Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Missing favourites in IE and trojan found

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 14th, 2013, 12:35 pm

Hello Steve,

Very nice results! :D But we are not finished yet...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Processes
    RapportService.exe
    RapportMgmtService.exe
    
    :Services
    RapportCerberus_59849
    RapportMgmtService
    RapportEI
    RapportKELL
    RapportPG
    
    :OTL
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    
    :Files
    C:\Windows\System32\drivers\RapportKELL.sys
    C:\Program Files\Trusteer
    
    :Commands
    [emptytemp]
    [emptyflash]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Malwarebytes' Anti-Malware Rerun
As I saw you already have latest version of MBAM.
  1. Please start MBAM (Malwarebytes' Anti-Malware).
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab. Then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Step 3.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *Coupons*
    *datamngr*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Rapport*
    *Searchqu*
    *Searchnu*
    *Search Protection*
    *SearchProtection*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *Coupons*
    *datamngr*
    *Rapport*
    *searchab*
    *smartbar*
    *Search Protection*
    *SearchProtection*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    Coupons
    datamngr
    searchab
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Rapport
    Searchqu
    Searchnu
    Search Protection
    SearchProtection
    Slick
    smartbar
    Sweetpack
    Tarma
    Trusteer
    trolltech
    Vafmusic2
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 14th, 2013, 5:45 pm

mbam scan found nothing

only changes so far, the task bar appears to be very blocky like the screen resolution has changed.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
No active process named RapportService.exe was found!
No active process named RapportMgmtService.exe was found!
========== SERVICES/DRIVERS ==========
Error: Unable to stop service RapportCerberus_59849!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportCerberus_59849 deleted successfully.
Error: Unable to stop service RapportMgmtService!
Unable to delete service\driver key RapportMgmtService.
Error: Unable to stop service RapportEI!
Unable to delete service\driver key RapportEI.
Error: Unable to stop service RapportKELL!
Unable to delete service\driver key RapportKELL.
Error: Unable to stop service RapportPG!
Unable to delete service\driver key RapportPG.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
========== FILES ==========
File move failed. C:\Windows\System32\drivers\RapportKELL.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Steve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57302473 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 880 bytes

User: TEMP

User: TEMP.Steve-PC

User: TEMP.Steve-PC.000

User: TEMP.Steve-PC.001

User: TEMP.Steve-PC.002

User: TEMP.Steve-PC.003

User: TEMP.Steve-PC.004

User: TEMP.Steve-PC.005

User: TEMP.Steve-PC.006

User: TEMP.Steve-PC.007

User: TEMP.Steve-PC.008

User: UpdatusUser

User: UpdatusUser.Steve-PC

User: UpdatusUser.Steve-PC.000

User: UpdatusUser.Steve-PC.001

User: UpdatusUser.Steve-PC.002

User: UpdatusUser.Steve-PC.003

User: UpdatusUser.Steve-PC.004

User: UpdatusUser.Steve-PC.005

User: UpdatusUser.Steve-PC.006

User: UpdatusUser.Steve-PC.007

User: UpdatusUser.Steve-PC.008

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196730203 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 504332 bytes

Total Files Cleaned = 243.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Steve
->Flash cache emptied: 0 bytes

User: TEMP

User: TEMP.Steve-PC

User: TEMP.Steve-PC.000

User: TEMP.Steve-PC.001

User: TEMP.Steve-PC.002

User: TEMP.Steve-PC.003

User: TEMP.Steve-PC.004

User: TEMP.Steve-PC.005

User: TEMP.Steve-PC.006

User: TEMP.Steve-PC.007

User: TEMP.Steve-PC.008

User: UpdatusUser

User: UpdatusUser.Steve-PC

User: UpdatusUser.Steve-PC.000

User: UpdatusUser.Steve-PC.001

User: UpdatusUser.Steve-PC.002

User: UpdatusUser.Steve-PC.003

User: UpdatusUser.Steve-PC.004

User: UpdatusUser.Steve-PC.005

User: UpdatusUser.Steve-PC.006

User: UpdatusUser.Steve-PC.007

User: UpdatusUser.Steve-PC.008

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12142013_172911

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\RapportKELL.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer\Rapport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Trusteer scheduled to be moved on reboot.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Steve\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.2400.log moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Steve\AppData\Local\Trusteer\Rapport\user\logs\koan.2400.log moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Steve\AppData\Local\Trusteer\Rapport\user\logs\koanlight.2400.log moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1GF6CU3\viewtopic[3].htm moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KF641E1R\DroidSans[1].woff moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A46H4PZB\300lo[1].js moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A46H4PZB\sh142[2].htm moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 14th, 2013, 5:46 pm

systemlook file

SystemLook 30.07.11 by jpshortstuff
Log created at 20:56 on 14/12/2013 by Steve
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Users\Steve\Music\Boney M - Rivers Of Babylon.mp3 --a---- 6289860 bytes [23:29 31/10/2009] [09:50 06/08/2011] 36E418FCE4B15C9B8F15C866ACC94651
C:\Users\Steve\Music Videos\Boney M - Rivers Of Babylon.mp4 --a---- 534820120 bytes [17:04 01/12/2011] [00:38 04/12/2011] 3C37E20D14E28023DC5B07BFAB8AC5CA

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206600 bytes [08:11 07/09/2013] [08:11 07/09/2013] D30AECBCF91165E95F31B19BF4987454

Searching for "*Coupons*"
No files found.

Searching for "*datamngr*"
C:\Users\Steve\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [00:02 14/12/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Rapport*"
C:\Program Files\Trusteer\Rapport\StartRapport.ico --a---- 5430 bytes [16:40 08/09/2013] [16:40 08/09/2013] 9456E0D5BD69649A3F15B0FCA5C79427
C:\Program Files\Trusteer\Rapport\StopRapport.ico --a---- 5430 bytes [16:40 08/09/2013] [16:40 08/09/2013] 16CE06FA713FE5575FA90CA37C19B009
C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys --a---- 155704 bytes [19:00 02/12/2013] [19:00 02/12/2013] 65A5D1C037228F1AF52CB1A7EEDF8CC8
C:\Program Files\Trusteer\Rapport\bin\RapportKoan.dll --a---- 641304 bytes [18:59 02/12/2013] [18:59 02/12/2013] AD60446A481B470048954471EE467AF7
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe --a---- 1444120 bytes [18:59 02/12/2013] [18:59 02/12/2013] AD5B5C2C88A4D7E8D5AAA68576CB79C2
C:\Program Files\Trusteer\Rapport\bin\RapportNikko.dll --a---- 416024 bytes [18:59 02/12/2013] [18:59 02/12/2013] 470815C7EFCB5097AB1F47C839F00FD0
C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys --a---- 228888 bytes [19:00 02/12/2013] [19:00 02/12/2013] 14F008C3A5FF67B563BFCEC3088B27AB
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe --a---- 2484504 bytes [18:59 02/12/2013] [18:59 02/12/2013] FADA255ED771D4512151D372EC8C1306
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan10.dll --a---- 362776 bytes [18:59 02/12/2013] [18:59 02/12/2013] 4F434A9D13751A90915520DEE7B18941
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan17.dll --a---- 362776 bytes [18:59 02/12/2013] [18:59 02/12/2013] 0D35F0C02337BF74E0A73E5132302EB7
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan20.dll --a---- 362776 bytes [18:59 02/12/2013] [18:59 02/12/2013] 84F4FBD9428F0DC5967CA110A30A50CF
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan21.dll --a---- 362776 bytes [18:59 02/12/2013] [18:59 02/12/2013] 025D631794CCC41B0B0DF84E48988C51
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan22.dll --a---- 362776 bytes [18:59 02/12/2013] [18:59 02/12/2013] A5EC0422968CBB691CB582BDE0D1AF7C
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan23.dll --a---- 362776 bytes [18:59 02/12/2013] [18:59 02/12/2013] 5BB74FE84EA69C94F1DE860AE5634115
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan24.dll --a---- 366872 bytes [18:59 02/12/2013] [18:59 02/12/2013] 0EF1CE58E842A0EC389BB0343ADB321F
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan25.dll --a---- 366872 bytes [18:59 02/12/2013] [18:59 02/12/2013] E43D3E50077516E90D9709AFCA05E09E
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan26.dll --a---- 366872 bytes [18:59 02/12/2013] [18:59 02/12/2013] C2F56D54BEAFF11CE1D1807EBFBE2494
C:\Program Files\Trusteer\Rapport\bin\RapportTanzan36.dll --a---- 362776 bytes [18:59 02/12/2013] [18:59 02/12/2013] 830BA7493C150C28D74A7E2B4C157F35
C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll --a---- 3279128 bytes [18:59 02/12/2013] [18:59 02/12/2013] 74B654D4DC3A90353CE59DA60234C5E4
C:\Program Files\Trusteer\Rapport\data\html\rapport_config_console_var_1.html.data --a---- 73252 bytes [09:39 11/12/2013] [09:39 11/12/2013] 9C87FA4B01EACB822C709DFEFB598279
C:\Program Files\Trusteer\Rapport\data\html\images\rapport_title_transparent1_var_0.bmp.data --a---- 19956 bytes [09:39 11/12/2013] [09:39 11/12/2013] 138C80ADBE03BF06693785E1FADC379A
C:\Program Files\Trusteer\Rapport\data\html\img\rapport_var_0.png.data --a---- 660 bytes [09:39 11/12/2013] [09:39 11/12/2013] DCA20D6FBEDCDB681AB32FBAD8BF3FF6
C:\Program Files\Trusteer\Rapport\js\rapport-defaults_var_1.cfg.data --a---- 196 bytes [09:39 11/12/2013] [09:39 11/12/2013] 0E14A789BE15D4F3F4F4E2B655DF1402
C:\ProgramData\Trusteer\Rapport\store\rapport-us_var_1.cfg.data --a---- 276 bytes [09:43 11/12/2013] [09:43 11/12/2013] 4B174D69A2A236AAF7FD80EB672528A7
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus.dll --a---- 526136 bytes [22:02 03/03/2011] [22:02 03/03/2011] 4C25C69040A58CFFC81A2B4A3E2D7A2B
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys --a---- 55224 bytes [22:02 03/03/2011] [22:02 03/03/2011] D9569C76A4E3FBAE2CFE7EBF444ECE4D
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus.dll --a---- 526136 bytes [14:07 07/04/2011] [14:07 07/04/2011] CF60CEB3B80A2F7D84E1AAA2E5622140
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys --a---- 56888 bytes [14:07 07/04/2011] [14:07 07/04/2011] 300A0CD54E383637E09C774A59A69606
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus.dll --a---- 526136 bytes [09:38 13/04/2011] [09:38 13/04/2011] A9BFEDE581A641C10DA73C5EBD32CE70
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys --a---- 57144 bytes [09:38 13/04/2011] [09:38 13/04/2011] 3D80F6FB972CFFAB9A760892F9AB7232
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus.dll --a---- 526136 bytes [11:47 02/05/2011] [11:47 02/05/2011] 34091F54DD2263943CCD2126EAC0A0F1
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys --a---- 57144 bytes [11:47 02/05/2011] [11:47 02/05/2011] DF1F468A6016C4950CFC169AE77D84CD
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus.dll --a---- 526136 bytes [11:33 13/06/2011] [11:33 13/06/2011] 4C0E5E7747D09D5FCB66638C51C6DD7B
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys --a---- 57144 bytes [11:33 13/06/2011] [11:33 13/06/2011] 7BF4F7E3FF7067B80B7D3D1E031BCB0E
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus.dll --a---- 659728 bytes [08:50 26/07/2011] [08:50 26/07/2011] A87CB8F1FF46FB1620E6529272E75CCE
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus32_28711.sys --a---- 216752 bytes [08:50 26/07/2011] [08:50 26/07/2011] 0308AF6AC1758F078F59D6A14F0BFAA9
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus64_28711.sys --a---- 385808 bytes [08:50 26/07/2011] [08:50 26/07/2011] E0974D0548A4C698B8E67D71C521DE1A
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus.dll --a---- 659728 bytes [07:50 03/08/2011] [07:50 03/08/2011] 2B0581FA21996D21A9420FE2F99DB930
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys --a---- 216912 bytes [07:50 03/08/2011] [07:50 03/08/2011] DDA98CC4F34977914C731B8155E1CBD5
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys --a---- 386128 bytes [07:50 03/08/2011] [07:50 03/08/2011] 5B4155883A00150C962ECC8F06167868
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus.dll --a---- 659728 bytes [09:02 18/10/2011] [09:02 18/10/2011] F0C344F6B48F2734B099E08FA401D614
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys --a---- 227312 bytes [09:02 18/10/2011] [09:02 18/10/2011] 9919C63E9150AF648C42D28B5D72A32F
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys --a---- 396816 bytes [09:02 18/10/2011] [09:02 18/10/2011] 68B15A9A2A35D7AFA3BDA1FB9EDB84D0
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus.dll --a---- 659728 bytes [17:11 15/12/2011] [17:11 15/12/2011] 1D4AE27C06F62B7A337690E57C10FAD3
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys --a---- 228208 bytes [17:11 15/12/2011] [17:11 15/12/2011] 6B6F0A77365667912360FF1D5E984F25
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys --a---- 397520 bytes [17:11 15/12/2011] [17:11 15/12/2011] 5E0459ED0A8F540D2F7B6E52DA12C9D4
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll --a---- 688440 bytes [09:41 30/10/2012] [09:41 30/10/2012] 378C296F78EBC17E57C6CF96CD024D59
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys --a---- 272216 bytes [09:41 30/10/2012] [09:41 30/10/2012] 3AF684252780CF87DC2809F85B8F7591
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys --a---- 505720 bytes [09:41 30/10/2012] [09:41 30/10/2012] F98487B25828441B1C6488C642C2AC10
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus.dll --a---- 692976 bytes [12:13 23/06/2013] [12:13 23/06/2013] 280BE469198CA2E4E6B50AC6E25E1138
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys --a---- 317424 bytes [12:13 23/06/2013] [12:13 23/06/2013] D8D25770F45E0D71E33C3D970175ECB4
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys --a---- 588048 bytes [12:13 23/06/2013] [12:13 23/06/2013] AC919BD6B80CB2C8F8EAF5DF241BBB8F
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll --a---- 1098480 bytes [22:27 03/05/2012] [09:45 28/10/2013] 9EBAB3697E9A44291ECD532A5DFC8732
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_29574.sys --a---- 216912 bytes [18:01 25/09/2011] [18:01 25/09/2011] DDA98CC4F34977914C731B8155E1CBD5
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys --a---- 227312 bytes [21:30 07/11/2011] [21:30 07/11/2011] 2FCCC769CDBA34C6AB6183AA4D2F7519
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys --a---- 228208 bytes [22:27 03/05/2012] [08:37 29/05/2012] 6B6F0A77365667912360FF1D5E984F25
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys --a---- 228376 bytes [08:40 09/08/2012] [08:40 09/08/2012] 9054C4B91761773F0EFA59BED70C54B6
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys --a---- 316984 bytes [08:58 19/02/2013] [08:58 19/02/2013] CD55DB50735961FF8046AD3160E900A6
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys --a---- 330960 bytes [08:29 20/08/2013] [08:29 20/08/2013] B5909D985716A9CD8B75C12D6581426D
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys --a---- 340432 bytes [09:45 28/10/2013] [09:45 28/10/2013] AB51E1F08C8E789D6C9E8B94D15BE9A9
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_29574.sys --a---- 386128 bytes [18:01 25/09/2011] [18:01 25/09/2011] 5B4155883A00150C962ECC8F06167868
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys --a---- 396944 bytes [21:30 07/11/2011] [21:30 07/11/2011] F3DE80C63BB10EDC5AA92FC16EDC6E23
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys --a---- 397520 bytes [22:27 03/05/2012] [08:37 29/05/2012] 5E0459ED0A8F540D2F7B6E52DA12C9D4
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys --a---- 397720 bytes [08:40 09/08/2012] [08:40 09/08/2012] 00935D8DA2DCD34017544CFEBA97D1E7
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys --a---- 585944 bytes [08:58 19/02/2013] [08:58 19/02/2013] E3AE78C0F00A5E3792A1A3BCA33B6DF3
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys --a---- 589872 bytes [08:29 20/08/2013] [08:29 20/08/2013] 81BE76652B1D5B9493B9DD339F2D0FC0
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys --a---- 606672 bytes [09:45 28/10/2013] [09:45 28/10/2013] 000D82CC258E2D341605A6F350C4D1E6
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_22705.sys --a---- 47928 bytes [23:38 12/01/2011] [23:38 12/01/2011] AACC00277EAF817CEA01591A57F626CC
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_23945.sys --a---- 55224 bytes [09:19 08/04/2011] [09:19 08/04/2011] D9569C76A4E3FBAE2CFE7EBF444ECE4D
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_26169.sys --a---- 57144 bytes [13:36 28/04/2011] [13:36 28/04/2011] DF1F468A6016C4950CFC169AE77D84CD
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_26762.sys --a---- 57144 bytes [17:03 22/06/2011] [17:03 22/06/2011] 7BF4F7E3FF7067B80B7D3D1E031BCB0E
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_34302.rpkg --a---- 770159 bytes [06:23 08/07/2012] [06:23 08/07/2012] 0C9423C545E11BE46DF69356DAAD1A27
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_42020.rpkg --a---- 770421 bytes [08:06 06/02/2013] [08:06 06/02/2013] D3D4086F9A7DFCA5E0A1AACF0C0FFA88
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_56758.rpkg --a---- 1175520 bytes [22:25 10/09/2013] [22:25 10/09/2013] 1B029A13B9876858B71465F7EF47E6B1
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_59849.rpkg --a---- 1306707 bytes [19:05 02/12/2013] [19:05 02/12/2013] 8E4AD6639E2DC3184BB1C4767F810D59
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll --a---- 1061616 bytes [08:37 29/05/2012] [09:41 11/12/2013] 2E9C1C9C8566CD68F03D1A6CAAC53EBD
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_38854.rpkg --a---- 1234762 bytes [15:22 23/08/2012] [15:22 23/08/2012] 0CB402DB6C9B6BA54DF78CE0BB44612C
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_43962.rpkg --a---- 1331122 bytes [15:39 22/09/2012] [15:39 22/09/2012] 9DA2954154962E287802CA697003F471
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_44681.rpkg --a---- 1360915 bytes [08:07 06/02/2013] [08:07 06/02/2013] F37A882743720CF22B470C432F26E06F
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_57772.rpkg --a---- 1815335 bytes [22:25 10/09/2013] [22:25 10/09/2013] D256E8202F7CD2223D3A30F2A9D2992F
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_59849.rpkg --a---- 2036892 bytes [02:40 25/10/2013] [02:40 25/10/2013] 7DFBC93095EA4BF692CE1B47F2B82D90
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\x64\RapportGP_x64.dll --a---- 1424112 bytes [08:37 29/05/2012] [09:41 11/12/2013] 735DB9CA88A6DF83CFADE47464525725
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys --a---- 12928 bytes [20:33 23/01/2011] [20:33 23/01/2011] A25B864A9F1B8B6CA2150AB3FFAB5E5E
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\21923\RapportMS.dll --a---- 460600 bytes [20:33 23/01/2011] [20:33 23/01/2011] 10998368E008F38E7D789A38DA6E9637
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys --a---- 18872 bytes [23:20 20/02/2011] [23:20 20/02/2011] 4C58289C196947C3CE5C0C53BCBD6FFD
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\23645\RapportMS.dll --a---- 460600 bytes [23:20 20/02/2011] [23:20 20/02/2011] 8E9F3573477D01AA2D187430BFE15C26
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys --a---- 18872 bytes [08:11 21/04/2011] [08:11 21/04/2011] 8EF46DA83462E865F9070B03EDF740D4
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\24413\RapportMS.dll --a---- 485176 bytes [08:11 21/04/2011] [08:11 21/04/2011] 28B43732C39C545D5DE047ABD6DE0695
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys --a---- 21520 bytes [08:09 10/08/2011] [08:09 10/08/2011] DD3E4610DE9252A957C5BD19BDF47AC4
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll --a---- 516368 bytes [08:09 10/08/2011] [08:09 10/08/2011] 8B08EF3FAC0C559A33B43A4E88D7533C
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys --a---- 21520 bytes [20:47 28/05/2012] [20:47 28/05/2012] 35199EC35EDC7DCBA71FDA711DFB05C0
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll --a---- 520464 bytes [20:47 28/05/2012] [20:47 28/05/2012] 5BEB722294C6A21BBE79E816F4E933DA
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys --a---- 64880 bytes [22:27 03/05/2012] [09:45 28/10/2013] F29818E6E213E723DED720E0EC0C9609
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys --a---- 234832 bytes [08:58 19/02/2013] [09:45 28/10/2013] 152A8B16C32E7854A689A8DC17C36684
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll --a---- 1127152 bytes [22:27 03/05/2012] [09:45 28/10/2013] 64974CB9410ACFD3D22DDF7B84A479F0
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_31023.rpkg --a---- 412067 bytes [20:46 08/06/2012] [20:46 08/06/2012] 3160EDE823FF8EFAA671129B2D15B851
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_39624.rpkg --a---- 413783 bytes [08:07 06/02/2013] [08:07 06/02/2013] B3C032B82B0C7326FBBB548BF6FF58B5
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_55594.rpkg --a---- 927019 bytes [22:25 10/09/2013] [22:25 10/09/2013] FBEC29BFBDA285DBA89E1AA3CDBBD213
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_59849.rpkg --a---- 1061782 bytes [19:05 02/12/2013] [19:05 02/12/2013] F238D15D1D9436C1D196BF9F56AEC9EC
C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB.dll --a---- 353008 bytes [08:58 19/02/2013] [09:45 28/10/2013] 519BEC37CD450548555FC0417AA8BB40
C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB_54737.rpkg --a---- 959928 bytes [22:25 10/09/2013] [22:25 10/09/2013] 8BA3AFF9FEF63745402CD0834A37A280
C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB_59849.rpkg --a---- 1418826 bytes [19:05 02/12/2013] [19:05 02/12/2013] DE849FD895D863F7C7761C7B487312B2
C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\x64\RapportVB_x64.dll --a---- 394992 bytes [08:58 19/02/2013] [09:45 28/10/2013] C2EA25579C90C4141ACF09D7912DE832
C:\ProgramData\Trusteer\Rapport\store\user\rapport_var_0.cfg.data --a---- 916 bytes [17:42 13/12/2013] [17:41 14/12/2013] 42CD2E2F55E9BA14E3D4106615110680
C:\Users\All Users\Trusteer\Rapport\store\rapport-us_var_1.cfg.data --a---- 276 bytes [09:43 11/12/2013] [09:43 11/12/2013] 4B174D69A2A236AAF7FD80EB672528A7
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus.dll --a---- 526136 bytes [22:02 03/03/2011] [22:02 03/03/2011] 4C25C69040A58CFFC81A2B4A3E2D7A2B
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys --a---- 55224 bytes [22:02 03/03/2011] [22:02 03/03/2011] D9569C76A4E3FBAE2CFE7EBF444ECE4D
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus.dll --a---- 526136 bytes [14:07 07/04/2011] [14:07 07/04/2011] CF60CEB3B80A2F7D84E1AAA2E5622140
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys --a---- 56888 bytes [14:07 07/04/2011] [14:07 07/04/2011] 300A0CD54E383637E09C774A59A69606
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus.dll --a---- 526136 bytes [09:38 13/04/2011] [09:38 13/04/2011] A9BFEDE581A641C10DA73C5EBD32CE70
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys --a---- 57144 bytes [09:38 13/04/2011] [09:38 13/04/2011] 3D80F6FB972CFFAB9A760892F9AB7232
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus.dll --a---- 526136 bytes [11:47 02/05/2011] [11:47 02/05/2011] 34091F54DD2263943CCD2126EAC0A0F1
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys --a---- 57144 bytes [11:47 02/05/2011] [11:47 02/05/2011] DF1F468A6016C4950CFC169AE77D84CD
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus.dll --a---- 526136 bytes [11:33 13/06/2011] [11:33 13/06/2011] 4C0E5E7747D09D5FCB66638C51C6DD7B
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys --a---- 57144 bytes [11:33 13/06/2011] [11:33 13/06/2011] 7BF4F7E3FF7067B80B7D3D1E031BCB0E
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus.dll --a---- 659728 bytes [08:50 26/07/2011] [08:50 26/07/2011] A87CB8F1FF46FB1620E6529272E75CCE
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus32_28711.sys --a---- 216752 bytes [08:50 26/07/2011] [08:50 26/07/2011] 0308AF6AC1758F078F59D6A14F0BFAA9
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus64_28711.sys --a---- 385808 bytes [08:50 26/07/2011] [08:50 26/07/2011] E0974D0548A4C698B8E67D71C521DE1A
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus.dll --a---- 659728 bytes [07:50 03/08/2011] [07:50 03/08/2011] 2B0581FA21996D21A9420FE2F99DB930
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys --a---- 216912 bytes [07:50 03/08/2011] [07:50 03/08/2011] DDA98CC4F34977914C731B8155E1CBD5
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys --a---- 386128 bytes [07:50 03/08/2011] [07:50 03/08/2011] 5B4155883A00150C962ECC8F06167868
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus.dll --a---- 659728 bytes [09:02 18/10/2011] [09:02 18/10/2011] F0C344F6B48F2734B099E08FA401D614
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys --a---- 227312 bytes [09:02 18/10/2011] [09:02 18/10/2011] 9919C63E9150AF648C42D28B5D72A32F
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys --a---- 396816 bytes [09:02 18/10/2011] [09:02 18/10/2011] 68B15A9A2A35D7AFA3BDA1FB9EDB84D0
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus.dll --a---- 659728 bytes [17:11 15/12/2011] [17:11 15/12/2011] 1D4AE27C06F62B7A337690E57C10FAD3
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys --a---- 228208 bytes [17:11 15/12/2011] [17:11 15/12/2011] 6B6F0A77365667912360FF1D5E984F25
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys --a---- 397520 bytes [17:11 15/12/2011] [17:11 15/12/2011] 5E0459ED0A8F540D2F7B6E52DA12C9D4
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll --a---- 688440 bytes [09:41 30/10/2012] [09:41 30/10/2012] 378C296F78EBC17E57C6CF96CD024D59
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys --a---- 272216 bytes [09:41 30/10/2012] [09:41 30/10/2012] 3AF684252780CF87DC2809F85B8F7591
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys --a---- 505720 bytes [09:41 30/10/2012] [09:41 30/10/2012] F98487B25828441B1C6488C642C2AC10
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus.dll --a---- 692976 bytes [12:13 23/06/2013] [12:13 23/06/2013] 280BE469198CA2E4E6B50AC6E25E1138
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys --a---- 317424 bytes [12:13 23/06/2013] [12:13 23/06/2013] D8D25770F45E0D71E33C3D970175ECB4
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys --a---- 588048 bytes [12:13 23/06/2013] [12:13 23/06/2013] AC919BD6B80CB2C8F8EAF5DF241BBB8F
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll --a---- 1098480 bytes [22:27 03/05/2012] [09:45 28/10/2013] 9EBAB3697E9A44291ECD532A5DFC8732
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_29574.sys --a---- 216912 bytes [18:01 25/09/2011] [18:01 25/09/2011] DDA98CC4F34977914C731B8155E1CBD5
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys --a---- 227312 bytes [21:30 07/11/2011] [21:30 07/11/2011] 2FCCC769CDBA34C6AB6183AA4D2F7519
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys --a---- 228208 bytes [22:27 03/05/2012] [08:37 29/05/2012] 6B6F0A77365667912360FF1D5E984F25
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys --a---- 228376 bytes [08:40 09/08/2012] [08:40 09/08/2012] 9054C4B91761773F0EFA59BED70C54B6
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys --a---- 316984 bytes [08:58 19/02/2013] [08:58 19/02/2013] CD55DB50735961FF8046AD3160E900A6
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys --a---- 330960 bytes [08:29 20/08/2013] [08:29 20/08/2013] B5909D985716A9CD8B75C12D6581426D
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys --a---- 340432 bytes [09:45 28/10/2013] [09:45 28/10/2013] AB51E1F08C8E789D6C9E8B94D15BE9A9
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_29574.sys --a---- 386128 bytes [18:01 25/09/2011] [18:01 25/09/2011] 5B4155883A00150C962ECC8F06167868
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys --a---- 396944 bytes [21:30 07/11/2011] [21:30 07/11/2011] F3DE80C63BB10EDC5AA92FC16EDC6E23
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys --a---- 397520 bytes [22:27 03/05/2012] [08:37 29/05/2012] 5E0459ED0A8F540D2F7B6E52DA12C9D4
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys --a---- 397720 bytes [08:40 09/08/2012] [08:40 09/08/2012] 00935D8DA2DCD34017544CFEBA97D1E7
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys --a---- 585944 bytes [08:58 19/02/2013] [08:58 19/02/2013] E3AE78C0F00A5E3792A1A3BCA33B6DF3
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys --a---- 589872 bytes [08:29 20/08/2013] [08:29 20/08/2013] 81BE76652B1D5B9493B9DD339F2D0FC0
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys --a---- 606672 bytes [09:45 28/10/2013] [09:45 28/10/2013] 000D82CC258E2D341605A6F350C4D1E6
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_22705.sys --a---- 47928 bytes [23:38 12/01/2011] [23:38 12/01/2011] AACC00277EAF817CEA01591A57F626CC
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_23945.sys --a---- 55224 bytes [09:19 08/04/2011] [09:19 08/04/2011] D9569C76A4E3FBAE2CFE7EBF444ECE4D
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_26169.sys --a---- 57144 bytes [13:36 28/04/2011] [13:36 28/04/2011] DF1F468A6016C4950CFC169AE77D84CD
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_26762.sys --a---- 57144 bytes [17:03 22/06/2011] [17:03 22/06/2011] 7BF4F7E3FF7067B80B7D3D1E031BCB0E
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_34302.rpkg --a---- 770159 bytes [06:23 08/07/2012] [06:23 08/07/2012] 0C9423C545E11BE46DF69356DAAD1A27
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_42020.rpkg --a---- 770421 bytes [08:06 06/02/2013] [08:06 06/02/2013] D3D4086F9A7DFCA5E0A1AACF0C0FFA88
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_56758.rpkg --a---- 1175520 bytes [22:25 10/09/2013] [22:25 10/09/2013] 1B029A13B9876858B71465F7EF47E6B1
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_59849.rpkg --a---- 1306707 bytes [19:05 02/12/2013] [19:05 02/12/2013] 8E4AD6639E2DC3184BB1C4767F810D59
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll --a---- 1061616 bytes [08:37 29/05/2012] [09:41 11/12/2013] 2E9C1C9C8566CD68F03D1A6CAAC53EBD
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_38854.rpkg --a---- 1234762 bytes [15:22 23/08/2012] [15:22 23/08/2012] 0CB402DB6C9B6BA54DF78CE0BB44612C
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_43962.rpkg --a---- 1331122 bytes [15:39 22/09/2012] [15:39 22/09/2012] 9DA2954154962E287802CA697003F471
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_44681.rpkg --a---- 1360915 bytes [08:07 06/02/2013] [08:07 06/02/2013] F37A882743720CF22B470C432F26E06F
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_57772.rpkg --a---- 1815335 bytes [22:25 10/09/2013] [22:25 10/09/2013] D256E8202F7CD2223D3A30F2A9D2992F
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_59849.rpkg --a---- 2036892 bytes [02:40 25/10/2013] [02:40 25/10/2013] 7DFBC93095EA4BF692CE1B47F2B82D90
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP\baseline\x64\RapportGP_x64.dll --a---- 1424112 bytes [08:37 29/05/2012] [09:41 11/12/2013] 735DB9CA88A6DF83CFADE47464525725
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys --a---- 12928 bytes [20:33 23/01/2011] [20:33 23/01/2011] A25B864A9F1B8B6CA2150AB3FFAB5E5E
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\21923\RapportMS.dll --a---- 460600 bytes [20:33 23/01/2011] [20:33 23/01/2011] 10998368E008F38E7D789A38DA6E9637
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys --a---- 18872 bytes [23:20 20/02/2011] [23:20 20/02/2011] 4C58289C196947C3CE5C0C53BCBD6FFD
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\23645\RapportMS.dll --a---- 460600 bytes [23:20 20/02/2011] [23:20 20/02/2011] 8E9F3573477D01AA2D187430BFE15C26
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys --a---- 18872 bytes [08:11 21/04/2011] [08:11 21/04/2011] 8EF46DA83462E865F9070B03EDF740D4
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\24413\RapportMS.dll --a---- 485176 bytes [08:11 21/04/2011] [08:11 21/04/2011] 28B43732C39C545D5DE047ABD6DE0695
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys --a---- 21520 bytes [08:09 10/08/2011] [08:09 10/08/2011] DD3E4610DE9252A957C5BD19BDF47AC4
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll --a---- 516368 bytes [08:09 10/08/2011] [08:09 10/08/2011] 8B08EF3FAC0C559A33B43A4E88D7533C
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys --a---- 21520 bytes [20:47 28/05/2012] [20:47 28/05/2012] 35199EC35EDC7DCBA71FDA711DFB05C0
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll --a---- 520464 bytes [20:47 28/05/2012] [20:47 28/05/2012] 5BEB722294C6A21BBE79E816F4E933DA
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys --a---- 64880 bytes [22:27 03/05/2012] [09:45 28/10/2013] F29818E6E213E723DED720E0EC0C9609
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys --a---- 234832 bytes [08:58 19/02/2013] [09:45 28/10/2013] 152A8B16C32E7854A689A8DC17C36684
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll --a---- 1127152 bytes [22:27 03/05/2012] [09:45 28/10/2013] 64974CB9410ACFD3D22DDF7B84A479F0
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_31023.rpkg --a---- 412067 bytes [20:46 08/06/2012] [20:46 08/06/2012] 3160EDE823FF8EFAA671129B2D15B851
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_39624.rpkg --a---- 413783 bytes [08:07 06/02/2013] [08:07 06/02/2013] B3C032B82B0C7326FBBB548BF6FF58B5
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_55594.rpkg --a---- 927019 bytes [22:25 10/09/2013] [22:25 10/09/2013] FBEC29BFBDA285DBA89E1AA3CDBBD213
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_59849.rpkg --a---- 1061782 bytes [19:05 02/12/2013] [19:05 02/12/2013] F238D15D1D9436C1D196BF9F56AEC9EC
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB.dll --a---- 353008 bytes [08:58 19/02/2013] [09:45 28/10/2013] 519BEC37CD450548555FC0417AA8BB40
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB_54737.rpkg --a---- 959928 bytes [22:25 10/09/2013] [22:25 10/09/2013] 8BA3AFF9FEF63745402CD0834A37A280
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB_59849.rpkg --a---- 1418826 bytes [19:05 02/12/2013] [19:05 02/12/2013] DE849FD895D863F7C7761C7B487312B2
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportVB\baseline\x64\RapportVB_x64.dll --a---- 394992 bytes [08:58 19/02/2013] [09:45 28/10/2013] C2EA25579C90C4141ACF09D7912DE832
C:\Users\All Users\Trusteer\Rapport\store\user\rapport_var_0.cfg.data --a---- 916 bytes [17:42 13/12/2013] [17:41 14/12/2013] 42CD2E2F55E9BA14E3D4106615110680
C:\Users\Steve\AppData\Local\Trusteer\Rapport\user\store\user\rapport_data_var_0.js.data --a---- 14132 bytes [17:33 14/12/2013] [17:33 14/12/2013] 7163CE2076E1A0394B463124A32089B7
C:\Users\Steve\AppData\Local\Trusteer\Rapport\user\store\user\rapport_log2_var_1.js.data --a---- 255012 bytes [10:37 14/12/2013] [10:37 14/12/2013] C77EBC3DBA210579C5A389A06DA31E2B
C:\Users\Steve\AppData\Local\Trusteer\Rapport\user\store\user\rapport_log_var_1.js.data --a---- 282592 bytes [07:49 27/09/2011] [22:37 26/09/2011] 8F316FDBFE0032335948ED2D547290AF
C:\Users\Steve\AppData\Local\Trusteer\Rapport\user\store\user\rapport_settings_var_0.js.data --a---- 1104 bytes [22:20 14/07/2012] [22:20 14/07/2012] B025BFF7714CCFDA83D5ACEAEDF33232
C:\Users\Steve\AppData\Local\Trusteer\Rapport\user\store\user\rapport_var_0.cfg.data --a---- 1988 bytes [20:52 14/12/2013] [20:52 14/12/2013] 5DDCC9937FC623070C0A8D12D735F190
C:\Windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe -ra---- 5430 bytes [19:04 22/08/2013] [09:39 11/12/2013] B9DD09F3BD0DDCF12A9DE9A4DEC8D270
C:\Windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe -ra---- 5430 bytes [19:04 22/08/2013] [09:39 11/12/2013] 9456E0D5BD69649A3F15B0FCA5C79427
C:\Windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe -ra---- 5430 bytes [19:04 22/08/2013] [09:39 11/12/2013] 16CE06FA713FE5575FA90CA37C19B009
C:\Windows\Prefetch\RAPPORTSERVICE.EXE-BA4B60D6.pf --a---- 53504 bytes [19:00 08/12/2013] [20:43 14/12/2013] 75A52EDE6CCE4BE7B8EC435B99D07931
C:\Windows\System32\drivers\RapportKELL.sys --a---- 107256 bytes [19:00 02/12/2013] [19:00 02/12/2013] F19F66A3E01C0684FC1C57A24E9F6824
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer\Rapport\user\store\user\rapport_data_var_0.js.data --a---- 13936 bytes [19:02 26/09/2011] [22:37 26/09/2011] 71D5DB42517CB5F50AA46B699B0BD1EE
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer\Rapport\user\store\user\rapport_log_var_1.js.data --a---- 282592 bytes [22:37 26/09/2011] [22:37 26/09/2011] 8F316FDBFE0032335948ED2D547290AF
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer\Rapport\user\store\user\rapport_settings_var_1.js.data --a---- 672 bytes [10:38 02/05/2011] [10:38 02/05/2011] 48588E872ED9958A708BE60F4B1D6FD8
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer\Rapport\user\store\user\rapport_var_1.cfg.data --a---- 1856 bytes [22:51 26/09/2011] [22:51 26/09/2011] 02A811ECAB5E01BE0BF3C70914BAA2C4

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Search Protection*"
No files found.

Searching for "*SearchProtection*"
C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Roaming\Search Protection\SearchProtection.exe.vir --a---- 832360 bytes [21:17 03/09/2013] [21:17 03/09/2013] A9C71D2C838DDCE573888D82B3E17A8B

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\SweetPeaSupport.dll --a---- 205976 bytes [01:26 01/09/2011] [01:26 01/09/2011] E055A48967A8680122482F4CA6DF7FAA
C:\Users\Steve\Desktop\Travel\Travel Collection\EPUB\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz\David Lebovitz - The Sweet Life in Paris_ Delic_ity (v5.0).epub --a---- 3795721 bytes [21:05 25/03/2013] [18:11 25/03/2013] 427AE5651CF178711C925E187A996B00
C:\Users\Steve\Desktop\Travel\Travel Collection\EPUB\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz\David Lebovitz - The Sweet Life in Paris_ Delic_ity (v5.0).jpg --a---- 46140 bytes [21:05 25/03/2013] [16:33 25/03/2013] 90EA72F8A51BF466DD54126C4B6350BE
C:\Users\Steve\Desktop\Travel\Travel Collection\EPUB\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz\David Lebovitz - The Sweet Life in Paris_ Delic_ity (v5.0).opf --a---- 6932 bytes [21:05 25/03/2013] [16:33 25/03/2013] D77CBD8C3AE05A5851A4464613570093
C:\Users\Steve\Desktop\Travel\Travel Collection\MOBI\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz\David Lebovitz - The Sweet Life in Paris_ Delic_ity (v5.0).jpg --a---- 46140 bytes [21:07 25/03/2013] [16:36 25/03/2013] 90EA72F8A51BF466DD54126C4B6350BE
C:\Users\Steve\Desktop\Travel\Travel Collection\MOBI\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz\David Lebovitz - The Sweet Life in Paris_ Delic_ity (v5.0).mobi --a---- 1339820 bytes [21:07 25/03/2013] [16:37 25/03/2013] DB4AEB2BB489C5173037FAE538139013
C:\Users\Steve\Desktop\Travel\Travel Collection\MOBI\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz\David Lebovitz - The Sweet Life in Paris_ Delic_ity (v5.0).opf --a---- 6932 bytes [21:07 25/03/2013] [16:37 25/03/2013] D77CBD8C3AE05A5851A4464613570093
C:\Users\Steve\Music\Eurythmics - Sweet Dreams (Are Made of This).mp3 --a---- 8785920 bytes [23:30 31/10/2009] [10:05 06/08/2011] 85522D6A7F22391C128EB8E6500C6BD5
C:\Users\Steve\Music\Searchers - Sweets For My Sweet.mp3 --a---- 2404352 bytes [23:36 31/10/2009] [21:16 21/01/2010] D16EB663A964711563639F3B51494DE8
C:\Users\Steve\Music Videos\Electric Light Orchestra - Sweet Talkin' Woman.mp4 --a---- 32793893 bytes [17:04 01/12/2011] [14:26 02/01/2012] C88FA0AF6EC27A948FEDDECF714255EA
C:\Users\Steve\Music Videos\The Sweet - Fox on the run.mp4 --a---- 77959556 bytes [15:10 10/08/2010] [00:20 17/11/2010] FE87253A481AEC3B4B17633168BF19AE

Searching for "*Tarma*"
No files found.

Searching for "*Trusteer*"
C:\Program Files\Trusteer\Rapport\bin\Trusteer.FoundationLib.manifest --a---- 359 bytes [18:58 02/12/2013] [18:58 02/12/2013] 674ED225FE9AC251090D22E8D504149D
C:\Program Files\Trusteer\Rapport\data\html\images\trusteer_ico_var_0.gif.data --a---- 356 bytes [09:39 11/12/2013] [09:39 11/12/2013] DA3B4729FB83AD81EE5DD2562A6722D3
C:\Program Files\Trusteer\Rapport\data\html\images\trusteer_logo_var_0.gif.data --a---- 2004 bytes [09:39 11/12/2013] [09:39 11/12/2013] 567D9A1780797C76EE1DBFDC9D4D4AEA
C:\Program Files\Trusteer\Rapport\data\html\lang\de\trusteer_var_0.css.data --a---- 848 bytes [08:40 07/05/2012] [08:40 07/05/2012] C875F5B3065DBA9A6724018FF6C05786
C:\Program Files\Trusteer\Rapport\data\html\lang\ja\trusteer_var_0.css.data --a---- 900 bytes [09:39 11/12/2013] [09:39 11/12/2013] 574ACA520A53E01A9AC3C79F8B4C038F
C:\Program Files\Trusteer\Rapport\data\html\lang\nl\trusteer_var_0.css.data --a---- 848 bytes [08:57 19/02/2013] [08:57 19/02/2013] 20AB4B41C8C80CC2546D82DE898513FF
C:\Program Files\Trusteer\Rapport\data\html\lang\pt\trusteer_var_0.css.data --a---- 848 bytes [15:49 26/08/2012] [15:49 26/08/2012] 61FE7BC4A21F70C56B3E29B7CFC58AE4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Start Trusteer Endpoint Protection.lnk --a---- 2037 bytes [19:04 22/08/2013] [09:39 11/12/2013] 4B33D0FE044CDB69C3AAFC45F97CABE8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Stop Trusteer Endpoint Protection.lnk --a---- 2033 bytes [19:04 22/08/2013] [09:39 11/12/2013] FD78C4C40A7632A7BCFEBB082FF841FF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Trusteer Endpoint Protection Console.lnk --a---- 2035 bytes [19:04 22/08/2013] [09:39 11/12/2013] 2423167D48F47E45B4BE6B9D19740B96
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Start Trusteer Endpoint Protection.lnk --a---- 2037 bytes [19:04 22/08/2013] [09:39 11/12/2013] 4B33D0FE044CDB69C3AAFC45F97CABE8
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Stop Trusteer Endpoint Protection.lnk --a---- 2033 bytes [19:04 22/08/2013] [09:39 11/12/2013] FD78C4C40A7632A7BCFEBB082FF841FF
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Trusteer Endpoint Protection Console.lnk --a---- 2035 bytes [19:04 22/08/2013] [09:39 11/12/2013] 2423167D48F47E45B4BE6B9D19740B96
C:\Users\Steve\AppData\Local\Trusteer\Rapport\user\store\user\channels\trusteer_var_1.js.data --a---- 560 bytes [16:04 06/09/2012] [16:04 06/09/2012] C0F51222C373A86B4BAE0AFDA1DBE318
C:\Users\Steve\AppData\Local\Trusteer\Rapport\user\store\user\channels\trusteer_var_1.logo.data --a---- 1728 bytes [22:22 25/10/2011] [22:22 25/10/2011] 55961F70B98AD49640F32B49C718475E
C:\Users\Steve\AppData\LocalLow\Siber Systems\RoboForm\UserData\Trusteer.rfp --a---- 471 bytes [14:19 01/11/2009] [11:59 16/04/2009] 6C7BBD166AEC49362D9AEC285DACB7FF
C:\Users\Steve\Documents\My RoboForm Data\Default Profile\Trusteer.rfp --a---- 471 bytes [14:19 01/11/2009] [11:59 16/04/2009] 6C7BBD166AEC49362D9AEC285DACB7FF
C:\Users\Steve\roboform backup\Trusteer.rfp --a---- 471 bytes [10:29 25/08/2013] [11:59 16/04/2009] 6C7BBD166AEC49362D9AEC285DACB7FF
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer\Rapport\user\store\user\channels\trusteer_var_0.js.data --a---- 560 bytes [08:13 28/04/2011] [08:13 28/04/2011] E8F9F4CFCA6F68CDA404CCA7679A3D3B
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer\Rapport\user\store\user\channels\trusteer_var_0.logo.data --a---- 1728 bytes [08:13 28/04/2011] [08:13 28/04/2011] CDFF6A8FB555B51C5F6480B410ED6149

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\ProgramData\blg\LostRealms-TheCurseofBabylon d------ [17:15 18/01/2010]
C:\Users\All Users\blg\LostRealms-TheCurseofBabylon d------ [17:15 18/01/2010]
C:\Users\Steve\AppData\Roaming\blg\LostRealms-TheCurseofBabylon d------ [17:15 18/01/2010]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Coupons*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*Rapport*"
C:\Program Files\Trusteer\Rapport d------ [20:31 23/01/2011]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_RapportMgmtServi_4d32ee675dfdbdf21fe25aaa8c33b73dd75b39_05a608b6 d----c- [17:41 14/12/2013]
C:\ProgramData\Trusteer\Rapport d------ [20:30 23/01/2011]
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus d------ [20:31 23/01/2011]
C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP d------ [08:37 29/05/2012]
C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS d------ [20:31 23/01/2011]
C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB d------ [08:56 19/02/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_RapportMgmtServi_4d32ee675dfdbdf21fe25aaa8c33b73dd75b39_05a608b6 d----c- [17:41 14/12/2013]
C:\Users\All Users\Trusteer\Rapport d------ [20:30 23/01/2011]
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportCerberus d------ [20:31 23/01/2011]
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportGP d------ [08:37 29/05/2012]
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportMS d------ [20:31 23/01/2011]
C:\Users\All Users\Trusteer\Rapport\store\exts\RapportVB d------ [08:56 19/02/2013]
C:\Users\Default\AppData\Local\Trusteer\Rapport d------ [07:48 27/09/2011]
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Steve\AppData\Local\Trusteer\Rapport d------ [23:56 13/12/2013]
C:\Users\Steve\AppData\Local\Trusteer\Rapport d------ [08:12 21/04/2011]
C:\Users\TEMP\AppData\Local\Trusteer\Rapport d------ [23:46 15/12/2011]
C:\Users\TEMP.Steve-PC\AppData\Local\Trusteer\Rapport d------ [23:47 15/12/2011]
C:\Users\TEMP.Steve-PC.000\AppData\Local\Trusteer\Rapport d------ [14:10 02/08/2012]
C:\Users\TEMP.Steve-PC.001\AppData\Local\Trusteer\Rapport d------ [09:20 10/09/2012]
C:\Users\TEMP.Steve-PC.002\AppData\Local\Trusteer\Rapport d------ [08:58 20/10/2012]
C:\Users\TEMP.Steve-PC.003\AppData\Local\Trusteer\Rapport d------ [09:05 08/04/2013]
C:\Users\TEMP.Steve-PC.004\AppData\Local\Trusteer\Rapport d------ [10:37 13/04/2013]
C:\Users\TEMP.Steve-PC.005\AppData\Local\Trusteer\Rapport d------ [19:00 27/05/2013]
C:\Users\TEMP.Steve-PC.006\AppData\Local\Trusteer\Rapport d------ [23:42 27/05/2013]
C:\Users\TEMP.Steve-PC.007\AppData\Local\Trusteer\Rapport d------ [23:13 14/10/2013]
C:\Users\TEMP.Steve-PC.008\AppData\Local\Trusteer\Rapport d------ [21:19 27/11/2013]
C:\Users\UpdatusUser\AppData\Local\Trusteer\Rapport d------ [23:46 15/12/2011]
C:\Users\UpdatusUser.Steve-PC\AppData\Local\Trusteer\Rapport d------ [23:47 15/12/2011]
C:\Users\UpdatusUser.Steve-PC.000\AppData\Local\Trusteer\Rapport d------ [14:10 02/08/2012]
C:\Users\UpdatusUser.Steve-PC.001\AppData\Local\Trusteer\Rapport d------ [09:20 10/09/2012]
C:\Users\UpdatusUser.Steve-PC.002\AppData\Local\Trusteer\Rapport d------ [08:58 20/10/2012]
C:\Users\UpdatusUser.Steve-PC.003\AppData\Local\Trusteer\Rapport d------ [09:04 08/04/2013]
C:\Users\UpdatusUser.Steve-PC.004\AppData\Local\Trusteer\Rapport d------ [10:37 13/04/2013]
C:\Users\UpdatusUser.Steve-PC.005\AppData\Local\Trusteer\Rapport d------ [19:00 27/05/2013]
C:\Users\UpdatusUser.Steve-PC.006\AppData\Local\Trusteer\Rapport d------ [23:42 27/05/2013]
C:\Users\UpdatusUser.Steve-PC.007\AppData\Local\Trusteer\Rapport d------ [23:13 14/10/2013]
C:\Users\UpdatusUser.Steve-PC.008\AppData\Local\Trusteer\Rapport d------ [21:19 27/11/2013]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Windows\system32\config\systemprofile\AppData\Local\Trusteer\Rapport d------ [13:01 03/09/2013]
C:\Windows\System32\config\systemprofile\AppData\Local\Trusteer\Rapport d------ [13:01 03/09/2013]
C:\_OTL\MovedFiles\12132013_234306\C_Users\Default\AppData\Roaming\Trusteer\Rapport d------ [08:09 28/04/2011]
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer\Rapport d------ [20:32 23/01/2011]
C:\_OTL\MovedFiles\12142013_172911\C_Program Files\Trusteer\Rapport d------ [17:35 14/12/2013]
C:\_OTL\MovedFiles\12142013_172911\C_Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Steve\AppData\Local\Trusteer\Rapport d------ [17:42 14/12/2013]

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Search Protection*"
C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Roaming\Search Protection d------ [09:17 14/10/2013]

Searching for "*SearchProtection*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\IObit d------ [17:43 22/11/2009]

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Sweet*"
C:\Users\Steve\AppData\Roaming\eTeks\Sweet Home 3D d------ [23:15 07/11/2012]
C:\Users\Steve\Desktop\Travel\Travel Collection\EPUB\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz d------ [21:05 25/03/2013]
C:\Users\Steve\Desktop\Travel\Travel Collection\MOBI\The Sweet Life in Paris_ Delicious Adventures in the World's Most Glorious - and Perplexing - City - David Lebovitz d------ [21:07 25/03/2013]

Searching for "*Tarma*"
No folders found.

Searching for "*Trusteer*"
C:\Program Files\Trusteer d------ [20:31 23/01/2011]
C:\ProgramData\Trusteer d------ [20:30 23/01/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection d------ [08:26 20/08/2013]
C:\Users\All Users\Trusteer d------ [20:30 23/01/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection d------ [08:26 20/08/2013]
C:\Users\Default\AppData\Local\Trusteer d------ [07:48 27/09/2011]
C:\Users\Steve\AppData\Local\Trusteer d------ [08:12 21/04/2011]
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Steve\AppData\Local\Trusteer d------ [23:56 13/12/2013]
C:\Users\TEMP\AppData\Local\Trusteer d------ [23:46 15/12/2011]
C:\Users\TEMP.Steve-PC\AppData\Local\Trusteer d------ [23:47 15/12/2011]
C:\Users\TEMP.Steve-PC.000\AppData\Local\Trusteer d------ [14:10 02/08/2012]
C:\Users\TEMP.Steve-PC.001\AppData\Local\Trusteer d------ [09:20 10/09/2012]
C:\Users\TEMP.Steve-PC.002\AppData\Local\Trusteer d------ [08:58 20/10/2012]
C:\Users\TEMP.Steve-PC.003\AppData\Local\Trusteer d------ [09:05 08/04/2013]
C:\Users\TEMP.Steve-PC.004\AppData\Local\Trusteer d------ [10:37 13/04/2013]
C:\Users\TEMP.Steve-PC.005\AppData\Local\Trusteer d------ [19:00 27/05/2013]
C:\Users\TEMP.Steve-PC.006\AppData\Local\Trusteer d------ [23:42 27/05/2013]
C:\Users\TEMP.Steve-PC.007\AppData\Local\Trusteer d------ [23:13 14/10/2013]
C:\Users\TEMP.Steve-PC.008\AppData\Local\Trusteer d------ [21:19 27/11/2013]
C:\Users\UpdatusUser\AppData\Local\Trusteer d------ [23:46 15/12/2011]
C:\Users\UpdatusUser.Steve-PC\AppData\Local\Trusteer d------ [23:47 15/12/2011]
C:\Users\UpdatusUser.Steve-PC.000\AppData\Local\Trusteer d------ [14:10 02/08/2012]
C:\Users\UpdatusUser.Steve-PC.001\AppData\Local\Trusteer d------ [09:20 10/09/2012]
C:\Users\UpdatusUser.Steve-PC.002\AppData\Local\Trusteer d------ [08:58 20/10/2012]
C:\Users\UpdatusUser.Steve-PC.003\AppData\Local\Trusteer d------ [09:04 08/04/2013]
C:\Users\UpdatusUser.Steve-PC.004\AppData\Local\Trusteer d------ [10:37 13/04/2013]
C:\Users\UpdatusUser.Steve-PC.005\AppData\Local\Trusteer d------ [19:00 27/05/2013]
C:\Users\UpdatusUser.Steve-PC.006\AppData\Local\Trusteer d------ [23:42 27/05/2013]
C:\Users\UpdatusUser.Steve-PC.007\AppData\Local\Trusteer d------ [23:13 14/10/2013]
C:\Users\UpdatusUser.Steve-PC.008\AppData\Local\Trusteer d------ [21:19 27/11/2013]
C:\Windows\System32\config\systemprofile\AppData\Local\Trusteer d------ [13:01 03/09/2013]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Windows\system32\config\systemprofile\AppData\Local\Trusteer d------ [13:01 03/09/2013]
C:\_OTL\MovedFiles\12132013_234306\C_Users\Default\AppData\Roaming\Trusteer d------ [08:09 28/04/2011]
C:\_OTL\MovedFiles\12132013_234306\C_Users\Steve\AppData\Roaming\Trusteer d------ [20:32 23/01/2011]
C:\_OTL\MovedFiles\12142013_172911\C_Program Files\Trusteer d------ [17:35 14/12/2013]
C:\_OTL\MovedFiles\12142013_172911\C_Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Steve\AppData\Local\Trusteer d------ [17:42 14/12/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\mediaactivextask.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\mediaactivextask.com]
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Lost Realms - The Curse of Babylon.exe]

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"69FE29508D96B4E4C99C885FE88AF610"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\69FE29508D96B4E4C99C885FE88AF610]
"File"="iSyncConduit.dll"

Searching for "Coupons"
[HKEY_CURRENT_USER\Software\Microsoft\Automap\17.0\EUR\Options\Coupons]
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Automap\17.0\EUR\Options\Coupons]

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 15th, 2013, 1:13 am

Hello Steve,

Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Remember to enable your Anti-virus protection before continuing!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Contents of the most recent OTL.txt file after fresh OTL scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 15th, 2013, 1:22 pm

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12152013_095639




C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Roaming\Search Protection\SearchProtection.exe.vir a variant of Win32/Toolbar.Widgi application
C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Roaming\Search Protection\Uninstall.exe.vir probably a variant of Win32/Toolbar.Widgi application
C:\ProgramData\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm
C:\Users\Steve\AppData\Local\Temp\~nsu.tmp\Au_.exe probably a variant of Win32/Toolbar.Widgi application
C:\Users\Steve\Documents\Downloads\CNET TechTracker\gusetup.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\Software\EaseUS Partiton Master.exe Win32/OpenCandy application
E:\Software\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E application
E:\Software\alcohol info\UK Info Alcohol 2.rar a variant of Win32/Toolbar.Conduit.B application
E:\Software\alcohol info\UK Info Alcohol 2\Alcohol 120% v1.9.7. 6221\Alcohol120 1.9.7.6221.exe a variant of Win32/Toolbar.Conduit.B application
E:\Software\MAGIX Movie Edit Pro 2013 Premium 12.0.2.2 + Addons [ChingLiu]\Movie_Edit_Pro_2013_Premium_DLV_en-II_120824_12-31_12_0_0_32.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\Software\YourUninstaller!.7.4.2012.01 - Honest\yusetup7p.exe a variant of Win32/Toolbar.Babylon.C application
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 15th, 2013, 1:22 pm

otl scan part 1

OTL logfile created on: 15/12/2013 17:02:45 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 46.63% Memory free
6.50 Gb Paging File | 4.37 Gb Available in Paging File | 67.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.78 Gb Total Space | 198.70 Gb Free Space | 50.85% Space Free | Partition Type: NTFS
Drive D: | 196.39 Gb Total Space | 122.32 Gb Free Space | 62.28% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 35.77 Gb Free Space | 15.36% Space Free | Partition Type: NTFS
Drive N: | 232.88 Gb Total Space | 158.40 Gb Free Space | 68.02% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/12 17:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2013/12/04 21:00:31 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/02 18:59:50 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/12/02 18:59:50 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/17 21:53:14 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/17 21:53:14 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/15 12:01:12 | 001,326,408 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013/11/14 08:31:48 | 001,407,256 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2013/11/14 08:31:46 | 002,033,944 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2013/11/11 14:26:53 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/11/11 14:26:52 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/10/30 09:45:42 | 001,942,328 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
PRC - [2013/10/30 09:45:40 | 001,739,576 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/02 17:02:14 | 001,678,040 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
PRC - [2013/09/14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/08/25 15:49:40 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/08/13 15:54:32 | 004,225,288 | ---- | M] (Eyeo GmbH) -- C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
PRC - [2013/08/02 00:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/27 20:13:26 | 002,295,576 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/06/13 19:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 05:07:18 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/14 17:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/07 07:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/10/26 21:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
PRC - [2010/07/29 17:45:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/07/29 17:45:48 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/29 17:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/21 00:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010/01/21 00:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/26 11:23:44 | 000,825,152 | R--- | M] (SAC) -- C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
PRC - [2006/05/23 21:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
PRC - [2005/09/09 23:19:26 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2000/01/01 00:00:00 | 014,652,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/17 21:53:15 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/28 09:45:34 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/09 11:52:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 11:52:03 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/15 08:34:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 08:33:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 08:33:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 08:55:21 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/11 08:51:29 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/11 08:50:55 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/02/05 21:57:56 | 000,269,824 | ---- | M] () -- C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
MOD - [2010/11/05 01:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/11/01 23:34:45 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2013/12/10 23:06:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/02 18:59:50 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/11/26 08:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/17 21:53:14 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/14 08:31:48 | 001,407,256 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/10/30 09:45:40 | 001,739,576 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/10/30 09:45:38 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/02 17:02:14 | 001,678,040 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\System32\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2013/09/11 02:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 19:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 10:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013/03/22 05:07:18 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/02/07 07:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/10/26 21:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010/07/29 17:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/06/05 09:47:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/11 16:02:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 00:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010/01/21 00:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2006/05/23 21:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
SRV - [2005/09/09 23:19:26 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2000/01/01 00:00:00 | 014,652,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbcamcl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Trufos)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 4\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (devlower)
DRV - [2013/12/02 19:00:04 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/12/02 19:00:04 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/12/02 19:00:02 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/11/27 21:51:34 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/11/17 21:53:19 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/17 21:53:19 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/17 21:53:19 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/17 21:53:19 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/17 21:53:18 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/17 21:53:18 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/11/17 21:53:18 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/17 21:53:18 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/10/28 09:45:30 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/09/18 11:14:34 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2013/08/16 08:20:55 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/08/09 19:02:12 | 000,174,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2013/05/23 06:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 06:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 06:12:30 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013/05/23 06:12:30 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2013/03/25 10:12:52 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/01/23 09:31:50 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2013/01/23 09:31:50 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2013/01/23 09:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2013/01/23 09:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012/12/29 20:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012/10/17 13:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/26 11:02:08 | 000,044,656 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (Rockusb)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/17 21:14:16 | 000,143,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/13 07:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/03 00:00:00 | 000,039,632 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/27 14:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/07/26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/05/27 11:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/04/03 12:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007/09/05 05:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/09/26 18:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/09/18 13:48:22 | 000,030,329 | ---- | M] (NAVMAN) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Navcar.sys -- (Navcar)
DRV - [2006/08/01 21:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/04/06 08:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2005/01/06 12:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/07/30 00:35:52 | 000,031,654 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2004/07/08 16:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 03:15:30 | 000,076,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/07/26 15:23:20 | 000,036,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/07/16 09:56:58 | 000,045,406 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TOSPORTE.SYS -- (tosporte)
DRV - [2003/06/21 10:13:04 | 000,062,063 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/05/23 05:20:12 | 000,034,944 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TOSRFUSB.SYS -- (Tosrfusb)
DRV - [2002/10/18 08:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2000/01/01 00:00:00 | 010,446,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2000/01/01 00:00:00 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2000/01/01 00:00:00 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2000/01/01 00:00:00 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2000/01/01 00:00:00 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\SearchScopes,DefaultScope = {B67893DA-2EEB-483D-9094-BA01FCB121A9}
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\SearchScopes\{B67893DA-2EEB-483D-9094-BA01FCB121A9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/11/04 23:47:33 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/03/22 11:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/07/15 09:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/17 21:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 00:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/10/11 08:59:27 | 000,000,000 | ---D | M]

[2010/04/02 15:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/01/16 23:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/13 23:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/03/10 00:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/02 15:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/11/22 19:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\extensions
[2013/11/17 23:30:23 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/18 08:43:44 | 000,000,921 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\searchplugins\yahoo.xml
[2013/12/05 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/05 23:47:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/05 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/05 23:47:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/17 22:23:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/17 21:53:27 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=ch ... =714647&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms},
CHR - homepage: https://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Floorplanner = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0\
CHR - Extension: Google Docs = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Adblock Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Adblock Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Adblock Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: Google+ = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: avast! Online Security = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Skype Click to Call = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Maps = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Planner 5D = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: SkyDrive = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk\1.0.3_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/27 08:46:29 | 000,449,243 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Speckie) - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Steve\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (MemberPluginBHO Class) - {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files\MemberPlugin\MemberPlugin.dll (Edward Hibbert (edward@ehibbert.org.uk))
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\8ac91b4d-12df-47c8-b0b6-53b1d23435a8.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [AppleIEDAV] C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [SacReminder] C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe (SAC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar 2013.lnk = C:\Program Files\JL Alpine Advent Calendar 2013\JL Alpine Advent Calendar 2013.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra 'Tools' menuitem : Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Speckie Settings - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Steve\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5857DF30-BD72-4E2F-AA8F-CD8289F319FA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5857DF30-BD72-4E2F-AA8F-CD8289F319FA}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\tmtbim - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{210c988d-42c5-11e2-b994-00190e09486d}\Shell - "" = AutoRun
O33 - MountPoints2\{210c988d-42c5-11e2-b994-00190e09486d}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell - "" = AutoRun
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell\AutoRun\command - "" = K:\dvdrun.exe
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell\launchMP\command - "" = K:\Setup_ST.exe
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell\readit\command - "" = K:\dvdrun.exe VIEW=readme.htm
O33 - MountPoints2\{5e347b97-c60f-11de-974b-002421b3cddb}\Shell - "" = AutoRun
O33 - MountPoints2\{5e347b97-c60f-11de-974b-002421b3cddb}\Shell\AutoRun\command - "" = O:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/15 10:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/14 10:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/14 00:02:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/13 23:59:23 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Steve\Desktop\JRT.exe
[2013/12/13 23:43:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/13 23:43:06 | 000,000,000 | ---D | C] -- \_OTL
[2013/12/13 19:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/12/12 17:06:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2013/12/12 17:01:42 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2013/12/11 10:09:11 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/11 10:09:10 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/11 10:09:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/11 10:09:08 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/11 10:09:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/12/11 10:09:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/12/11 10:09:07 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/12/11 10:09:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/11 10:09:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/11 10:09:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/11 10:09:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/12/11 10:09:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/12/11 10:09:03 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/11 10:09:01 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/11 09:58:49 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/11 09:55:29 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/11 09:55:22 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 09:55:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/11 09:55:05 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 09:54:42 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 09:54:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/10 11:46:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\LibreOffice
[2013/12/10 11:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
[2013/12/10 11:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4
[2013/12/09 19:18:07 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/12/09 19:18:07 | 000,000,000 | ---D | C] -- \MGADiagToolOutput
[2013/12/09 19:16:20 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\MGADiag.exe
[2013/12/08 17:26:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2013/12/08 12:01:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/12/07 23:40:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NISSAN Connect PC Tool
[2013/12/07 23:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\NISSAN_Connect_PC_Tool
[2013/12/05 23:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/05 23:46:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/12/05 23:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/12/02 19:00:04 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/11/30 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Avg2014
[2013/11/29 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/11/27 21:26:05 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/27 21:21:25 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvspcap.dll
[2013/11/27 21:16:28 | 000,033,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvvad32v.sys
[2013/11/27 21:16:28 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvaudcap32v.dll
[2013/11/27 21:16:27 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233182.dll
[2013/11/27 21:16:27 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233182.dll
[2013/11/27 21:16:26 | 022,951,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/11/27 21:16:26 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/11/27 21:16:26 | 010,446,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/11/27 21:16:26 | 009,663,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/11/27 21:16:26 | 009,619,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/11/27 21:16:26 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/11/27 21:16:26 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/11/27 21:16:26 | 000,609,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/11/27 21:16:26 | 000,562,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/11/26 23:57:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013/11/26 23:56:17 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013/11/26 23:56:16 | 001,824,000 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2013/11/26 23:56:15 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2013/11/26 23:56:15 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2013/11/26 23:56:15 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2013/11/26 23:56:14 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/11/26 23:56:14 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/11/26 23:56:14 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/11/26 23:56:14 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/11/26 23:56:14 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2013/11/26 23:56:13 | 000,604,928 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2013/11/26 23:56:13 | 000,218,368 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2013/11/26 23:56:10 | 000,938,752 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2013/11/26 23:56:10 | 000,823,040 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2013/11/26 23:56:09 | 000,919,600 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2013/11/26 23:56:09 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2013/11/26 23:56:08 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2013/11/26 23:56:08 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 15th, 2013, 1:23 pm

otl scan part 2


[2013/11/26 23:56:05 | 001,596,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013/11/26 23:56:02 | 002,547,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013/11/26 23:55:59 | 000,124,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2013/11/26 23:55:59 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2013/11/26 23:55:58 | 000,782,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013/11/26 23:55:57 | 002,328,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013/11/26 23:55:55 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2013/11/26 23:55:55 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2013/11/26 23:55:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2013/11/26 23:55:55 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2013/11/26 23:55:53 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2013/11/26 23:55:53 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2013/11/26 23:55:41 | 038,385,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2013/11/26 23:55:38 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2013/11/26 23:55:38 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2013/11/26 23:55:38 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2013/11/26 23:55:38 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2013/11/26 23:55:38 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2013/11/26 23:55:37 | 000,877,880 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2013/11/26 23:55:34 | 005,773,592 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2013/11/26 23:55:33 | 000,852,016 | ---- | C] (Sony Corporation) -- C:\Windows\System32\MISS_APO.dll
[2013/11/26 23:55:30 | 000,761,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2013/11/26 23:55:30 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2013/11/26 23:55:29 | 000,926,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2013/11/26 23:55:27 | 003,444,992 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2013/11/26 23:55:17 | 027,369,216 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2013/11/26 23:55:15 | 001,677,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2013/11/26 23:55:07 | 013,881,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2013/11/26 23:55:05 | 001,935,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013/11/26 23:55:03 | 000,859,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2013/11/26 23:55:02 | 001,097,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2013/11/26 23:55:02 | 000,873,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2013/11/26 23:55:01 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2013/11/26 23:55:01 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013/11/26 23:55:01 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013/11/26 23:54:57 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2013/11/26 23:54:34 | 002,395,680 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2013/11/26 23:54:34 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2013/11/26 23:54:34 | 000,346,048 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2013/11/26 23:54:33 | 000,426,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2013/11/26 23:54:33 | 000,403,392 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2013/11/26 23:54:32 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2013/11/26 23:54:31 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2013/11/26 23:54:30 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2013/11/26 23:54:29 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2013/11/26 23:54:26 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2013/11/26 23:54:26 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2013/11/26 23:54:26 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2013/11/26 23:54:25 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2013/11/26 23:54:25 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2013/11/26 23:54:22 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2013/11/26 23:54:21 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2013/11/26 23:54:15 | 006,176,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2013/11/26 23:54:14 | 000,272,048 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2013/11/26 23:54:11 | 001,489,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2013/11/26 23:54:11 | 000,219,312 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2013/11/26 23:54:08 | 000,092,584 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2013/11/26 23:53:19 | 000,182,472 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013/11/26 23:53:19 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013/11/26 17:44:56 | 000,025,400 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013/11/26 17:44:50 | 000,036,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2013/11/26 17:42:39 | 000,036,664 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013/11/26 17:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
[2013/11/26 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2014
[2013/11/26 17:40:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/11/25 22:06:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\JLAdventCalendarAlpine2013
[2013/11/25 22:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\JL Alpine Advent Calendar 2013
[2013/11/25 09:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4
[2013/11/25 09:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities 4
[2013/11/24 23:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media
[2013/11/24 23:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2013/11/22 23:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2013/11/22 23:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foolish IT
[2013/11/22 17:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2013/11/20 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Garmin POI national trust
[2013/11/20 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Garmin
[2013/11/19 10:08:06 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/19 10:08:06 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/19 10:08:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/19 10:08:06 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/19 10:08:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/19 10:08:05 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/19 10:08:05 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/19 10:08:05 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/19 10:08:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/19 10:08:05 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/19 10:08:05 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/19 10:08:05 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/19 10:08:05 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/19 10:08:05 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/19 10:08:05 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/19 10:08:05 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/19 10:08:05 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/19 10:08:05 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/19 10:08:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/19 10:08:04 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/19 10:08:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/19 10:08:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/19 10:08:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/19 10:08:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/19 10:08:04 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/19 10:08:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/19 10:08:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/19 10:08:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/19 10:08:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/17 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\AVAST Software
[2013/11/17 21:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/17 21:53:53 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/17 21:53:50 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/17 21:53:50 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/17 21:53:49 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/17 21:53:48 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/17 21:53:47 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/17 21:53:33 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/17 21:53:18 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2009/10/31 12:53:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/12/15 17:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/15 17:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/15 09:46:18 | 000,023,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/15 09:46:18 | 000,023,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/15 09:42:01 | 000,724,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/15 09:42:01 | 000,147,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/15 09:38:53 | 000,001,135 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar 2013.lnk
[2013/12/15 09:37:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/15 09:35:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/14 20:54:26 | 000,139,264 | ---- | M] () -- C:\Users\Steve\Desktop\SystemLook.exe
[2013/12/14 10:09:54 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/14 00:13:45 | 001,226,802 | ---- | M] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2013/12/13 23:59:24 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Steve\Desktop\JRT.exe
[2013/12/13 23:33:55 | 000,000,040 | ---- | M] () -- C:\Users\Steve\defogger_reenable
[2013/12/13 23:32:12 | 000,050,477 | ---- | M] () -- C:\Users\Steve\Desktop\Defogger.exe
[2013/12/13 12:02:22 | 000,001,057 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\vso_ts_preview.xml
[2013/12/12 17:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2013/12/12 17:01:42 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2013/12/12 15:29:54 | 000,000,752 | ---- | M] () -- C:\Windows\WININIT.INI
[2013/12/12 09:29:35 | 000,727,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/10 23:06:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/10 23:06:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/10 11:41:48 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.1.lnk
[2013/12/09 19:16:20 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\MGADiag.exe
[2013/12/09 09:52:53 | 000,468,480 | ---- | M] () -- C:\Users\Steve\Desktop\CKScanner.exe
[2013/12/08 17:26:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2013/12/08 14:16:47 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2013/12/08 12:08:29 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Digital Home Support.lnk
[2013/12/07 23:40:47 | 000,001,989 | ---- | M] () -- C:\Users\Steve\Desktop\NISSAN Connect PC Tool.lnk
[2013/12/07 23:37:58 | 000,979,379 | ---- | M] () -- C:\Users\Steve\Desktop\Nissan-manual-gb.pdf
[2013/12/05 23:46:52 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/05 22:11:52 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/02 19:00:04 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/12/02 17:12:52 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2013/11/27 21:51:34 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/26 23:58:24 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2013/11/26 17:42:32 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2013/11/26 17:42:32 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
[2013/11/26 09:23:02 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/26 09:22:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/26 08:53:56 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/26 08:52:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/26 08:38:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/26 08:36:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/26 08:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/26 08:29:55 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/26 08:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/26 08:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/26 08:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/26 08:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/26 07:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/26 06:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/25 22:06:18 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 09:50:09 | 000,001,028 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2013/11/24 10:03:19 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/23 18:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/22 23:22:02 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2013/11/19 10:08:06 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/19 10:08:06 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/19 10:08:06 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/19 10:08:06 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/19 10:08:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/19 10:08:05 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/19 10:08:05 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/19 10:08:05 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/19 10:08:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/19 10:08:05 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/19 10:08:05 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/19 10:08:05 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/19 10:08:05 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/19 10:08:05 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/19 10:08:05 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/19 10:08:05 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/19 10:08:05 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/19 10:08:05 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/19 10:08:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/19 10:08:05 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/19 10:08:04 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/19 10:08:04 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/19 10:08:04 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/19 10:08:04 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/19 10:08:04 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/19 10:08:04 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/19 10:08:04 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/19 10:08:03 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/19 10:08:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/19 10:08:03 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/17 21:54:19 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/17 21:53:19 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/17 21:53:19 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/17 21:53:19 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/17 21:53:19 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/17 21:53:18 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/17 21:53:18 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/17 21:53:18 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/17 21:53:18 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/17 21:53:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/17 21:53:18 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/17 21:50:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/12/14 20:54:26 | 000,139,264 | ---- | C] () -- C:\Users\Steve\Desktop\SystemLook.exe
[2013/12/14 00:13:45 | 001,226,802 | ---- | C] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2013/12/13 23:32:12 | 000,050,477 | ---- | C] () -- C:\Users\Steve\Desktop\Defogger.exe
[2013/12/10 11:41:48 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.1.lnk
[2013/12/09 09:52:53 | 000,468,480 | ---- | C] () -- C:\Users\Steve\Desktop\CKScanner.exe
[2013/12/08 12:08:29 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Digital Home Support.lnk
[2013/12/07 23:40:47 | 000,001,989 | ---- | C] () -- C:\Users\Steve\Desktop\NISSAN Connect PC Tool.lnk
[2013/12/07 23:37:56 | 000,979,379 | ---- | C] () -- C:\Users\Steve\Desktop\Nissan-manual-gb.pdf
[2013/11/26 23:58:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/11/26 23:56:06 | 005,681,192 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/11/26 23:55:53 | 000,681,905 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/11/26 23:53:20 | 000,502,584 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll
[2013/11/26 23:53:18 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2013/11/26 17:42:32 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2013/11/26 17:42:32 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
[2013/11/26 17:42:31 | 000,002,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
[2013/11/25 22:06:53 | 000,001,135 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 22:06:18 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 22:06:18 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 09:50:09 | 000,001,028 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2013/11/25 09:50:09 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk
[2013/11/25 09:50:03 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2013/11/22 23:22:02 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2013/11/19 10:08:05 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/17 21:54:19 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/17 21:53:51 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/17 21:53:50 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/24 23:30:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2013/05/27 18:21:04 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/15 17:20:27 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/11 22:31:57 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/06/18 23:24:00 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/06/18 23:24:00 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/06/18 23:24:00 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/06/18 23:24:00 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/06/18 23:24:00 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/02/05 16:30:04 | 000,000,040 | ---- | C] () -- C:\Users\Steve\defogger_reenable
[2010/12/25 14:31:29 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/25 15:43:27 | 000,000,600 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\winscp.rnd
[2010/10/21 19:26:24 | 000,000,550 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\prefsdb.dat
[2010/05/30 10:01:27 | 000,001,024 | ---- | C] () -- C:\Users\Steve\.rnd
[2010/04/17 20:12:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/14 16:56:10 | 000,000,026 | ---- | C] () -- \UpdaterforApp.ini
[2009/12/28 00:08:55 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/12/28 00:08:55 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/10/31 13:04:54 | 000,001,057 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\vso_ts_preview.xml
[2009/10/31 12:53:18 | 000,087,608 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\inst.exe
[2009/10/31 12:53:18 | 000,007,887 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat
[2009/10/31 12:53:18 | 000,001,144 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf
[2009/10/31 07:37:03 | 000,000,009 | ---- | C] () -- \DVD.TAG
[2009/10/30 23:55:48 | 000,001,024 | ---- | C] () -- \.rnd
[2009/07/14 02:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 02:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/05/26 09:50:55 | 000,383,786 | RHS- | C] () -- \bootmgr
[2009/05/23 09:53:00 | 000,000,033 | ---- | C] () -- \_del.wtc
[2002/07/01 14:13:30 | 000,000,229 | -HS- | C] () -- C:\Users\Steve\AppData\Roaming\matrox_drv16.dat

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/04/17 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.oit
[2013/08/21 22:33:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Absolute Uninstaller
[2011/02/12 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Aerohills
[2010/03/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Anabel
[2011/02/04 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AnvSoft
[2010/03/25 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Apowersoft
[2011/06/29 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Art2_
[2013/08/14 22:42:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ATViewer
[2013/11/17 22:01:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVAST Software
[2013/01/15 18:29:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\avidemux
[2010/10/11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Awem
[2012/06/01 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Bidgood Svcs
[2010/01/18 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\blg
[2011/06/21 15:45:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Blue Tea Games
[2011/08/27 15:53:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Boolat Games
[2011/07/14 16:05:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BrokenHearts
[2013/06/28 23:35:42 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\calibre
[2011/05/27 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Camel101
[2012/12/29 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2010/02/18 16:23:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Cat's Eye Games
[2011/12/15 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CBS Interactive
[2013/07/03 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CheckPoint
[2010/02/12 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\com.adobe.ExMan
[2010/03/30 15:18:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/10 23:35:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\cryptlib
[2013/01/17 21:23:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2011/01/11 15:37:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dekovir
[2010/08/06 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DiskSpaceFan
[2010/09/03 15:19:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dragon Altar Games
[2013/02/06 23:38:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoft
[2011/11/23 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EfrenStudios
[2011/03/17 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Elephant Games
[2011/05/09 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Enki Games
[2011/07/08 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ERS G-Studio
[2011/06/02 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ERS Game Studios
[2010/01/31 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EscapeTheMuseum2
[2012/11/07 23:15:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\eTeks
[2010/03/02 10:53:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Faerie Solitaire
[2010/10/25 15:08:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FileZilla
[2011/08/19 16:07:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Floodlight Games
[2010/10/06 12:09:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FlyWheelGames
[2010/09/29 16:00:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Foxit Software
[2010/04/24 15:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreezeTag
[2010/02/04 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Friday's games
[2013/05/28 09:56:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FrostWire
[2010/01/15 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\funkitron
[2011/02/27 11:51:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Game Mill Entertainment
[2009/11/06 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GameInvest
[2010/12/29 15:58:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GameMill Entertainment
[2009/11/11 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Games
[2011/05/27 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GarageGames
[2013/05/12 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GARMIN
[2011/06/13 15:52:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GestaltGames
[2012/04/21 23:32:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GetRightToGo
[2013/11/25 09:50:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GlarySoft
[2010/02/11 21:32:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GlobalSCAPE
[2010/03/23 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GloomBeacon
[2012/01/27 21:11:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Gogii
[2011/03/04 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Gogii Games
[2010/01/15 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Gold Casual Games
[2010/08/07 14:35:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Green Clover Games
[2012/06/20 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HandBrake
[2011/11/25 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Happy Muffin Top
[2011/02/15 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HdO Adventure
[2012/03/03 00:34:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IGC
[2010/09/06 22:26:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\iMaxGen
[2009/12/02 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Island
[2011/09/09 14:38:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Jetdogs Studios
[2013/11/26 09:17:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\JLAdventCalendarAlpine2013
[2011/09/03 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\JodieDrake
[2010/08/01 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\KranX Productions
[2010/10/09 15:48:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LaJangada
[2011/08/27 13:53:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2010/11/18 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LegacyInteractive
[2013/12/10 11:46:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LibreOffice
[2010/12/14 15:28:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Little Worlds Online
[2011/03/07 11:51:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LogSys
[2011/07/05 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ludia
[2010/01/10 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MA
[2010/07/29 17:32:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Magic3
[2011/09/03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MagicMatch
[2013/01/13 00:33:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MAGIX
[2010/11/04 17:07:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MAI
[2010/07/10 10:26:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mariaglorum
[2010/12/14 15:37:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MasterThief
[2011/11/25 00:28:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MediaMonkey
[2013/04/03 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\mention
[2011/06/29 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Meridian93
[2010/08/16 10:17:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Merscom
[2009/12/21 00:11:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MP3toiPodAudioBookConverter
[2010/08/13 08:52:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mutant Arcade
[2010/11/10 17:01:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mystery of Mortlake Mansion
[2010/03/13 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MysteryStudio
[2011/07/17 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Namco
[2010/11/10 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NexusFile
[2013/01/17 16:30:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\No Company Name
[2012/08/16 22:42:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nokia
[2010/09/25 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nokia Ovi Suite
[2012/08/16 22:42:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nokia Suite
[2011/01/11 14:56:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nolo
[2010/04/17 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nuance
[2011/02/13 15:12:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Old Castle
[2013/05/16 23:28:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Opera
[2011/08/13 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Orneon
[2012/12/09 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Panasonic
[2010/09/25 22:32:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PC Suite
[2010/10/21 19:26:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\perfect future studio
[2011/01/16 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Phantasmat_bf_ce1
[2013/05/07 23:25:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\player
[2011/07/05 15:24:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PlayFirst
[2010/04/04 16:06:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Playrix Entertainment
[2010/10/09 15:58:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PoBros
[2010/01/15 16:13:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Princess Isabella
[2012/06/25 14:46:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Radialpoint
[2010/04/20 09:23:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\S300-S400 Series
[2010/01/18 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Salehoo
[2011/09/03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Saqqarah
[2012/11/22 09:53:20 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SecondLife
[2013/01/15 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Serif
[2010/11/08 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ShinyTales
[2010/08/29 09:49:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sierra
[2010/07/24 15:52:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Silverback Productions
[2010/04/30 16:40:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Simple Star
[2010/07/13 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Skunk Studios
[2011/09/03 15:29:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sleepwalker Games
[2011/04/14 11:23:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SMA
[2011/03/01 15:33:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Songbird2
[2010/08/19 10:38:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Specialbit
[2012/12/31 11:08:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Speckie
[2010/12/31 00:30:21 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SpinTop
[2011/09/03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\StoneLoops!
[2010/03/22 23:25:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SulusGames
[2010/08/30 15:40:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TheFixerUpper
[2010/04/19 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Thunderbird
[2011/02/17 17:10:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TikisLab
[2011/10/02 08:36:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\tinySpell
[2009/12/13 23:43:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TomTom
[2010/11/02 17:43:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Top Evidence
[2010/07/25 16:36:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Total Eclipse
[2013/11/26 17:42:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TuneUp Software
[2012/06/20 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TuneUpMedia
[2009/11/22 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\UBitMenu
[2011/05/17 10:10:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ulead Systems
[2009/11/01 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\URSoft
[2009/12/06 16:24:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\V-Games
[2010/10/28 16:04:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Valusoft
[2012/02/02 20:15:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Virgin Media
[2009/12/25 00:01:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Virtual City
[2010/10/26 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Virtual Prophecy
[2010/09/30 19:10:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vogat Interactive
[2013/12/13 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso
[2011/02/01 11:18:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WhiteBirdsProductions
[2010/03/20 16:52:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinAVI
[2010/10/20 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer
[2010/04/22 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinPatrol
[2011/01/01 17:29:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\World-LooM
[2010/04/17 19:58:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Zeon
[2012/01/31 22:14:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\{{userdatapath.company}}

< End of report >
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 17th, 2013, 1:16 am

Hello Steve,

Sorry for such long delay. Please run the following:

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Users\Steve\Documents\Downloads\CNET TechTracker\gusetup.exe
E:\Software\EaseUS Partiton Master.exe
E:\Software\Unlocker1.9.2.exe
E:\Software\alcohol info\UK Info Alcohol 2.rar
E:\Software\alcohol info\UK Info Alcohol 2\Alcohol 120% v1.9.7. 6221\Alcohol120 1.9.7.6221.exe
E:\Software\MAGIX Movie Edit Pro 2013 Premium 12.0.2.2 + Addons [ChingLiu]\Movie_Edit_Pro_2013_Premium_DLV_en-II_120824_12-31_12_0_0_32.exe
E:\Software\YourUninstaller!.7.4.2012.01 - Honest\yusetup7p.exe


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Step 3.
ComboFix Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press I Agree to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix may reboot your computer allow this and follow all directions given.
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.


** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total or Jotti.
  3. Contents of the ComboFix.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 17th, 2013, 5:17 pm

Jotti results. the first file on the E drive, E:\Software\EaseUS partition Master.exe was too large to upload to jotti, so I deleted all the files found on e drive as they were not required, I hope that is OK

https://www.virustotal.com/en/file/8078 ... 387284965/

I had a problem stopping my antivirus, I think I got there eventually, anyway combofix results below.

ComboFix 13-12-17.02 - Steve 17/12/2013 19:27:27.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.1500 [GMT 0:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 4
Access is denied.
.
/wow section - STAGE 32
Access is denied.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\JL Alpine Advent Calendar 2013\JL Alpine Advent Calendar 2013.exe
c:\windows\system64
c:\windows\system64\atl100.dll
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-11-17 to 2013-12-17 )))))))))))))))))))))))))))))))
.
.
2013-12-17 20:05 . 2013-12-17 20:09 -------- d-----w- c:\users\Steve\AppData\Local\temp
2013-12-17 20:05 . 2013-12-17 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-17 09:38 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6BC6FA8-09A1-4DD8-B96C-78A600E2D15B}\mpengine.dll
2013-12-15 10:02 . 2013-12-15 10:02 -------- d-----w- c:\program files\ESET
2013-12-14 00:02 . 2013-12-14 00:02 -------- d-----w- c:\windows\ERUNT
2013-12-13 23:43 . 2013-12-13 23:43 -------- d-----w- C:\_OTL
2013-12-11 09:58 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 09:58 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 09:55 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 09:55 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 09:55 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 09:55 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 09:55 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 09:55 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 09:55 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 09:55 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 09:55 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 09:54 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 09:54 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-10 11:46 . 2013-12-10 11:46 -------- d-----w- c:\users\Steve\AppData\Roaming\LibreOffice
2013-12-10 11:40 . 2013-12-10 11:41 -------- d-----w- c:\program files\LibreOffice 4
2013-12-09 19:18 . 2013-12-09 19:18 -------- d-----w- C:\MGADiagToolOutput
2013-12-07 23:40 . 2013-12-07 23:40 -------- d-----w- c:\program files\NISSAN_Connect_PC_Tool
2013-12-05 23:46 . 2013-12-05 23:47 -------- d-----r- c:\program files\Skype
2013-12-05 23:46 . 2013-12-05 23:46 -------- d-----w- c:\program files\Common Files\Skype
2013-12-02 19:00 . 2013-12-02 19:00 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-11-30 10:21 . 2013-11-30 10:21 -------- d-----w- c:\users\Steve\AppData\Local\Avg2014
2013-11-27 21:26 . 2013-11-27 21:26 -------- d-----w- c:\windows\Migration
2013-11-27 21:21 . 2000-01-01 00:00 955168 ----a-w- c:\windows\system32\nvspcap.dll
2013-11-27 21:19 . 2013-11-27 21:19 -------- d-----w- c:\users\TEMP.Steve-PC.008
2013-11-27 21:19 . 2013-11-27 21:19 -------- d-----w- c:\users\UpdatusUser.Steve-PC.008
2013-11-26 23:57 . 2013-11-26 23:57 -------- d-----w- c:\windows\system32\RTCOM
2013-11-26 23:55 . 2000-01-01 00:00 13416 ----a-w- c:\windows\system32\RtkCoLDR.dll
2013-11-26 23:54 . 2000-01-01 00:00 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2013-11-26 23:53 . 2000-01-01 00:00 502584 ----a-w- c:\windows\system32\audioLibVc.dll
2013-11-26 23:53 . 2000-01-01 00:00 95840 ----a-w- c:\windows\system32\AERTARen.dll
2013-11-26 23:53 . 2000-01-01 00:00 182472 ----a-w- c:\windows\system32\AERTACap.dll
2013-11-26 23:53 . 2000-01-01 00:00 188696 ----a-w- c:\windows\system32\AcpiServiceVnA.dll
2013-11-26 17:44 . 2013-10-30 09:45 25400 ----a-w- c:\windows\system32\authuitu.dll
2013-11-26 17:44 . 2013-10-30 09:45 36152 ----a-w- c:\windows\system32\uxtuneup.dll
2013-11-26 17:42 . 2013-10-30 09:45 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2013-11-26 17:41 . 2013-11-26 17:44 -------- d-----w- c:\program files\TuneUp Utilities 2014
2013-11-26 17:40 . 2013-11-26 17:40 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-25 22:06 . 2013-11-26 09:17 -------- d-----w- c:\users\Steve\AppData\Roaming\JLAdventCalendarAlpine2013
2013-11-25 22:06 . 2013-12-17 20:03 -------- d-----w- c:\program files\JL Alpine Advent Calendar 2013
2013-11-25 09:49 . 2013-11-25 09:54 -------- d-----w- c:\program files\Glary Utilities 4
2013-11-24 23:45 . 2013-12-08 12:08 -------- d-----w- c:\program files\Virgin Media
2013-11-22 23:22 . 2013-11-22 23:22 -------- d-----w- c:\program files\Foolish IT
2013-11-22 17:47 . 2013-11-22 17:47 -------- d-----w- c:\program files\Garmin GPS Plugin
2013-11-17 22:01 . 2013-11-17 22:01 -------- d-----w- c:\users\Steve\AppData\Roaming\AVAST Software
2013-11-17 21:53 . 2013-11-17 21:53 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-17 21:53 . 2013-11-17 21:53 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-17 21:53 . 2013-11-17 21:53 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-17 21:53 . 2013-11-17 21:53 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-17 21:53 . 2013-11-17 21:53 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-17 21:53 . 2013-11-17 21:53 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-17 21:53 . 2013-11-17 21:53 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-17 21:53 . 2013-11-17 21:53 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-17 21:53 . 2013-11-17 21:53 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-17 21:53 . 2013-11-17 21:53 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 23:06 . 2012-04-04 08:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 23:06 . 2011-05-16 09:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-27 21:51 . 2013-05-27 18:21 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-19 03:33 . 2010-01-14 23:36 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-11 14:26 . 2010-03-16 01:15 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2013-11-11 14:26 . 2010-03-16 01:14 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 14:26 . 2010-03-16 01:15 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 14:26 . 2010-03-16 01:14 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 14:26 . 2009-09-27 17:47 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 08:59 . 2013-11-11 08:59 590112 ----a-w- c:\windows\system32\nvStreaming.exe
2013-10-24 17:05 . 2013-10-24 17:05 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-10-24 17:05 . 2013-10-24 17:05 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-10-12 02:03 . 2013-11-13 09:23 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 09:23 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-13 09:23 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 07:50 . 2013-11-08 21:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 19:57 . 2013-11-13 09:23 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58 . 2013-11-13 09:23 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 09:23 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56 . 2013-11-13 09:23 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58 . 2013-11-13 09:23 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-10-02 17:02 . 2013-10-02 17:02 1678040 ----a-w- c:\windows\system32\BtwRSupportService.exe
2013-10-02 17:02 . 2013-10-02 17:02 144600 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2013-09-25 02:01 . 2013-11-13 09:23 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01 . 2013-11-13 09:23 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57 . 2013-11-13 09:23 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57 . 2013-11-13 09:23 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57 . 2013-11-13 09:23 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56 . 2013-11-13 09:23 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56 . 2013-11-13 09:23 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49 . 2013-11-13 09:23 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49 . 2013-11-13 09:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-08-25 15:49 . 2013-05-22 20:48 1688048 ----a-w- c:\program files\opera\program\plugins\rf-np-plugin.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 20:18 222832 ----a-w- c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 20:18 222832 ----a-w- c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 20:18 222832 ----a-w- c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-17 21:53 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SacReminder"="c:\programdata\OfficeGuardian\reminder\SacReminder.exe" [2009-06-26 825152]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-08-25 107000]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"AppleIEDAV"="c:\program files\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-06-27 2295576]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-17 3568312]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2000-01-01 955168]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2013-11-14 2033944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2013-06-13 19:31 64280 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Harmony Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Harmony Monitor.lnk
backup=c:\windows\pss\Harmony Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-11-08 15:14 1095000 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2013-11-19 03:55 37152 ----a-w- c:\program files\Glary Utilities 4\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2013-08-14 20:18 257136 ----a-w- c:\users\Steve\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NokiaSuite.exe"=c:\program files\Nokia\Nokia Suite\NokiaSuite.exe -tray
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"FSCRecovery"=c:\program files\Fujitsu\System Recovery\FSCRecoveryReminder.exe
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXMediaServer"=c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-08-09 174936]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2013-10-02 144600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33320]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2009-06-03 39632]
R3 devlower;Audio Driver Afilter; [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\DRIVERS\Navcar.sys [2006-09-18 30329]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2010-11-26 44656]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-11-27 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 usbcamcl;Driver for video Device; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1343400]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-12-02 107256]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-17 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-17 403440]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-08-16 37664]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-25 242240]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2013-10-28 340432]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-12-02 155704]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-12-02 228888]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-09-17 143952]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-17 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-17 70384]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-02 1678040]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-08 250712]
S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [2013-11-14 1407256]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 319568]
S2 MSSQL$EONENERGYFIT;SQL Server (EONENERGYFIT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2000-01-01 14652704]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-12-02 1444120]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2013-10-30 1739576]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2013-05-23 42264]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2013-05-23 10136]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2000-01-01 33568]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-10-31 47360]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2000-01-01 193640]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2013-09-18 12320]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVix86
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SYMDNS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 22:06 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:06]
.
2013-12-08 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files\Glary Utilities 4\Initialize.exe [2013-11-19 03:53]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 00:25]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 00:25]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
uInternet Settings,ProxyOverride = localhost;*.local
uInternet Settings,ProxyServer = localhost:8080
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5857DF30-BD72-4E2F-AA8F-CD8289F319FA}: NameServer = 8.26.56.26,156.154.70.22
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=gr ... =714647&p=
FF - ExtSQL: 2013-11-17 21:53; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-11-17 23:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-12-05 23:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar 2013.lnk - c:\program files\JL Alpine Advent Calendar 2013\JL Alpine Advent Calendar 2013.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-675794104-3854591097-1926455036-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-675794104-3854591097-1926455036-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-675794104-3854591097-1926455036-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-675794104-3854591097-1926455036-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-675794104-3854591097-1926455036-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4480)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Apple\Internet Services\APSDaemon.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2013-12-17 20:17:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-17 20:17
.
Pre-Run: 213,125,025,792 bytes free
Post-Run: 213,008,777,216 bytes free
.
- - End Of File - - 4D46F1F2AF7301B204EE29E9E0012F7F
A36C5E4F47E84449FF07ED3517B43A31
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 17th, 2013, 5:19 pm

After running combofix my desktop picture was replaced with a black background and I had to change it back again, is this normal?
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 18th, 2013, 1:05 am

Hello Steve,

After running combofix my desktop picture was replaced with a black background and I had to change it back again, is this normal?
Yes, it may happened sometime.

If you remember what websites were started slowly before we started our treatment, try to run them again and compare the speeds please.

Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 18th, 2013, 6:19 am

Everything appears to be operating OK so far, what was the reason for removing spybot search and destroy?

Was the combofix scan OK?

Steve
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 18th, 2013, 2:45 pm

Hello Steve,

Everything appears to be operating OK so far
Great! :D
what was the reason for removing spybot search and destroy?
Much - does not mean good! It is true especially for defense applications installed. Your current mix of Avast and Windows Defender is nice combination which is enough for good protection.
I had a problem stopping my antivirus
For you future possible needs, you can use the following to temporary stop your Avast activity:
  1. Right-click on the Avast! icon in system tray (it looks like orange in color ball).
  2. Select Avast! shields control and there will be options to disable Avast!:
    • For 10 minutes
    • For 1hour
    • Until the computer is restarted
    • Permanently
  3. Select one you need and press on OK to confirm your choice when it prompted.
Was the combofix scan OK?
Yes, ComboFix was run properly and I got results I was waiting for.

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\Users\Steve\Documents\Downloads\CNET TechTracker\gusetup.exe
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 3.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • UNSELECT "Show hidden files and folders"
  6. Find below and
    • place check mark in check box "Hide extensions for known file types"
    • place check mark in check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Then:
Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 18th, 2013, 5:11 pm

All instructions carried out, I am aware that right clicking on the avast icon on the task bar should give the menu, but in this instance nothing happened.


I still have icons on the desktop for MGADiag, adwcleaner and JRT, can I now delete these.

Steve
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 18th, 2013, 5:49 pm

Hello Steve,

I am aware that right clicking on the avast icon on the task bar should give the menu, but in this instance nothing happened
In such case I can recommend you to reinstall Avast. Please go to this site, download Essential Avast! Free Antivirus and save it to your Desktop. Then uninstall your version of Avast and install the new one.

I still have icons on the desktop for MGADiag, adwcleaner and JRT, can I now delete these.
Yes, you can.

Thank you,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware