O1 HOSTS File: ([2015/09/23 17:40:07 | 000,003,139 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 vortex.data.microsoft.com
O1 - Hosts: 0.0.0.0 vortex-win.data.microsoft.com
O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 oca.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 redir.metaservices.microsoft.com
O1 - Hosts: 0.0.0.0 choice.microsoft.com
O1 - Hosts: 0.0.0.0 choice.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 wes.df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 services.wes.df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 sqm.df.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 watson.ppe.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 telemetry.appex.bing.net
O1 - Hosts: 0.0.0.0 telemetry.urs.microsoft.com
O1 - Hosts: 0.0.0.0 telemetry.appex.bing.net:443
O1 - Hosts: 0.0.0.0 settings-sandbox.data.microsoft.com
O1 - Hosts: 0.0.0.0 survey.watson.microsoft.com
O1 - Hosts: 0.0.0.0 watson.live.com
O1 - Hosts: 0.0.0.0 watson.microsoft.com
O1 - Hosts: 0.0.0.0 statsfe2.ws.microsoft.com
O1 - Hosts: 37 more lines...
O2:
64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:
64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:
64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:
64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:
64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:
64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:
64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:
64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:
64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe ()
O4:
64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll (Lenovo Corporation)
O4:
64bit: - HKLM..\Run: [LenovoUtility] C:\Program Files\Lenovo\LenovoUtility\utility.exe ()
O4:
64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKCU..\Run: [Bloody2] C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O8:
64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:
64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:
64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:
64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:
64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:
64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:
64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:
64bit: - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:
64bit: - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:
64bit: - ..Trusted Domains: eset.com ([help] http in Trusted sites)
O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 11.66.2)
O16 - DPF: {CAFEEFAC-0018-0000-0066-ABCDEFFEDCBA}
http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 1.8.0_66)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 1.8.0_66)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.229.190.143 147.229.191.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C1A81DF-5BE4-4D97-AF2F-5E8C06A90F96}: DhcpNameServer = 46.16.120.2 217.11.224.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7A18235-4773-4289-834F-0291591A85B0}: DhcpNameServer = 147.229.190.143 147.229.191.143
O18:
64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\osf - No CLSID value found
O18:
64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:
64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:
64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = "G:\setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2015/11/26 17:34:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL (1).exe
[2015/11/26 16:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2015/11/26 16:41:01 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2015/11/26 16:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/11/26 16:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/11/26 16:31:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2015/11/26 16:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/11/26 15:55:14 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2015/11/26 15:55:01 | 000,875,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr120_clr0400.dll
[2015/11/26 15:55:01 | 000,869,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcr120_clr0400.dll
[2015/11/26 15:54:49 | 001,661,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll
[2015/11/26 15:54:49 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2015/11/26 15:54:49 | 000,377,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\clfs.sys
[2015/11/26 15:54:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2015/11/26 15:54:49 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\clfsw32.dll
[2015/11/26 15:54:49 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\clfsw32.dll
[2015/11/26 15:54:48 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2015/11/26 15:54:48 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2015/11/26 15:54:48 | 000,301,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2015/11/26 15:54:48 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2015/11/26 15:54:48 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2015/11/26 15:54:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tzsync.exe
[2015/11/26 15:54:26 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2015/11/26 15:38:56 | 000,898,144 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/11/26 15:38:56 | 000,818,784 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2015/11/26 15:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/11/26 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Sun
[2015/11/26 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\Adam\.oracle_jre_usage
[2015/11/26 15:37:41 | 000,097,888 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/11/26 15:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/11/26 15:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015/11/23 17:09:43 | 000,038,432 | ---- | C] (SoftEther Corporation) -- C:\windows\SysNative\drivers\Neo_VPN.sys
[2015/11/23 17:08:52 | 000,144,104 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\windows\SysNative\vpncmd.exe
[2015/11/23 17:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\SoftEther VPN Client
[2015/11/23 17:08:30 | 000,051,232 | ---- | C] (SoftEther Corporation) -- C:\windows\SysNative\drivers\SeLow_x64.sys
[2015/11/17 11:48:35 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Games
[2015/11/11 13:34:02 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2015/11/11 13:34:02 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2015/11/11 13:34:02 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2015/11/11 13:34:02 | 000,272,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2015/11/11 13:34:02 | 000,136,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wfplwfs.sys
[2015/11/10 13:21:37 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Tisk
[2015/11/03 21:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearts of Iron III - Their Finest Hour
[2015/11/03 21:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
[2015/11/03 21:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2015/10/30 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Diagnostics
[2015/10/30 12:53:54 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
[2015/10/29 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Glyph
[2015/10/29 14:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
[2015/10/29 14:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Glyph
[2015/10/29 14:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glyph
[2015/10/28 15:44:19 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Larian Studios
[2015/10/28 15:44:15 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Steam
[2015/10/28 15:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity Original Sin Enhanced Edition
[2015/10/28 15:08:33 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\MEGAsync Downloads
[2015/10/28 15:07:55 | 000,000,000 | R--D | C] -- C:\Users\Adam\Documents\MEGAsync
[2015/10/28 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Mega Limited
[2015/10/28 15:05:44 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
[2015/10/28 15:05:40 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\MEGAsync
[2015/10/28 12:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2015/11/26 17:34:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL (1).exe
[2015/11/26 17:29:01 | 000,120,199 | ---- | M] () -- C:\Users\Adam\Desktop\Untitled.png
[2015/11/26 17:07:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/11/26 17:07:04 | 000,000,962 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/11/26 17:05:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/11/26 17:05:41 | 2505,215,999 | -HS- | M] () -- C:\hiberfil.sys
[2015/11/26 17:05:39 | 000,111,088 | ---- | M] (Lenovo (Beijing) Limited) -- C:\windows\SysNative\LenovoCheck.exe
[2015/11/26 17:05:39 | 000,026,608 | ---- | M] (Lenovo) -- C:\windows\SysNative\LenovoUpdate.exe
[2015/11/26 17:05:37 | 000,153,336 | ---- | M] () -- C:\windows\SysNative\wpbbin.exe
[2015/11/26 16:51:57 | 001,749,406 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/11/26 16:51:57 | 000,740,946 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2015/11/26 16:51:57 | 000,723,514 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/11/26 16:51:57 | 000,152,150 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2015/11/26 16:51:57 | 000,136,128 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/11/26 16:48:01 | 000,000,966 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/11/26 16:44:41 | 000,492,424 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2015/11/26 16:41:07 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/11/26 15:57:57 | 000,144,776 | ---- | M] () -- C:\Users\Adam\Desktop\cc_20151126_155749.reg
[2015/11/26 15:56:31 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/11/26 15:37:16 | 000,097,888 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/11/26 15:37:15 | 000,898,144 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/11/26 15:37:15 | 000,818,784 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2015/11/26 15:37:15 | 000,278,624 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2015/11/23 17:09:43 | 000,038,432 | ---- | M] (SoftEther Corporation) -- C:\windows\SysNative\drivers\Neo_VPN.sys
[2015/11/23 17:08:52 | 000,144,104 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\windows\SysNative\vpncmd.exe
[2015/11/23 17:08:39 | 000,051,232 | ---- | M] (SoftEther Corporation) -- C:\windows\SysNative\drivers\SeLow_x64.sys
[2015/11/18 16:30:04 | 000,348,928 | ---- | M] () -- C:\Users\Adam\Desktop\18112015416.jpg
[2015/11/17 11:48:22 | 000,002,853 | ---- | M] () -- C:\Users\Adam\Desktop\Word 2013.lnk
[2015/11/17 11:48:16 | 000,002,805 | ---- | M] () -- C:\Users\Adam\Desktop\Excel 2013.lnk
[2015/11/12 19:50:00 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/11/04 19:46:13 | 000,001,918 | ---- | M] () -- C:\Users\Adam\Desktop\BI Quick Launch - Shortcut.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2015/11/26 17:28:21 | 000,120,199 | ---- | C] () -- C:\Users\Adam\Desktop\Untitled.png
[2015/11/26 16:41:07 | 000,001,414 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2015/11/26 16:41:07 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/11/26 15:57:53 | 000,144,776 | ---- | C] () -- C:\Users\Adam\Desktop\cc_20151126_155749.reg
[2015/11/26 15:56:31 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/11/18 16:23:08 | 000,348,928 | ---- | C] () -- C:\Users\Adam\Desktop\18112015416.jpg
[2015/11/17 11:48:22 | 000,002,853 | ---- | C] () -- C:\Users\Adam\Desktop\Word 2013.lnk
[2015/11/17 11:48:16 | 000,002,805 | ---- | C] () -- C:\Users\Adam\Desktop\Excel 2013.lnk
[2015/11/04 19:46:13 | 000,001,918 | ---- | C] () -- C:\Users\Adam\Desktop\BI Quick Launch - Shortcut.lnk
[2015/10/13 14:04:40 | 000,000,021 | ---- | C] () -- C:\ProgramData\settings.cfg
[2015/10/07 14:27:33 | 000,007,591 | ---- | C] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg
[2015/09/23 17:25:23 | 000,707,354 | ---- | C] () -- C:\windows\unins000.exe
[2015/09/23 17:25:23 | 000,001,531 | ---- | C] () -- C:\windows\unins000.dat
[2015/09/23 17:16:19 | 000,004,608 | ---- | C] () -- C:\windows\SECOH-QAD.exe
[2015/09/23 17:16:19 | 000,003,584 | ---- | C] () -- C:\windows\SECOH-QAD.dll
[2015/08/04 03:56:54 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\amdhdl32.dll
[2015/08/04 03:07:42 | 000,143,872 | ---- | C] () -- C:\windows\SysWow64\atieah32.exe
[2015/08/04 03:07:34 | 000,189,952 | ---- | C] () -- C:\windows\SysWow64\amdgfxinfo32.dll
[2015/08/04 02:37:22 | 000,102,400 | ---- | C] () -- C:\windows\SysWow64\hsa-thunk.dll
[2015/02/12 06:33:08 | 000,007,920 | ---- | C] () -- C:\windows\SysWow64\VisualDiscovery.ini
[2015/02/12 06:33:08 | 000,005,376 | ---- | C] () -- C:\windows\SysWow64\VisualDiscoveryOff.ini
[2015/02/12 05:50:36 | 000,000,059 | ---- | C] () -- C:\windows\PEIS_PreloadData.ini
[2015/02/12 05:34:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/02/12 05:34:15 | 001,782,246 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2015/02/12 05:26:06 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2015/02/12 04:43:54 | 000,107,008 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2015/02/12 04:42:18 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2015/02/11 13:07:08 | 000,187,392 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2015/02/11 13:07:07 | 017,280,792 | ---- | C] () -- C:\windows\SysWow64\igd11dxva32.dll
[2015/02/11 13:06:20 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2015/02/11 13:06:20 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2015/02/11 13:06:18 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2015/02/11 13:06:14 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe
[2015/02/11 13:06:14 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe
[2014/12/17 06:37:28 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2014/03/18 10:55:08 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini
========== ZeroAccess Check ========== [2015/09/21 14:42:44 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/10/29 04:57:39 | 022,295,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/10/29 04:10:55 | 019,734,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 02:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 01:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 02:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2015/10/13 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\7 Sticky Notes
[2015/10/11 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Awesomium
[2015/09/23 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Battle.net
[2015/09/21 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ClassicShell
[2015/10/14 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DAEMON Tools Lite
[2015/09/22 06:05:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Graphisoft
[2015/09/22 06:01:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Install.GS
[2015/09/30 15:26:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\LolClient
[2015/09/21 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\LSC
[2015/09/24 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Notepad++
[2015/10/14 11:03:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PowerISO
[2015/11/20 16:29:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\qBittorrent
[2015/09/26 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Riot Games
[2015/10/28 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Steam
[2015/11/26 17:36:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TS3Client
[2015/09/30 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\{B5012C21-ECA4-41AF-ABD1-F549D019B7A9}
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\Adam\OneDrive:ms-properties
< End of report >
