Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- OTL logfile created on: 22.10.2015. 0:27:33 - Run 1
- OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VIP\Desktop
- 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
- Internet Explorer (Version = 8.0.7601.17514)
- Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
- 4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,31% Memory free
- 7,99 Gb Paging File | 6,21 Gb Available in Paging File | 77,69% Paging File free
- Paging file location(s): ?:\pagefile.sys [binary data]
- %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
- Drive C: | 97,66 Gb Total Space | 73,96 Gb Free Space | 75,74% Space Free | Partition Type: NTFS
- Drive D: | 135,13 Gb Total Space | 108,97 Gb Free Space | 80,64% Space Free | Partition Type: NTFS
- Computer Name: VIP-PC | User Name: VIP | Logged in as Administrator.
- Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
- Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
- [color=#E56717]========== Processes (SafeList) ==========[/color]
- PRC - [2015.10.22 00:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VIP\Desktop\OTL.exe
- PRC - [2015.10.18 02:15:45 | 003,426,504 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
- PRC - [2015.10.15 03:14:23 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- PRC - [2015.03.12 01:54:32 | 000,066,816 | ---- | M] (Tweaking.com) -- C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
- [color=#E56717]========== Modules (No Company Name) ==========[/color]
- MOD - [2015.10.18 02:15:45 | 017,599,688 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
- MOD - [2010.01.21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
- MOD - [2010.01.09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
- [color=#E56717]========== Services (SafeList) ==========[/color]
- SRV:[b]64bit:[/b] - [2015.10.09 16:30:52 | 002,505,472 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
- SRV:[b]64bit:[/b] - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
- SRV:[b]64bit:[/b] - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
- SRV - [2015.10.17 21:32:49 | 000,136,048 | ---- | M] (Dropbox, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
- SRV - [2015.10.17 21:32:49 | 000,136,048 | ---- | M] (Dropbox, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
- SRV - [2015.10.15 03:14:40 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
- SRV - [2015.10.05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
- SRV - [2015.07.11 05:41:02 | 000,024,888 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
- SRV - [2015.07.09 13:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
- SRV - [2015.06.19 23:14:56 | 000,104,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
- SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
- [color=#E56717]========== Driver Services (SafeList) ==========[/color]
- DRV:[b]64bit:[/b] - [2015.10.18 03:04:28 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
- DRV:[b]64bit:[/b] - [2015.10.05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
- DRV:[b]64bit:[/b] - [2015.10.05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
- DRV:[b]64bit:[/b] - [2015.07.30 12:41:36 | 000,264,040 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
- DRV:[b]64bit:[/b] - [2015.07.30 12:41:36 | 000,186,784 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
- DRV:[b]64bit:[/b] - [2015.07.30 12:41:36 | 000,170,792 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
- DRV:[b]64bit:[/b] - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
- DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
- DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
- DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
- DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
- DRV:[b]64bit:[/b] - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
- DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
- DRV:[b]64bit:[/b] - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
- DRV:[b]64bit:[/b] - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
- DRV:[b]64bit:[/b] - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
- DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
- DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
- DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
- DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
- DRV:[b]64bit:[/b] - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
- DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
- DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
- [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
- [color=#E56717]========== Internet Explorer ==========[/color]
- IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
- IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
- IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
- IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
- IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 7E 24 67 10 09 D1 01 [binary data]
- IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
- IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
- IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
- [color=#E56717]========== FireFox ==========[/color]
- FF - prefs.js..browser.search.countryCode: "HR"
- FF - prefs.js..browser.search.region: "HR"
- FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2
- FF - user.js - File not found
- FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll File not found
- FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
- FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
- FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
- FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
- FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
- FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll ()
- FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll (Adobe Systems, Inc.)
- FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
- FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
- FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
- FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
- FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
- FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
- FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
- FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
- FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
- FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
- FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
- [2015.10.17 21:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VIP\AppData\Roaming\Mozilla\Extensions
- [2015.10.17 22:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VIP\AppData\Roaming\Mozilla\Firefox\Profiles\s4siomwd.default\extensions
- [2015.10.17 21:54:58 | 000,120,696 | ---- | M] () (No name found) -- C:\Users\VIP\AppData\Roaming\Mozilla\Firefox\Profiles\s4siomwd.default\extensions\elemhidehelper@adblockplus.org.xpi
- [2015.10.17 21:54:42 | 000,962,762 | ---- | M] () (No name found) -- C:\Users\VIP\AppData\Roaming\Mozilla\Firefox\Profiles\s4siomwd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- [2015.10.17 21:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
- [2015.10.17 21:25:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- O1 HOSTS File: ([2015.10.20 23:52:03 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
- O1 - Hosts: 127.0.0.1 localhost
- O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
- O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
- O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
- O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
- O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
- O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
- O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
- O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
- O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
- O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
- O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Microsoft)
- O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Microsoft)
- O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
- O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
- O13[b]64bit:[/b] - gopher Prefix: missing
- O13 - gopher Prefix: missing
- O15:[b]64bit:[/b] - ..Trusted Domains: eset.com ([help] http in Trusted sites)
- O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
- O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1445118636217 (MUCatalogWebControl Class)
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6683622C-4037-451B-9CE3-F052E65B1BB9}: DhcpNameServer = 192.168.5.1
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E11D69C-1AE0-46F8-8BDF-D28D911936DA}: NameServer = 193.198.184.130 193.198.184.140
- O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
- O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
- O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
- O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
- O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
- O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
- O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
- O32 - HKLM CDRom: AutoRun - 1
- O33 - MountPoints2\{db00cb8d-7528-11e5-bf70-00226457cfd9}\Shell - "" = AutoRun
- O33 - MountPoints2\{db00cb8d-7528-11e5-bf70-00226457cfd9}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
- O34 - HKLM BootExecute: (autocheck autochk *)
- O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
- O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
- O35 - HKLM\..comfile [open] -- "%1" %*
- O35 - HKLM\..exefile [open] -- "%1" %*
- O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
- O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
- O37 - HKLM\...com [@ = comfile] -- "%1" %*
- O37 - HKLM\...exe [@ = exefile] -- "%1" %*
- O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
- O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
- O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
- NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
- Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
- Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
- Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
- CREATERESTOREPOINT
- Restore point Set: OTL Restore Point
- [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
- [2015.10.22 00:25:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VIP\Desktop\OTL.exe
- [2015.10.21 00:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
- [2015.10.21 00:00:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
- [2015.10.20 23:32:28 | 000,000,000 | ---D | C] -- C:\RegBackup
- [2015.10.20 21:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
- [2015.10.20 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
- [2015.10.20 17:13:20 | 000,000,000 | R--D | C] -- C:\Users\VIP\Documents\Scanned Documents
- [2015.10.20 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\VIP\Documents\Fax
- [2015.10.18 23:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
- [2015.10.18 22:57:48 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\MPC-HC
- [2015.10.18 06:44:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther
- [2015.10.18 03:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
- [2015.10.18 02:57:39 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Hewlett-Packard
- [2015.10.18 02:57:34 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Hewlett-Packard
- [2015.10.18 02:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
- [2015.10.18 02:54:45 | 000,000,000 | ---D | C] -- C:\System.sav
- [2015.10.18 02:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
- [2015.10.18 02:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
- [2015.10.18 02:53:37 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\hpqLog
- [2015.10.18 02:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C}
- [2015.10.18 02:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
- [2015.10.18 02:52:33 | 000,000,000 | ---D | C] -- C:\swsetup
- [2015.10.18 02:48:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
- [2015.10.18 02:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
- [2015.10.18 02:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
- [2015.10.18 02:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
- [2015.10.18 02:15:55 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Macromedia
- [2015.10.18 02:15:55 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Macromedia
- [2015.10.18 02:15:55 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Adobe
- [2015.10.18 02:15:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
- [2015.10.18 02:15:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
- [2015.10.18 02:15:08 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Adobe
- [2015.10.18 02:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
- [2015.10.18 02:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
- [2015.10.18 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
- [2015.10.18 02:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
- [2015.10.18 02:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
- [2015.10.18 02:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
- [2015.10.18 02:04:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
- [2015.10.18 02:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
- [2015.10.18 02:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
- [2015.10.18 02:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
- [2015.10.18 02:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
- [2015.10.18 02:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
- [2015.10.18 02:01:27 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
- [2015.10.18 02:01:16 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Microsoft Help
- [2015.10.18 02:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
- [2015.10.18 02:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
- [2015.10.18 02:01:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
- [2015.10.18 01:58:40 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
- [2015.10.18 01:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
- [2015.10.18 01:58:23 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
- [2015.10.18 01:58:23 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
- [2015.10.18 01:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
- [2015.10.18 01:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
- [2015.10.17 22:51:16 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
- [2015.10.17 21:56:44 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\WindowsUpdate
- [2015.10.17 21:54:05 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Mozilla
- [2015.10.17 21:54:05 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Mozilla
- [2015.10.17 21:52:47 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Skype
- [2015.10.17 21:52:40 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Skype
- [2015.10.17 21:51:44 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\qBittorrent
- [2015.10.17 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\qBittorrent
- [2015.10.17 21:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
- [2015.10.17 21:43:10 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
- [2015.10.17 21:43:10 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
- [2015.10.17 21:43:10 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
- [2015.10.17 21:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
- [2015.10.17 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
- [2015.10.17 21:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\paint.net
- [2015.10.17 21:40:24 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\paint.net
- [2015.10.17 21:40:13 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Canneverbe Limited
- [2015.10.17 21:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
- [2015.10.17 21:36:47 | 000,000,000 | ---D | C] -- C:\Windows\Migration
- [2015.10.17 21:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
- [2015.10.17 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
- [2015.10.17 21:33:08 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Dropbox
- [2015.10.17 21:32:49 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Dropbox
- [2015.10.17 21:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Dropbox
- [2015.10.17 21:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
- [2015.10.17 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
- [2015.10.17 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
- [2015.10.17 21:32:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
- [2015.10.17 21:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
- [2015.10.17 21:31:51 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Foxit Software
- [2015.10.17 21:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
- [2015.10.17 21:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
- [2015.10.17 21:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
- [2015.10.17 21:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
- [2015.10.17 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
- [2015.10.17 21:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
- [2015.10.17 21:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
- [2015.10.17 21:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qBittorrent
- [2015.10.17 21:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
- [2015.10.17 21:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
- [2015.10.17 21:29:59 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Programs
- [2015.10.17 21:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
- [2015.10.17 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
- [2015.10.17 21:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
- [2015.10.17 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
- [2015.10.17 21:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
- [2015.10.17 21:28:07 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Sun
- [2015.10.17 21:28:07 | 000,000,000 | ---D | C] -- C:\Users\VIP\.oracle_jre_usage
- [2015.10.17 21:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
- [2015.10.17 21:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
- [2015.10.17 21:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
- [2015.10.17 21:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
- [2015.10.17 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
- [2015.10.17 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
- [2015.10.17 21:26:07 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
- [2015.10.17 21:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
- [2015.10.17 21:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
- [2015.10.17 21:08:06 | 000,000,000 | R--D | C] -- C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- [2015.10.17 21:08:06 | 000,000,000 | R--D | C] -- C:\Users\VIP\Searches
- [2015.10.17 21:08:06 | 000,000,000 | R--D | C] -- C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- [2015.10.17 21:08:05 | 000,000,000 | -H-D | C] -- C:\Users\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
- [2015.10.17 21:07:55 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Identities
- [2015.10.17 21:07:51 | 000,000,000 | R--D | C] -- C:\Users\VIP\Contacts
- [2015.10.17 21:07:49 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\VirtualStore
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\AppData\Local\Temporary Internet Files
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Templates
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Start Menu
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\SendTo
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Recent
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\PrintHood
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\NetHood
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Documents\My Videos
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Documents\My Pictures
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Documents\My Music
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\My Documents
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Local Settings
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\AppData\Local\History
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Cookies
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\Application Data
- [2015.10.17 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\VIP\AppData\Local\Application Data
- [2015.10.17 21:07:26 | 000,000,000 | --SD | C] -- C:\Users\VIP\AppData\Roaming\Microsoft
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Videos
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Saved Games
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Pictures
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Music
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Links
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Favorites
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Downloads
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Documents
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\Desktop
- [2015.10.17 21:07:26 | 000,000,000 | R--D | C] -- C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
- [2015.10.17 21:07:26 | 000,000,000 | -H-D | C] -- C:\Users\VIP\AppData
- [2015.10.17 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Temp
- [2015.10.17 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Local\Microsoft
- [2015.10.17 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\VIP\AppData\Roaming\Media Center Programs
- [2015.10.17 21:06:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
- [2015.10.17 21:06:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
- [2015.10.17 20:59:36 | 000,000,000 | -HSD | C] -- C:\Recovery
- [2015.10.17 20:46:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
- [2015.10.17 20:45:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
- [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
- [2015.10.22 00:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VIP\Desktop\OTL.exe
- [2015.10.22 00:16:06 | 000,778,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
- [2015.10.22 00:16:06 | 000,648,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
- [2015.10.22 00:16:06 | 000,116,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
- [2015.10.22 00:11:54 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
- [2015.10.22 00:11:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
- [2015.10.22 00:11:40 | 3217,502,208 | -HS- | M] () -- C:\hiberfil.sys
- [2015.10.21 22:09:35 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- [2015.10.21 22:09:35 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- [2015.10.21 00:08:11 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-VIP-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
- [2015.10.21 00:07:11 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Simple System Tweaker.lnk
- [2015.10.21 00:00:10 | 000,419,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
- [2015.10.20 23:52:03 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
- [2015.10.20 23:32:34 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-VIP-PC-Windows-7-Ultimate-(64-bit).dat
- [2015.10.20 23:09:08 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat
- [2015.10.20 21:30:09 | 000,002,163 | ---- | M] () -- C:\Users\VIP\Desktop\Tweaking.com - Windows Repair.lnk
- [2015.10.18 21:58:02 | 000,067,739 | ---- | M] () -- C:\Users\VIP\Desktop\Capture.JPG
- [2015.10.18 18:30:46 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
- [2015.10.18 18:30:46 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
- [2015.10.18 03:05:24 | 000,998,786 | ---- | M] () -- C:\Windows\SysNative\oem6.inf
- [2015.10.18 03:04:29 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
- [2015.10.17 22:33:46 | 000,000,653 | ---- | M] () -- C:\Users\VIP\Desktop\VLASTA.lnk
- [2015.10.17 21:38:01 | 000,749,824 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
- [2015.10.17 21:31:40 | 000,001,379 | ---- | M] () -- C:\Users\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
- [2015.10.17 21:17:00 | 000,001,441 | ---- | M] () -- C:\Users\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
- [2015.10.17 20:49:25 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
- [2015.10.17 20:49:25 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
- [2015.10.17 20:47:53 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
- [2015.10.17 20:47:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
- [2015.10.05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
- [2015.10.05 09:50:10 | 000,109,272 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
- [2015.10.05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
- [color=#E56717]========== Files Created - No Company Name ==========[/color]
- [2015.10.21 00:08:11 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-VIP-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
- [2015.10.21 00:07:11 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Simple System Tweaker.lnk
- [2015.10.21 00:00:39 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
- [2015.10.20 23:32:34 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-VIP-PC-Windows-7-Ultimate-(64-bit).dat
- [2015.10.20 23:09:08 | 000,003,552 | ---- | C] () -- C:\bootsqm.dat
- [2015.10.20 21:30:09 | 000,002,163 | ---- | C] () -- C:\Users\VIP\Desktop\Tweaking.com - Windows Repair.lnk
- [2015.10.18 21:58:02 | 000,067,739 | ---- | C] () -- C:\Users\VIP\Desktop\Capture.JPG
- [2015.10.18 03:05:42 | 000,998,786 | ---- | C] () -- C:\Windows\SysNative\oem6.inf
- [2015.10.18 03:04:38 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
- [2015.10.17 22:33:48 | 000,000,653 | ---- | C] () -- C:\Users\VIP\Desktop\VLASTA.lnk
- [2015.10.17 21:40:53 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
- [2015.10.17 21:40:13 | 000,001,692 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
- [2015.10.17 21:38:01 | 000,749,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
- [2015.10.17 21:32:56 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
- [2015.10.17 21:32:53 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
- [2015.10.17 21:31:40 | 000,001,379 | ---- | C] () -- C:\Users\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
- [2015.10.17 21:26:04 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
- [2015.10.17 21:17:00 | 000,001,441 | ---- | C] () -- C:\Users\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
- [2015.10.17 21:08:15 | 000,001,413 | ---- | C] () -- C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
- [2015.10.17 21:08:09 | 000,001,447 | ---- | C] () -- C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
- [2015.10.17 21:07:26 | 000,000,290 | ---- | C] () -- C:\Users\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
- [2015.10.17 21:07:26 | 000,000,272 | ---- | C] () -- C:\Users\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
- [2015.10.17 20:49:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
- [2015.10.17 20:49:07 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
- [2015.10.17 20:47:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
- [2015.10.17 20:47:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
- [2015.10.17 20:45:46 | 3217,502,208 | -HS- | C] () -- C:\hiberfil.sys
- [color=#E56717]========== ZeroAccess Check ==========[/color]
- [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
- [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
- [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
- [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
- [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
- [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
- "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Apartment
- [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
- "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Apartment
- [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
- "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Free
- [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
- "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Free
- [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
- "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Both
- [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
- [color=#E56717]========== LOP Check ==========[/color]
- [2015.10.17 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\VIP\AppData\Roaming\Canneverbe Limited
- [2015.10.17 21:33:08 | 000,000,000 | ---D | M] -- C:\Users\VIP\AppData\Roaming\Dropbox
- [2015.10.20 17:04:40 | 000,000,000 | ---D | M] -- C:\Users\VIP\AppData\Roaming\Foxit Software
- [2015.10.18 22:57:48 | 000,000,000 | ---D | M] -- C:\Users\VIP\AppData\Roaming\MPC-HC
- [2015.10.17 22:02:37 | 000,000,000 | ---D | M] -- C:\Users\VIP\AppData\Roaming\qBittorrent
- [color=#E56717]========== Purity Check ==========[/color]
- [color=#E56717]========== Custom Scans ==========[/color]
- [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
- [2015.10.20 23:09:08 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat
- [2015.10.22 00:11:40 | 3217,502,208 | -HS- | M] () -- C:\hiberfil.sys
- [2015.10.22 00:11:39 | 4290,002,944 | -HS- | M] () -- C:\pagefile.sys
- [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
- [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
- [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
- [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
- [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
- [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]
- [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
- [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
- [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]
- [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color]
- [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]
- [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]
- [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]
- [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]
- [color=#A23BEC]< %systemroot%\*.jpg >[/color]
- [color=#A23BEC]< %systemroot%\*.png >[/color]
- [color=#A23BEC]< %systemroot%\*.scr >[/color]
- [color=#A23BEC]< %systemroot%\*._sy >[/color]
- [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]
- [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]
- [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]
- [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
- [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
- [color=#A23BEC]< %APPDATA%\Update\*.* >[/color]
- [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
- [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
- [color=#A23BEC]< %PROGRAMFILES%\bak. /s >[/color]
- [color=#A23BEC]< %systemroot%\system32\bak. /s >[/color]
- [color=#A23BEC]< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[/color]
- [color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.dat /x >[/color]
- [color=#A23BEC]< %systemroot%\*.config >[/color]
- [color=#A23BEC]< %systemroot%\system32\*.db >[/color]
- [color=#A23BEC]< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[/color]
- [2015.10.17 21:17:00 | 000,000,221 | -HS- | M] () -- C:\Users\VIP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
- [color=#A23BEC]< %USERPROFILE%\Desktop\*.exe >[/color]
- [2015.10.22 00:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VIP\Desktop\OTL.exe
- [color=#A23BEC]< %PROGRAMFILES%\Common Files\*.* >[/color]
- [color=#A23BEC]< %systemroot%\*.src >[/color]
- [color=#A23BEC]< %systemroot%\install\*.* >[/color]
- [color=#A23BEC]< %systemroot%\system32\DLL\*.* >[/color]
- [color=#A23BEC]< %systemroot%\system32\HelpFiles\*.* >[/color]
- [color=#A23BEC]< %systemroot%\system32\rundll\*.* >[/color]
- [color=#A23BEC]< %systemroot%\winn32\*.* >[/color]
- [color=#A23BEC]< %systemroot%\Java\*.* >[/color]
- [color=#A23BEC]< %systemroot%\system32\test\*.* >[/color]
- [color=#A23BEC]< %systemroot%\system32\Rundll32\*.* >[/color]
- [color=#A23BEC]< %systemroot%\AppPatch\Custom\*.* >[/color]
- [color=#A23BEC]< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >[/color]
- [color=#A23BEC]< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >[/color]
- [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.tmp >[/color]
- [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.dat >[/color]
- [color=#A23BEC]< %USERPROFILE%\My Documents\*.exe >[/color]
- [color=#A23BEC]< %USERPROFILE%\*.exe >[/color]
- [color=#A23BEC]< %systemroot%\ADDINS\*.* >[/color]
- [2009.06.10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf
- [color=#A23BEC]< %systemroot%\assembly\*.bak2 >[/color]
- [color=#A23BEC]< %systemroot%\Config\*.* >[/color]
- [color=#A23BEC]< %systemroot%\REPAIR\*.bak2 >[/color]
- [color=#A23BEC]< %systemroot%\SECURITY\Database\*.sdb /x >[/color]
- [color=#A23BEC]< %systemroot%\SYSTEM\*.bak2 >[/color]
- [color=#A23BEC]< %systemroot%\Web\*.bak2 >[/color]
- [color=#A23BEC]< %systemroot%\Driver Cache\*.* >[/color]
- [color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\0*.exe >[/color]
- [color=#A23BEC]< %ProgramFiles%\Microsoft Common\*.* >[/color]
- [color=#A23BEC]< %ProgramFiles%\TinyProxy. >[/color]
- [color=#A23BEC]< %USERPROFILE%\Favorites\*.url /x >[/color]
- [2015.10.18 01:44:15 | 000,000,402 | -HS- | M] () -- C:\Users\VIP\Favorites\desktop.ini
- [color=#A23BEC]< %systemroot%\System32\Wbem\*.exe >[/color]
- [2009.07.14 03:14:24 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wbem\mofcomp.exe
- [2009.07.14 03:14:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wbem\WinMgmt.exe
- [2009.07.14 03:14:46 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wbem\WMIADAP.exe
- [2009.07.14 03:14:46 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wbem\WMIC.exe
- [2010.11.21 05:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wbem\WmiPrvSE.exe
- [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
- [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
- < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
