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8FB8104-FDC9-4339-8AFF-2EE4C8C92998} http://59.125.163.98/AVC_AX_NVR.cab (AMCCtrl Class)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T26L10NSP49EP23/support/ieaXXXpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/09/11 03:13:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 03:13:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 03:13:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 03:13:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 03:13:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 03:13:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 03:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 03:13:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 03:13:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 03:13:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 03:13:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 03:13:03 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013/09/11 03:13:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 03:13:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 03:13:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 03:13:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/09/11 03:13:00 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 03:13:00 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/09/11 00:50:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 00:50:42 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 00:50:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 00:50:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 00:50:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 00:50:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 00:50:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 00:50:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 00:50:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 00:50:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 00:50:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 00:50:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 00:50:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 00:50:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 00:50:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 00:50:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 00:50:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 00:50:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 00:50:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 00:50:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 00:50:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 00:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 00:47:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/09 13:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2013/09/09 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Iveda-Agreement
[2013/09/09 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/09 07:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\My XXX-xxx Details
[2013/09/09 07:23:55 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\47965278.sys
[2013/09/07 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\RK_Quarantine
[2013/09/07 18:15:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/07 17:27:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/07 17:27:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/07 17:27:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/07 17:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 17:24:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/04 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CC Pics
[2013/08/20 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Samsung Note 10.1
[2013/08/18 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CC HighRes
[2013/08/17 12:36:11 | 004,111,304 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vfw.dll
[2013/08/17 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Twilight SP's
[2013/08/13 21:20:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 20:19:07 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/13 20:18:59 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/13 20:18:58 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/13 20:18:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2013/08/13 20:18:57 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/13 20:17:24 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/13 20:17:24 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/13 20:17:11 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/08/13 20:07:17 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Elgin
[2013/08/13 15:06:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Quote for 821
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/09/11 06:40:51 | 014,155,776 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2013/09/11 06:25:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/11 06:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/11 03:43:11 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 03:43:11 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 03:37:53 | 005,144,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 03:34:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/09/11 03:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 03:33:31 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 03:29:24 | 007,486,285 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db
[2013/09/10 21:06:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4696c2d4-7173-4020-9b34-ba78588e3f70.job
[2013/09/10 18:30:58 | 000,002,128 | ---- | M] () -- C:\Users\XXX\Documents\Default.rdp
[2013/09/10 10:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0c97cbdc-9f09-444b-baf9-2cb2c0f93e6d.job
[2013/09/09 07:23:55 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\47965278.sys
[2013/09/07 17:45:00 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2013/09/07 17:44:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/29 15:16:21 | 000,821,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/29 15:16:21 | 000,688,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/29 15:16:21 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/29 12:04:47 | 000,006,060 | ---- | M] () -- C:\Users\XXX\Desktop\Hill Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | M] () -- C:\Users\XXX\Desktop\Bay.pdf
[2013/08/29 11:35:55 | 000,111,616 | ---- | M] () -- C:\Users\XXX\Desktop\Bay Colony.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | M] () -- C:\Users\XXX\Desktop\Lomb.xls
[2013/08/21 15:57:55 | 000,002,717 | ---- | M] () -- C:\Users\XXX\Desktop\Lomb.csv
[2013/08/17 21:41:40 | 003,044,432 | ---- | M] () -- C:\Users\XXX\Desktop\Kevin-Rs.xlsx
[2013/08/15 15:44:17 | 000,000,299 | ---- | M] () -- C:\Users\XXX\Desktop\Ax.csv
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/09/07 17:27:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/07 17:27:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/07 17:27:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/07 17:27:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/07 17:27:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/29 12:04:47 | 000,006,060 | ---- | C] () -- C:\Users\XXX\Desktop\Hill Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | C] () -- C:\Users\XXX\Desktop\Bay Form.pdf
[2013/08/27 14:52:12 | 000,111,616 | ---- | C] () -- C:\Users\XXX\Desktop\Bay Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | C] () -- C:\Users\XXX\Desktop\Lomb.xls
[2013/08/21 15:57:55 | 000,002,717 | ---- | C] () -- C:\Users\XXX\Desktop\Lom.csv
[2013/08/17 21:36:15 | 003,044,432 | ---- | C] () -- C:\Users\XXX\Desktop\Kevin-Rs.xlsx
[2013/08/17 12:36:12 | 000,000,316 | ---- | C] () -- C:\Windows\SysWow64\XWebPlay.ini
[2013/08/17 12:36:11 | 000,455,528 | ---- | C] () -- C:\Windows\SysWow64\NVH264Decoder.dll
[2013/08/17 12:36:11 | 000,414,568 | ---- | C] () -- C:\Windows\SysWow64\NVPostProc.dll
[2013/08/17 12:36:11 | 000,086,888 | ---- | C] () -- C:\Windows\SysWow64\NVH264vfw.dll
[2013/08/17 12:36:11 | 000,063,048 | ---- | C] () -- C:\Windows\SysWow64\NVH264.ax
[2013/08/17 12:36:11 | 000,030,280 | ---- | C] () -- C:\Windows\SysWow64\G723adpcm.acm
[2013/08/17 12:36:11 | 000,005,228 | ---- | C] () -- C:\Windows\SysWow64\1049.ini
[2013/08/17 12:36:11 | 000,004,480 | ---- | C] () -- C:\Windows\SysWow64\1033.ini
[2013/08/17 12:36:11 | 000,003,598 | ---- | C] () -- C:\Windows\SysWow64\2052.ini
[2013/08/17 12:36:11 | 000,002,582 | ---- | C] () -- C:\Windows\SysWow64\1055.ini
[2013/08/17 12:36:11 | 000,002,367 | ---- | C] () -- C:\Windows\SysWow64\1034.ini
[2013/08/17 12:36:11 | 000,002,340 | ---- | C] () -- C:\Windows\SysWow64\1046.ini
[2013/08/17 12:36:11 | 000,002,231 | ---- | C] () -- C:\Windows\SysWow64\1042.ini
[2013/08/17 12:36:11 | 000,002,081 | ---- | C] () -- C:\Windows\SysWow64\1028.ini
[2013/08/15 15:44:17 | 000,000,299 | ---- | C] () -- C:\Users\XXX\Desktop\Axis.csv
[2013/06/29 15:41:24 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3117.DLL
[2013/05/08 17:24:17 | 000,221,056 | ---- | C] () -- C:\Windows\SysWow64\TLDvrLng.ini
[2013/05/08 17:24:14 | 000,122,254 | ---- | C] () -- C:\Windows\SysWow64\Dvr72XXInwndLang.ini
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/01/21 15:35:42 | 000,043,896 | ---- | C] () -- C:\Windows\SysWow64\XPlayDLL.dll
[2013/01/16 14:55:02 | 003,166,208 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_VIEWER.dll
[2012/10/27 14:28:08 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\VNNClient.dll
[2012/10/24 15:21:54 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_H264.dll
[2012/10/24 15:21:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_SCALE.dll
[2012/10/24 15:21:54 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_JPEG.dll
[2012/10/24 15:21:53 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\Deinterlace.dll
[2012/10/24 15:21:53 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.11.1.dll
[2012/10/24 15:21:53 | 000,086,528 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.74.0.dll
[2012/10/24 15:21:53 | 000,070,675 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.22.0.dll
[2012/10/24 15:21:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\AVC_H264.dll
[2012/10/24 15:21:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_JPEG.dll
[2012/06/25 16:01:50 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_35x_H264.dll
[2012/06/25 16:01:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_H264.dll
[2012/06/25 16:01:28 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_35x_JPEG.dll
[2012/06/25 16:01:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_JPEG.dll
[2012/06/12 08:04:28 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/05/31 15:18:34 | 001,802,240 | ---- | C] () -- C:\Windows\SysWow64\DVR_GUI.dll
[2012/03/13 17:26:58 | 000,127,848 | ---- | C] () -- C:\Windows\SysWow64\NVClientDLL.dll
[2012/03/13 17:25:30 | 000,045,928 | ---- | C] () -- C:\Windows\SysWow64\D3DPlayDLL.dll
[2012/01/03 18:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\utf8_2_font.dll
[2011/11/29 17:10:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxESP.dll
[2011/11/28 09:36:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHT.dll
[2011/11/28 09:36:42 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2011/11/26 18:47:20 | 000,242,688 | ---- | C] () -- C:\Windows\SysWow64\DvrNet.dll
[2011/11/22 10:40:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA(yuxin).dll
[2011/11/18 19:16:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_SCALE.dll
[2011/11/16 11:02:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\winpubf6.dll
[2011/11/15 11:07:56 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFAR(changshi).dll
[2011/11/01 18:19:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA.dll
[2011/10/19 18:27:32 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHEB.dll
[2011/09/13 11:15:04 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHRV.dll
[2011/08/23 17:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\NetMsgDLL.dll
[2011/08/20 12:34:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxDEU.dll
[2011/08/04 17:48:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPXXX.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTB.dll
[2011/06/16 16:49:36 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPLK.dll
[2011/06/16 16:49:34 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK.dll
[2011/06/16 16:49:32 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxITA.dll
[2011/06/16 16:49:30 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxROM.dll
[2011/06/16 16:49:28 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS(DIT).dll
[2011/06/16 16:48:56 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTHA.dll
[2011/06/16 16:48:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFAR.dll
[2011/06/14 11:20:06 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxARS.dll
[2011/05/12 15:23:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCSY.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHUN.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxELL.dll
[2011/05/12 15:22:58 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxNLD.dll
[2011/04/29 18:27:12 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK(KNOWLEDGE).dll
[2011/03/25 16:32:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_35x_SCALE.dll
[2011/03/25 16:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.84.0.dll
[2011/03/11 10:11:00 | 000,080,915 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.36.0.dll
[2011/03/11 10:10:58 | 000,824,851 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.108.0.dll
[2011/03/11 10:10:58 | 000,171,539 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.12.0.dll
[2011/03/11 10:10:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.93.0.dll
[2011/03/11 10:10:58 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avcore-0.16.1.dll
[2011/03/09 18:18:52 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_742_JPEG.dll
[2011/03/09 18:14:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_742_H264.dll
[2011/03/09 18:06:42 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_742_SCALE.dll
[2010/06/17 18:07:24 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.11.0.dll
[2010/06/17 18:07:24 | 000,070,163 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.19.0.dll
[2010/06/17 18:07:22 | 000,798,739 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.77.0.dll
[2010/06/17 18:07:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.68.0.dll
[2010/04/10 23:25:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/27 17:29:55 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/27 17:29:55 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/25 08:52:03 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/11/16 22:58:21 | 000,834,460 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/03 10:13:38 | 000,003,920 | ---- | C] () -- C:\Windows\Language(Config)_TI.ini
[2009/07/14 16:31:32 | 000,003,660 | ---- | C] () -- C:\Windows\Language(Config)_HB.ini
[2009/07/14 16:29:04 | 000,001,861 | ---- | C] () -- C:\Windows\Language(Config)_EN.ini
[2009/07/14 16:29:00 | 000,003,952 | ---- | C] () -- C:\Windows\Language(Config)_DE.ini
[2009/07/14 16:28:58 | 000,004,028 | ---- | C] () -- C:\Windows\Language(Config)_CZ.ini
[2009/07/14 16:28:50 | 000,001,706 | ---- | C] () -- C:\Windows\Language(Config)_TC.ini
[2009/07/14 16:28:46 | 000,004,094 | ---- | C] () -- C:\Windows\Language(Config)_SWE.ini
[2009/07/14 16:28:42 | 000,002,798 | ---- | C] () -- C:\Windows\Language(Config)_SC.ini
[2009/07/14 16:28:30 | 000,004,152 | ---- | C] () -- C:\Windows\Language(Config)_RU.ini
[2009/07/14 16:28:26 | 000,004,432 | ---- | C] () -- C:\Windows\Language(Config)_PT.ini
[2009/07/14 16:28:22 | 000,004,240 | ---- | C] () -- C:\Windows\Language(Config)_PL.ini
[2009/07/14 16:28:16 | 000,004,090 | ---- | C] () -- C:\Windows\Language(Config)_NL.ini
[2009/07/14 16:28:12 | 000,004,666 | ---- | C] () -- C:\Windows\Language(Config)_IT.ini
[2009/07/14 16:28:06 | 000,004,338 | ---- | C] () -- C:\Windows\Language(Config)_FR.ini
[2009/07/14 16:28:00 | 000,004,174 | ---- | C] () -- C:\Windows\Language(Config)_FIN.ini
[2009/07/14 16:27:56 | 000,004,516 | ---- | C] () -- C:\Windows\Language(Config)_ES.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/08 17:01:34 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\np_hoem_x.dll
[2008/03/27 18:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\RemoteSocket.dll
[2008/03/17 14:50:26 | 000,802,321 | ---- | C] () -- C:\Windows\SysWow64\avcodec_0.4.9_pre1.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil_0.4.9_pre1-49.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil_0.4.9_pre1.dll
[2007/11/02 00:58:12 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\SkinManager.dll
[2007/09/07 15:50:34 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\J2K_Decode.dll
[2007/09/06 16:02:24 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\PTZManager.dll
[2006/10/16 04:10:28 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2005/01/17 08:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 17:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1CA
< End of report >
0
Tony GiangrecoAuthor Commented:
The pc appears to be running well today. I'm not sure why because other than running what I mentioned above, nothing other than Microsoft updates have been applied.

I checked the Event logs and found these entries.

1. When I open IE10 and go to Google News, I get a message saying "Internet Explorer blocked this website from displaying content with security certificate errors". After I click Show Content a few times, it goes away.
 
Event Log Entry
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.

Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

2. This message is found in the event log multiple times every day from Symantec Endpoint Protection 12.1.1101.401
Security Risk Found!  Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan.  Action: .  Action Description: Access Denied
0
Tony GiangrecoAuthor Commented:
Hi SSharma,

Can you evaluate the Old Timers log and let me know what the next step is?

Thanks for your help!
0
Sudeep SharmaTechnical DesignerCommented:
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

    Double-click OTL.exe to start the program.
    Copy and Paste the following code into the Custom Scans/Fixes textbox.
========================================
:otl
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdvgkmd.sys -- (VGPU)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1CA
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]
==============================================
Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Sudeep
0
Tony GiangrecoAuthor Commented:
Here is the OTL report after running it with your custom script.

It did not ask for a reboot.

OTL logfile created on: 9/13/2013 6:58:01 AM - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Downloads\# AV 2013\Old Timer
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 702.64 Gb Total Space | 359.60 Gb Free Space | 51.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.93 Gb Total Space | 543.63 Gb Free Space | 29.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX-7
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
PRC - [2013/06/19 14:44:08 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe
PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
PRC - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007/08/20 03:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2005/08/26 14:11:14 | 000,169,552 | ---- | M] (PKWARE, Inc.) -- C:\Program Files (x86)\PKWARE\PKZIPM\9.00.0010\PKTray.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2013/09/11 06:29:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\# AV 2013\Old Timer\OTL.exe
MOD - [2012/07/06 14:29:26 | 000,380,848 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWOW64\sysfer.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:64bit: - [2013/08/08 18:56:10 | 010,455,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\BackupAgent\basvc.exe -- (SymcBackupAgentSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/31 10:31:40 | 000,191,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe -- (SsPaAdm)
SRV:64bit: - [2013/01/31 10:31:40 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe -- (ssPaSetMgr)
SRV:64bit: - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/04/03 13:25:06 | 000,287,016 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 08:27:27 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2010/11/20 08:25:59 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/16 06:28:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/06/08 08:42:35 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2013/06/08 08:42:31 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/11 10:23:26 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2013/02/05 13:11:47 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/10/22 19:40:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2012/04/19 03:05:16 | 002,601,544 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe -- (SmcService)
SRV - [2012/04/19 02:47:05 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe -- (SNAC)
SRV - [2012/01/27 23:49:14 | 000,137,208 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011/08/14 08:48:38 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/07/29 09:49:18 | 000,504,192 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe -- (SONICWALL_NetExtender)
SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/02 18:57:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdvgkmd.sys -- (VGPU)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2013/06/08 08:42:32 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/06 14:30:23 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 14:29:26 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2012/04/03 13:24:48 | 000,100,128 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/21 03:58:58 | 000,274,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mos24ser_QUADPORT.sys -- (mos24ser_QUADPORT)
DRV:64bit: - [2012/03/18 21:23:44 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2012/03/07 02:09:30 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/07 02:09:30 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/02/26 21:31:39 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/11/15 21:11:52 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/11/15 21:05:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/16 04:25:29 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2011/08/14 08:48:36 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/04 00:10:56 | 000,132,184 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dnelwf64.sys -- (DNE)
DRV:64bit: - [2011/08/03 09:49:26 | 000,021,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\symrg.sys -- (symrg)
DRV:64bit: - [2011/07/28 19:27:34 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NxDrv.sys -- (NxDrv)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2010/11/20 08:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2010/11/20 08:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2010/11/20 04:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2010/11/20 04:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/04 19:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/23 16:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SSLDrv.sys -- (SSLDrv)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/09/06 20:34:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130912.001\ex64.sys -- (NAVEX15)
DRV - [2013/09/06 20:34:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130912.001\eng64.sys -- (NAVENG)
DRV - [2013/08/27 07:30:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 07:30:41 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/31 17:35:10 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2013/05/31 12:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130822.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/31 10:31:40 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\Symantec.cloud\ccSetx64.sys -- (ccSet_Cloud)
DRV - [2012/08/31 19:19:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130907.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/19 03:04:59 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFFPlgn\ [2013/09/13 06:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/11 13:47:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/11 13:47:51 | 000,000,000 | ---D | M]
 
[2013/05/23 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla\Extensions
[2013/08/07 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions
[2010/12/15 00:50:39 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2012/10/22 19:43:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/08/04 19:16:56 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/09/11 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\extensions\LogMeInClient@logmein.com
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\6fqq0v2p.default\searchplugins\Search_Results.xml
[2013/08/07 17:18:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/22 19:40:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2012/05/29 17:39:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2012/10/22 19:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/11/17 20:23:31 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
[2012/10/22 19:40:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/09/11 11:34:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP LaserJet 200 color MFP M276 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\Windows\SysNative\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [SymantecPaui] C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: metii.com ([metrovpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ontrackdatarecovery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://173.239.131.84/webrec.cab (SurveillanceCtrl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {3C8A6608-67D1-4AD1-AFE3-967ED0929248} http://www.soddns.com/XWebPlayCMS.CAB (XWebPlayOCX Control)
O16 - DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} http://98.227.106.186/WATCH_16R.cab (WATCH_16R Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://metrovpn.metii.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} http://www.j2kip.com/CAB/RemoteWeb2.cab (RemoteWeb2 Control)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://hosting.ivedaxpress.com/components/AMC.cab (AxisMediaControl Class)
O16 - DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://98.227.106.186/DvrOcx.cab (Dvr Net 85 Multidownload)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://metrovpn.metii.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} http://192.168.1.102:8080/AVC_AX_742.cab (AMCCtrl Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AA09E7F8-1C11-4B65-9D61-EB6CB0F1E86C} http://avtech80x-3.ddns.eagleeyes.tw/AVC_AX_35X.cab (CV781Object Object)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://usavision.dipmap.com/cab/OCXChecker_8500.cab (OCXDownloadChecker Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8FB8104-FDC9-4339-8AFF-2EE4C8C92998} http://59.125.163.98/AVC_AX_NVR.cab (AMCCtrl Class)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T26L10NSP49EP23/support/ieaXXXpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/09/11 13:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/11 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/11 13:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/09/11 12:02:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/11 03:13:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 03:13:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 03:13:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 03:13:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 03:13:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 03:13:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 03:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 03:13:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 03:13:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 03:13:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 03:13:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 03:13:03 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013/09/11 03:13:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 03:13:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 03:13:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 03:13:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/09/11 03:13:00 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 03:13:00 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/09/11 00:50:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 00:50:42 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 00:50:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 00:50:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 00:50:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 00:50:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 00:50:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 00:50:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 00:50:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 00:50:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 00:50:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 00:50:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 00:50:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 00:50:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 00:50:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 00:50:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 00:50:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 00:50:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 00:50:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 00:50:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 00:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 00:50:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 00:50:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 00:50:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 00:50:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 00:50:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 00:50:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 00:50:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 00:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 00:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 00:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 00:47:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/09 13:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2013/09/09 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\T-Iv-Agreement
[2013/09/09 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/09 07:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\My XXX-xxx Details
[2013/09/09 07:23:55 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\47965278.sys
[2013/09/07 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\RK_Quarantine
[2013/09/07 17:27:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/07 17:27:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/07 17:27:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/07 17:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 17:24:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/04 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CCTV Pics
[2013/08/20 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Samsung Note 10.1
[2013/08/18 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\CCTV HighRes
[2013/08/17 12:36:11 | 004,111,304 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vfw.dll
[2013/08/17 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Twilight SP's
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/09/13 06:59:36 | 014,155,776 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2013/09/13 06:42:06 | 000,002,128 | ---- | M] () -- C:\Users\XXX\Documents\Default.rdp
[2013/09/13 06:25:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/13 06:19:24 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 06:19:24 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 06:10:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/13 06:08:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/09/13 06:08:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/13 06:07:30 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/12 17:21:36 | 001,904,725 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db
[2013/09/12 10:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0c97cbdc-9f09-444b-baf9-2cb2c0f93e6d.job
[2013/09/11 21:06:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4696c2d4-7173-4020-9b34-ba78588e3f70.job
[2013/09/11 13:54:39 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/11 11:34:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2013/09/11 11:34:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/11 03:37:53 | 005,144,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/09 07:23:55 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\47965278.sys
[2013/08/29 15:16:21 | 000,821,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/29 15:16:21 | 000,688,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/29 15:16:21 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/29 12:04:47 | 000,006,060 | ---- | M] () -- C:\Users\XXX\Desktop\HL Inspection Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | M] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.pdf
[2013/08/29 11:35:55 | 000,111,616 | ---- | M] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | M] () -- C:\Users\XXX\Desktop\L-Resturants.xls
[2013/08/21 15:57:55 | 000,002,717 | ---- | M] () -- C:\Users\XXX\Desktop\L-Resturants.csv
[2013/08/17 21:41:40 | 003,044,432 | ---- | M] () -- C:\Users\XXX\Desktop\K--DVRs.xlsx
[2013/08/15 15:44:17 | 000,000,299 | ---- | M] () -- C:\Users\XXX\Desktop\Axis.csv
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/09/11 13:54:38 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/07 17:27:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/07 17:27:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/07 17:27:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/07 17:27:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/07 17:27:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/29 12:04:47 | 000,006,060 | ---- | C] () -- C:\Users\XXX\Desktop\HL Inspection Pictures Page.pdf
[2013/08/29 11:36:18 | 000,022,001 | ---- | C] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.pdf
[2013/08/27 14:52:12 | 000,111,616 | ---- | C] () -- C:\Users\XXX\Desktop\BC Bldg Inspection Form.doc
[2013/08/21 15:59:28 | 000,020,992 | ---- | C] () -- C:\Users\XXX\Desktop\L-Resturants.xls
[2013/08/21 15:57:55 | 000,002,717 | ---- | C] () -- C:\Users\XXX\Desktop\L-Resturants.csv
[2013/08/17 21:36:15 | 003,044,432 | ---- | C] () -- C:\Users\XXX\Desktop\K--DVRs.xlsx
[2013/08/17 12:36:12 | 000,000,316 | ---- | C] () -- C:\Windows\SysWow64\XWebPlay.ini
[2013/08/17 12:36:11 | 000,455,528 | ---- | C] () -- C:\Windows\SysWow64\NVH264Decoder.dll
[2013/08/17 12:36:11 | 000,414,568 | ---- | C] () -- C:\Windows\SysWow64\NVPostProc.dll
[2013/08/17 12:36:11 | 000,086,888 | ---- | C] () -- C:\Windows\SysWow64\NVH264vfw.dll
[2013/08/17 12:36:11 | 000,063,048 | ---- | C] () -- C:\Windows\SysWow64\NVH264.ax
[2013/08/17 12:36:11 | 000,030,280 | ---- | C] () -- C:\Windows\SysWow64\G723adpcm.acm
[2013/08/17 12:36:11 | 000,005,228 | ---- | C] () -- C:\Windows\SysWow64\1049.ini
[2013/08/17 12:36:11 | 000,004,480 | ---- | C] () -- C:\Windows\SysWow64\1033.ini
[2013/08/17 12:36:11 | 000,003,598 | ---- | C] () -- C:\Windows\SysWow64\2052.ini
[2013/08/17 12:36:11 | 000,002,582 | ---- | C] () -- C:\Windows\SysWow64\1055.ini
[2013/08/17 12:36:11 | 000,002,367 | ---- | C] () -- C:\Windows\SysWow64\1034.ini
[2013/08/17 12:36:11 | 000,002,340 | ---- | C] () -- C:\Windows\SysWow64\1046.ini
[2013/08/17 12:36:11 | 000,002,231 | ---- | C] () -- C:\Windows\SysWow64\1042.ini
[2013/08/17 12:36:11 | 000,002,081 | ---- | C] () -- C:\Windows\SysWow64\1028.ini
[2013/08/15 15:44:17 | 000,000,299 | ---- | C] () -- C:\Users\XXX\Desktop\Axis.csv
[2013/06/29 15:41:24 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3117.DLL
[2013/05/08 17:24:17 | 000,221,056 | ---- | C] () -- C:\Windows\SysWow64\TLDvrLng.ini
[2013/05/08 17:24:14 | 000,122,254 | ---- | C] () -- C:\Windows\SysWow64\Dvr72XXInwndLang.ini
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/01/21 15:35:42 | 000,043,896 | ---- | C] () -- C:\Windows\SysWow64\XPlayDLL.dll
[2013/01/16 14:55:02 | 003,166,208 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_VIEWER.dll
[2012/10/27 14:28:08 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\VNNClient.dll
[2012/10/24 15:21:54 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_H264.dll
[2012/10/24 15:21:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_SCALE.dll
[2012/10/24 15:21:54 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_JPEG.dll
[2012/10/24 15:21:53 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\Deinterlace.dll
[2012/10/24 15:21:53 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.11.1.dll
[2012/10/24 15:21:53 | 000,086,528 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.74.0.dll
[2012/10/24 15:21:53 | 000,070,675 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.22.0.dll
[2012/10/24 15:21:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\AVC_H264.dll
[2012/10/24 15:21:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_JPEG.dll
[2012/06/25 16:01:50 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_35x_H264.dll
[2012/06/25 16:01:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_H264.dll
[2012/06/25 16:01:28 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_35x_JPEG.dll
[2012/06/25 16:01:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_JPEG.dll
[2012/06/12 08:04:28 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/05/31 15:18:34 | 001,802,240 | ---- | C] () -- C:\Windows\SysWow64\DVR_GUI.dll
[2012/03/13 17:26:58 | 000,127,848 | ---- | C] () -- C:\Windows\SysWow64\NVClientDLL.dll
[2012/03/13 17:25:30 | 000,045,928 | ---- | C] () -- C:\Windows\SysWow64\D3DPlayDLL.dll
[2012/01/03 18:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\utf8_2_font.dll
[2011/11/29 17:10:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxESP.dll
[2011/11/28 09:36:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHT.dll
[2011/11/28 09:36:42 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2011/11/26 18:47:20 | 000,242,688 | ---- | C] () -- C:\Windows\SysWow64\DvrNet.dll
[2011/11/22 10:40:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA(yuxin).dll
[2011/11/18 19:16:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_NVR_SCALE.dll
[2011/11/16 11:02:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\winpubf6.dll
[2011/11/15 11:07:56 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFAR(changshi).dll
[2011/11/01 18:19:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA.dll
[2011/10/19 18:27:32 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHEB.dll
[2011/09/13 11:15:04 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHRV.dll
[2011/08/23 17:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\NetMsgDLL.dll
[2011/08/20 12:34:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxDEU.dll
[2011/08/04 17:48:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPXXX.dll
[2011/06/16 16:49:40 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTB.dll
[2011/06/16 16:49:36 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPLK.dll
[2011/06/16 16:49:34 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK.dll
[2011/06/16 16:49:32 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxITA.dll
[2011/06/16 16:49:30 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxROM.dll
[2011/06/16 16:49:28 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS(DIT).dll
[2011/06/16 16:48:56 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTHA.dll
[2011/06/16 16:48:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFAR.dll
[2011/06/14 11:20:06 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxARS.dll
[2011/05/12 15:23:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCSY.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHUN.dll
[2011/05/12 15:23:00 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxELL.dll
[2011/05/12 15:22:58 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxNLD.dll
[2011/04/29 18:27:12 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK(KNOWLEDGE).dll
[2011/03/25 16:32:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_35x_SCALE.dll
[2011/03/25 16:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.84.0.dll
[2011/03/11 10:11:00 | 000,080,915 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.36.0.dll
[2011/03/11 10:10:58 | 000,824,851 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.108.0.dll
[2011/03/11 10:10:58 | 000,171,539 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.12.0.dll
[2011/03/11 10:10:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.93.0.dll
[2011/03/11 10:10:58 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avcore-0.16.1.dll
[2011/03/09 18:18:52 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_742_JPEG.dll
[2011/03/09 18:14:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_742_H264.dll
[2011/03/09 18:06:42 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_742_SCALE.dll
[2010/06/17 18:07:24 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.11.0.dll
[2010/06/17 18:07:24 | 000,070,163 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.19.0.dll
[2010/06/17 18:07:22 | 000,798,739 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.77.0.dll
[2010/06/17 18:07:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.68.0.dll
[2010/04/10 23:25:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/27 17:29:55 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/27 17:29:55 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/25 08:52:03 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/11/16 22:58:21 | 000,834,460 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/03 10:13:38 | 000,003,920 | ---- | C] () -- C:\Windows\Language(Config)_TI.ini
[2009/07/14 16:31:32 | 000,003,660 | ---- | C] () -- C:\Windows\Language(Config)_HB.ini
[2009/07/14 16:29:04 | 000,001,861 | ---- | C] () -- C:\Windows\Language(Config)_EN.ini
[2009/07/14 16:29:00 | 000,003,952 | ---- | C] () -- C:\Windows\Language(Config)_DE.ini
[2009/07/14 16:28:58 | 000,004,028 | ---- | C] () -- C:\Windows\Language(Config)_CZ.ini
[2009/07/14 16:28:50 | 000,001,706 | ---- | C] () -- C:\Windows\Language(Config)_TC.ini
[2009/07/14 16:28:46 | 000,004,094 | ---- | C] () -- C:\Windows\Language(Config)_SWE.ini
[2009/07/14 16:28:42 | 000,002,798 | ---- | C] () -- C:\Windows\Language(Config)_SC.ini
[2009/07/14 16:28:30 | 000,004,152 | ---- | C] () -- C:\Windows\Language(Config)_RU.ini
[2009/07/14 16:28:26 | 000,004,432 | ---- | C] () -- C:\Windows\Language(Config)_PT.ini
[2009/07/14 16:28:22 | 000,004,240 | ---- | C] () -- C:\Windows\Language(Config)_PL.ini
[2009/07/14 16:28:16 | 000,004,090 | ---- | C] () -- C:\Windows\Language(Config)_NL.ini
[2009/07/14 16:28:12 | 000,004,666 | ---- | C] () -- C:\Windows\Language(Config)_IT.ini
[2009/07/14 16:28:06 | 000,004,338 | ---- | C] () -- C:\Windows\Language(Config)_FR.ini
[2009/07/14 16:28:00 | 000,004,174 | ---- | C] () -- C:\Windows\Language(Config)_FIN.ini
[2009/07/14 16:27:56 | 000,004,516 | ---- | C] () -- C:\Windows\Language(Config)_ES.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/08 17:01:34 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\np_hoem_x.dll
[2008/03/27 18:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\RemoteSocket.dll
[2008/03/17 14:50:26 | 000,802,321 | ---- | C] () -- C:\Windows\SysWow64\avcodec_0.4.9_pre1.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil_0.4.9_pre1-49.dll
[2008/03/17 14:49:38 | 000,029,648 | ---- | C] () -- C:\Windows\SysWow64\avutil_0.4.9_pre1.dll
[2007/11/02 00:58:12 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\SkinManager.dll
[2007/09/07 15:50:34 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\J2K_Decode.dll
[2007/09/06 16:02:24 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\PTZManager.dll
[2006/10/16 04:10:28 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2005/01/17 08:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 17:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< :otl >[/color]
 
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdvgkmd.sys -- (VGPU) >[/color]
 
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) >[/color]
 
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synth3dvsc.sys -- (Synth3dVsc) >[/color]
 
[color=#A23BEC]< DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb) >[/color]
 
[color=#A23BEC]< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB F3 92 89 4A 5F CA 01  [binary data] >[/color]
 
[color=#A23BEC]< IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found >[/color]
 
[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found. >[/color]
 
[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. >[/color]
 
[color=#A23BEC]< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. >[/color]
 
[color=#A23BEC]< O13 - gopher Prefix: missing >[/color]
 
[color=#A23BEC]< O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found >[/color]
 
[color=#A23BEC]< O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found >[/color]
 
[color=#A23BEC]< O18:64bit: - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - Reg Error: Key error. File not found >[/color]
 
[color=#A23BEC]< O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found >[/color]
 
[color=#A23BEC]< O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found >[/color]
 
[color=#A23BEC]< O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found >[/color]
 
[color=#A23BEC]< O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found >[/color]
Invalid Switch: pagefile) -  File not found
 
[color=#A23BEC]< O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found >[/color]
Invalid Switch: pagefile) -  File not found

 
[color=#A23BEC]< O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll File not found >[/color]
 
[color=#A23BEC]< O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. >[/color]
 
[color=#A23BEC]< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. >[/color]
 
[color=#A23BEC]< O34 - HKLM BootExecute: (autocheck autochk *) -  File not found >[/color]
 
[color=#A23BEC]< @Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1CA >[/color]
 
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
 
[color=#A23BEC]< :Commands >[/color]
 
[color=#A23BEC]< [PURITY] >[/color]
 
[color=#A23BEC]< [EMPTYTEMP] >[/color]
 
[color=#A23BEC]< [emptyjava] >[/color]
 
[color=#A23BEC]< [EMPTYFLASH] >[/color]
 
[color=#A23BEC]< [RESETHOSTS] >[/color]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:CF54F1CA

< End of report >
0
Sudeep SharmaTechnical DesignerCommented:
Hi TG-TIS,

You have SUPERAntiSpyware installed and running it in realtime scanning mode and you also have Symantec Anti-Virus.

Windows Defender Service running as well.

I would recommend you to Uninstall SuperAntiSpyware and stop the Windows Defender Service.

Logs also suggests that the NIC dirvers are quite old (2009 make), you should update them as well.

I would also suggest you to install Secunia PSI which would tell you which programs need update on your system.

http://www.bleepingcomputer.com/download/secunia-psi/

Sudeep
0
Tony GiangrecoAuthor Commented:
I updated the nic driver and disabled superAntiSpyware frun running at startup and also disabled it's realtime protection.

I don't see a place to disable Windows defender and can't find that service.

Any suggestions?
0
Tony GiangrecoAuthor Commented:
I installed Secunia PSI 3.0 but when I launched it, it displayed an error saying the user ID was not found. It just came back and is running a scan.
0
Tony GiangrecoAuthor Commented:
Hi Sudeep,

I got Secunia to run, but it takes a while. It did help me update a few apps.

Any feedback on the Old Timers Log?
0
Sudeep SharmaTechnical DesignerCommented:
On Windows 7 Windows Defender is named as "Windows Defender" if you look at the services. If it is running stop it.

OTL logs are fine, They removed the entries which we wanted it to remove.

Now run a full system scan of ESET Online Scanner and post the logs if it founds any infection.

ESET online scan
http://www.eset.com/us/online-scanner

If the above link doesn't work for you try the installer for online scanning from the link below:

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

Sudeep
0
Tony GiangrecoAuthor Commented:
I ended up performing a clean re-install.  The other suggestions were good, but did not provide the cleanup it needed.

Thanks to all experts.
0
aadihCommented:
Great. You got it working. :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.