Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another with MyStart Problems


  • This topic is locked This topic is locked
16 replies to this topic

#1 poulner

poulner

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 27 October 2012 - 05:14 AM

I've been trying for days to remove Incredibar MyStart from my Chrome Browser in Win7 64bit. As I had updated a number of drivers before becoming aware of the problem I decided not to use Sys Res, but tried many ways to deal with its removal. All failed sooner of later. Nowhere is MyStart to be found at all, but it still appears in a tab.

Please, I would be grateful for your assistance.

BC AdBot (Login to Remove)

 


#2 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 27 October 2012 - 09:21 AM

Later I came across a program folder, the name of which I did not recognise. MyStart was in that, but had never been revealed in any search of any type.

I think I may have solved the problem. Do you agree?

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:12 PM

Posted 28 October 2012 - 06:58 AM

Hi,

Please do the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


NEXT


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 30 October 2012 - 03:49 PM

OTL logfile created on: 30/10/2012 18:15:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gordon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.72% Memory free
8.00 Gb Paging File | 6.38 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.41 Gb Total Space | 521.03 Gb Free Space | 89.00% Space Free | Partition Type: NTFS
Drive J: | 10.69 Gb Total Space | 4.51 Gb Free Space | 42.19% Space Free | Partition Type: NTFS

Computer Name: GORDON-PC | User Name: gordon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 09:05:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gordon\Downloads\OTL.exe
PRC - [2012/10/14 14:29:46 | 029,378,432 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2012/10/13 13:59:40 | 000,698,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/10/12 14:33:10 | 001,026,432 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/24 20:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012/09/22 15:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/22 15:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/09 12:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/09 12:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/14 11:21:56 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2000/01/01 00:00:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/23 18:44:50 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\bc6978890ebe28d617d1197a9056d9f0\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2012/10/23 18:44:49 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\434a5b780030de9e42bd16ad00d4c0d6\IAStorCommon.ni.dll
MOD - [2012/10/23 18:44:48 | 000,361,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c242783d047a6dad58b4918da88b004d\IAStorUtil.ni.dll
MOD - [2012/10/10 10:06:15 | 000,460,312 | ---- | M] () -- C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 10:06:12 | 004,005,912 | ---- | M] () -- C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 10:04:57 | 000,578,072 | ---- | M] () -- C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 10:04:55 | 000,123,928 | ---- | M] () -- C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 10:04:44 | 000,156,712 | ---- | M] () -- C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 10:04:43 | 000,275,496 | ---- | M] () -- C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 10:04:42 | 002,168,360 | ---- | M] () -- C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/10/03 21:02:40 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/09/29 11:57:30 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e3ba21dc083837fdc1c8b9f98c5f4bf\System.ServiceModel.Routing.ni.dll
MOD - [2012/09/29 11:57:29 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a4345e4ff74ec912a5219576049df7fe\System.ServiceModel.Discovery.ni.dll
MOD - [2012/09/29 11:57:28 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\509dab10fd00e66d750ac92101fa3d7b\System.ServiceModel.Activities.ni.dll
MOD - [2012/09/29 11:57:28 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll
MOD - [2012/09/29 11:57:27 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll
MOD - [2012/09/29 11:57:09 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll
MOD - [2012/09/29 11:56:00 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/09/29 11:56:00 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll
MOD - [2012/09/29 11:55:59 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
MOD - [2012/09/29 11:55:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/09/29 07:45:29 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012/09/29 07:45:22 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012/09/29 07:43:40 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/09/29 07:43:40 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/09/29 07:43:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/09/29 07:43:34 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/09/29 07:41:35 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2009/09/15 17:20:50 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2009/09/15 17:20:50 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2009/09/15 17:20:46 | 000,342,528 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/10/30 17:17:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/12 14:33:10 | 001,026,432 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/22 15:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/09 12:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/14 11:21:56 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/12/17 13:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2000/01/01 00:00:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 18:13:29 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/10/25 06:43:29 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/10/25 06:43:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/22 15:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/09 12:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/09 12:43:08 | 000,027,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/24 12:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/17 13:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2000/01/01 00:00:00 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2000/01/01 00:00:00 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV - [2012/10/23 15:06:25 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/09/22 15:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/09/22 15:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1055155093-2603920669-3764954328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1055155093-2603920669-3764954328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1055155093-2603920669-3764954328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 A8 BC 3A 22 B4 CD 01 [binary data]
IE - HKU\S-1-5-21-1055155093-2603920669-3764954328-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1055155093-2603920669-3764954328-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1055155093-2603920669-3764954328-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gordon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gordon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/30 17:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/30 17:16:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/10/16 18:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gordon\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\gordon\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\gordon\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\gordon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3_0\
CHR - Extension: Google Search = C:\Users\gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IE Tab = C:\Users\gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
CHR - Extension: Extensions Manager (aka Switcher) = C:\Users\gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\0.1.9.48_0\
CHR - Extension: Gmail = C:\Users\gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1055155093-2603920669-3764954328-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1055155093-2603920669-3764954328-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1055155093-2603920669-3764954328-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EF4DAD9-30DF-49F7-A71A-179B50781C96}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17b84f14-0735-11e2-aa7b-00256485166c}\Shell - "" = AutoRun
O33 - MountPoints2\{17b84f14-0735-11e2-aa7b-00256485166c}\Shell\AutoRun\command - "" = I:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/30 17:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012/10/26 17:24:48 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\CutePDF Writer
[2012/10/25 05:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2012/10/23 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/10/23 18:54:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/10/23 18:53:36 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/10/23 18:53:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/10/23 18:53:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/10/23 18:53:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/10/23 18:53:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/10/23 18:53:33 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/10/23 18:53:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/10/23 18:53:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/10/23 18:53:33 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/10/23 18:53:33 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/10/23 18:53:33 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/10/23 18:53:31 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/10/23 18:53:31 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/10/23 18:53:31 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/10/23 18:53:29 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/10/23 18:53:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/10/23 18:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/10/23 18:47:34 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Intel Corporation
[2012/10/23 18:44:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/10/23 18:43:58 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\InstallShield
[2012/10/23 18:39:30 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/10/23 18:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/10/23 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/23 18:19:21 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/10/23 18:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/10/23 18:11:18 | 000,000,000 | R--D | C] -- C:\Users\gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/10/23 18:11:17 | 000,000,000 | ---D | C] -- C:\Users\gordon\Documents\Bluetooth Folder
[2012/10/23 18:10:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2012/10/23 18:09:37 | 002,700,288 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/10/23 18:09:37 | 002,700,288 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/10/23 18:09:37 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2012/10/23 18:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/10/23 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\SlimWare Utilities Inc
[2012/10/23 17:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012/10/23 17:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012/10/23 17:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/10/23 17:30:03 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Macromedia
[2012/10/23 16:30:45 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Malwarebytes
[2012/10/23 16:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/23 16:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/23 16:30:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/21 21:04:37 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\MetaGeek,_LLC
[2012/10/21 20:58:51 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2012/10/19 15:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/19 15:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/18 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedMaxPc
[2012/10/18 22:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/10/18 22:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedMaxPc
[2012/10/18 06:21:12 | 000,000,000 | ---D | C] -- C:\Users\gordon\DNT tool
[2012/10/17 16:40:48 | 000,000,000 | ---D | C] -- C:\Users\gordon\routerstats6.8a
[2012/10/17 07:40:40 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Foxit Software
[2012/10/16 18:10:47 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Mozilla
[2012/10/15 15:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012/10/15 15:34:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/10/15 08:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RouterStats-Lite
[2012/10/15 08:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RouterStats-Lite
[2012/10/11 19:28:54 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Google Chrome Backup
[2012/10/11 19:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parhelia Tools
[2012/10/11 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\Serif
[2012/10/11 07:48:24 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\jZip
[2012/10/11 07:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2012/10/10 12:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012/10/10 12:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
[2012/10/10 12:54:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/10/09 19:58:30 | 000,000,000 | ---D | C] -- C:\d90620553d297e6b16f9
[2012/10/09 17:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/10/09 11:37:07 | 000,000,000 | ---D | C] -- C:\Users\gordon\NT user All
[2012/10/06 18:29:44 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Roaming\DriverCure
[2012/10/06 16:50:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/06 09:54:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2.old
[2012/10/06 09:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/06 07:35:26 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\ElevatedDiagnostics
[2012/10/03 21:02:32 | 000,101,688 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/10/03 21:01:24 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\Trusteer
[2012/10/03 21:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2012/10/03 20:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2012/10/03 20:59:26 | 000,247,640 | ---- | C] (Trusteer Ltd.) -- C:\Users\gordon\Desktop\RapportSetup.exe
[2012/10/02 15:38:29 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\Windows Live Writer
[2012/10/02 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\gordon\AppData\Local\Windows Live

========== Files - Modified Within 30 Days ==========

[2012/10/30 18:19:31 | 000,732,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/30 18:19:31 | 000,631,572 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/30 18:19:31 | 000,112,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/30 18:13:42 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/10/30 18:13:29 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/10/30 18:13:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/10/30 18:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/30 18:12:51 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/30 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/10/30 17:49:01 | 000,002,116 | ---- | M] () -- C:\Users\gordon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/10/30 17:31:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055155093-2603920669-3764954328-1000UA.job
[2012/10/30 16:43:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 16:43:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 18:44:16 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055155093-2603920669-3764954328-1000Core.job
[2012/10/26 17:25:10 | 011,254,375 | ---- | M] () -- C:\Users\gordon\Desktop\cwcBQz&sec=AHSqidbgYW_rnY2A9lcAegr5Ny2cwMoky5gw3Jz-O7tKcp4VTsskMONz7eoeDnvwLLFb_PqjijOB&a=gp&filename=GOSOUTHCOAST120429.pdf
[2012/10/26 02:16:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/10/25 05:44:50 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/10/25 05:44:50 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2012/10/23 18:48:12 | 000,739,268 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/23 18:11:21 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin
[2012/10/23 17:59:54 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/10/23 17:31:05 | 000,000,764 | ---- | M] () -- C:\user.js
[2012/10/23 16:30:30 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/22 10:51:14 | 002,540,249 | ---- | M] () -- C:\Users\gordon\Desktop\c750uz034.jpg
[2012/10/21 20:44:13 | 000,001,054 | ---- | M] () -- C:\Users\gordon\Desktop\RouterStats - Shortcut.lnk
[2012/10/20 14:28:04 | 001,693,713 | ---- | M] () -- C:\Users\gordon\Desktop\c750uz007.jpg
[2012/10/19 07:54:31 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/10/18 23:16:05 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/12 18:09:30 | 000,025,472 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012/10/12 17:14:57 | 008,338,606 | ---- | M] () -- C:\Users\gordon\Documents\Ancestry.co amas.pdf
[2012/10/12 16:58:01 | 000,031,144 | ---- | M] () -- C:\Users\gordon\Documents\Ancestry.co eaton.pdf
[2012/10/12 16:50:29 | 000,172,633 | ---- | M] () -- C:\Users\gordon\Documents\1911 England Census - Ancestry.co.pdf
[2012/10/12 16:40:32 | 007,642,080 | ---- | M] () -- C:\Users\gordon\Documents\Ancestry.co.pdf
[2012/10/11 19:28:34 | 000,001,894 | ---- | M] () -- C:\Users\gordon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome Backup.lnk
[2012/10/11 11:56:54 | 000,283,611 | ---- | M] () -- C:\Users\gordon\Desktop\rs config grabs.zip
[2012/10/11 10:51:12 | 000,692,224 | ---- | M] () -- C:\Windows\SysWow64\libeay32.dll
[2012/10/11 10:51:12 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\ssleay32.dll
[2012/10/11 07:48:05 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/10/10 15:42:51 | 000,324,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/09 20:27:04 | 000,001,462 | ---- | M] () -- C:\Users\gordon\Documents\cc_20121009_212655.reg
[2012/10/08 06:28:47 | 000,179,858 | ---- | M] () -- C:\Users\gordon\Documents\Frizzell - csma Home Insurance - Your Quote.pdf
[2012/10/06 16:48:09 | 000,011,422 | ---- | M] () -- C:\Users\gordon\Documents\cc_20121006_174757.reg
[2012/10/03 20:59:28 | 000,247,640 | ---- | M] (Trusteer Ltd.) -- C:\Users\gordon\Desktop\RapportSetup.exe

========== Files Created - No Company Name ==========

[2012/10/26 17:25:28 | 011,254,375 | ---- | C] () -- C:\Users\gordon\Desktop\cwcBQz&sec=AHSqidbgYW_rnY2A9lcAegr5Ny2cwMoky5gw3Jz-O7tKcp4VTsskMONz7eoeDnvwLLFb_PqjijOB&a=gp&filename=GOSOUTHCOAST120429.pdf
[2012/10/25 05:44:50 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/10/25 05:44:50 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2012/10/23 18:53:33 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/10/23 18:48:12 | 000,739,268 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/23 18:19:21 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/10/23 18:14:38 | 000,000,035 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/10/23 18:09:37 | 000,013,470 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/10/23 18:09:37 | 000,008,090 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/10/23 18:00:06 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/10/23 18:00:01 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/10/23 17:59:54 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/10/23 16:30:30 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/21 20:44:13 | 000,001,054 | ---- | C] () -- C:\Users\gordon\Desktop\RouterStats - Shortcut.lnk
[2012/10/20 14:28:04 | 001,693,713 | ---- | C] () -- C:\Users\gordon\Desktop\c750uz007.jpg
[2012/10/18 22:02:00 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/10/18 22:01:52 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/10/18 22:01:51 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/10/12 17:14:57 | 008,338,606 | ---- | C] () -- C:\Users\gordon\Documents\Ancestry.co amas.pdf
[2012/10/12 16:58:01 | 000,031,144 | ---- | C] () -- C:\Users\gordon\Documents\Ancestry.co eaton.pdf
[2012/10/12 16:50:29 | 000,172,633 | ---- | C] () -- C:\Users\gordon\Documents\1911 England Census - Ancestry.co.pdf
[2012/10/12 16:40:32 | 007,642,080 | ---- | C] () -- C:\Users\gordon\Documents\Ancestry.co.pdf
[2012/10/11 19:28:34 | 000,001,894 | ---- | C] () -- C:\Users\gordon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome Backup.lnk
[2012/10/11 11:56:54 | 000,283,611 | ---- | C] () -- C:\Users\gordon\Desktop\rs config grabs.zip
[2012/10/11 10:51:12 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2012/10/11 10:51:12 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2012/10/11 07:48:05 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/10/10 12:56:03 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif AlbumPlus Organizer.lnk
[2012/10/10 12:56:03 | 000,002,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PhotoPlus X4.lnk
[2012/10/09 20:26:57 | 000,001,462 | ---- | C] () -- C:\Users\gordon\Documents\cc_20121009_212655.reg
[2012/10/08 06:28:47 | 000,179,858 | ---- | C] () -- C:\Users\gordon\Documents\Frizzell - csma Home Insurance - Your Quote.pdf
[2012/10/06 16:48:03 | 000,011,422 | ---- | C] () -- C:\Users\gordon\Documents\cc_20121006_174757.reg
[2012/10/02 15:11:38 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/29 05:17:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2012/07/17 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2012/10/13 08:21:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 08:21:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/10/06 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\gordon\AppData\Roaming\DriverCure
[2012/10/26 15:10:49 | 000,000,000 | ---D | M] -- C:\Users\gordon\AppData\Roaming\Foxit Software
[2012/10/25 05:44:49 | 000,000,000 | ---D | M] -- C:\Users\gordon\AppData\Roaming\IObit
[2012/10/09 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\gordon\AppData\Roaming\IrfanView
[2012/10/11 11:20:19 | 000,000,000 | ---D | M] -- C:\Users\gordon\AppData\Roaming\Serif
[2012/09/26 16:18:03 | 000,000,000 | ---D | M] -- C:\Users\gordon\AppData\Roaming\TestApp
[2012/09/26 08:32:19 | 000,000,000 | ---D | M] -- C:\Users\gordon\AppData\Roaming\Thunderbird
[2012/10/13 08:21:54 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ATA WDC WD6400AAKS-7 SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Canon MP540 series USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- SM/xD Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 78.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 82837504
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 585.00GB
Starting Offset: 11556356096
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 30/10/2012 18:15:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gordon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.72% Memory free
8.00 Gb Paging File | 6.38 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.41 Gb Total Space | 521.03 Gb Free Space | 89.00% Space Free | Partition Type: NTFS
Drive J: | 10.69 Gb Total Space | 4.51 Gb Free Space | 42.19% Space Free | Partition Type: NTFS

Computer Name: GORDON-PC | User Name: gordon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52704A51-56D7-4E48-9034-E2E34E47D440}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6B8E3026-ACB2-4E71-ABA8-63B5F3638B47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072F3A4B-C357-4464-9D0F-649983D2192E}" = protocol=17 | dir=in | app=c:\users\gordon\routerstats6.8a\routerstats.exe |
"{27D8541C-E563-4612-A426-122D0AC7D6EB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{47CFEB2A-3CB5-4E15-BD92-8A560487E342}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{4EE9C7DF-8598-4275-B7EF-C1A6E080AB34}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{645321E8-4425-4A08-ACB0-6B76BE46920B}" = protocol=6 | dir=in | app=c:\program files (x86)\iobit\advanced systemcare 5\asc.exe |
"{7EDA0059-78BC-44A2-9814-E9D75B7DED50}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{980340C4-BDC8-49D8-A61D-5F170CA0E42A}" = protocol=6 | dir=in | app=c:\users\gordon\routerstats6.8a\routerstats.exe |
"{9BC27A1B-2C69-4CF4-8114-23202D4C57E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{AC144E07-B6F2-41FB-A321-39EFE3518EDC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AEA5ECCC-3E4A-458A-8A54-E6725A3E99F5}" = protocol=17 | dir=in | app=c:\program files (x86)\iobit\advanced systemcare 5\asc.exe |
"{CA926F0B-F5C2-421E-B6C2-64DE4D25424B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{CD8836A3-2137-4F34-A0C6-47D0C42B3D20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D69108FE-EAA5-4DCB-94B3-5FA29B6E7B23}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E10D4B4D-9241-4849-8C78-6A410C4664D0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E19996FB-4B1D-4DF6-918E-8DEC25FD5FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E3A037D2-82EC-48A9-8F67-3C6A41AF3954}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E3AFAF6F-EAFF-4933-8697-2B059A8E96F0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{EE68EFF8-81DD-48C9-8718-8773A104E253}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{FBFCCA6C-8FF9-4F4B-985A-1114F3711F77}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.9
"File Shredder_is1" = File Shredder 2.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52291FC0-33D3-4A18-9587-5115225545D8}_is1" = Google Chrome Backup 1.8.0.141
"{59D1195A-7E64-4120-BB37-F053D9FD45FB}" = ODF Add-in for Microsoft Office
"{5A25CBED-9F0C-40A6-B06A-3CE81CAB375E}" = Windows Live Mail
"{5B5FD463-1514-4813-BC65-C512A30378A6}" = Windows Live Writer Resources
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{AFA3224E-8AD6-4EFA-9DBA-A2E499F30282}" = Serif PhotoPlus X4
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{DD350F3A-3620-4185-A5E2-88A6437C8415}" = SlimDrivers
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MozBackup" = MozBackup 1.5.1
"Mozilla Thunderbird 16.0.2 (x86 en-GB)" = Mozilla Thunderbird 16.0.2 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1055155093-2603920669-3764954328-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/10/2012 03:56:35 | Computer Name = gordon-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 19/10/2012 03:56:37 | Computer Name = gordon-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 19/10/2012 03:56:37 | Computer Name = gordon-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 19/10/2012 03:56:37 | Computer Name = gordon-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 21/10/2012 14:00:01 | Computer Name = gordon-PC | Source = Windows Backup | ID = 4103
Description =

Error - 23/10/2012 02:04:45 | Computer Name = gordon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ASCTray.exe, version: 5.3.0.272, time stamp:
0x4fc32ed3 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932, time stamp:
0x50327672 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting process id:
0xa0c Faulting application start time: 0x01cdb0e44b4e874f Faulting application path:
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 8ace15ac-1cd7-11e2-b93d-00256485166c

Error - 23/10/2012 13:30:42 | Computer Name = gordon-PC | Source = Application Hang | ID = 1002
Description = The program Setup (1).exe version 2.0.18.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cf4 Start
Time: 01cdb143f058defe Termination Time: 0 Application Path: C:\Users\gordon\Downloads\Setup
(1).exe Report Id:

Error - 27/10/2012 05:50:18 | Computer Name = gordon-PC | Source = MsiInstaller | ID = 11904
Description =

Error - 28/10/2012 02:42:38 | Computer Name = gordon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000004f80fd8 Faulting process
id: 0xa58 Faulting application start time: 0x01cdb4d321b4af15 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: unknown Report Id: a9c6e6dd-20ca-11e2-9002-00256485166c

Error - 28/10/2012 15:00:01 | Computer Name = gordon-PC | Source = Windows Backup | ID = 4103
Description =

[ System Events ]
Error - 22/10/2012 16:28:05 | Computer Name = gordon-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 23/10/2012 02:46:02 | Computer Name = gordon-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 23/10/2012 02:49:52 | Computer Name = gordon-PC | Source = Service Control Manager | ID = 7030
Description = The Advanced SystemCare Service 5 service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 23/10/2012 06:38:13 | Computer Name = gordon-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 23/10/2012 14:12:01 | Computer Name = gordon-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 25/10/2012 01:44:40 | Computer Name = gordon-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 25/10/2012 01:44:55 | Computer Name = gordon-PC | Source = Service Control Manager | ID = 7030
Description = The Advanced SystemCare Service 6 service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 27/10/2012 01:38:18 | Computer Name = gordon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 30/10/2012 02:35:44 | Computer Name = gordon-PC | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
addresses.

Error - 30/10/2012 14:13:04 | Computer Name = gordon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:11:53 on ?30/?10/?2012 was unexpected.


< End of report >

#5 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 30 October 2012 - 03:56 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-30 18:59:00
-----------------------------
18:59:00.557 OS Version: Windows x64 6.1.7601 Service Pack 1
18:59:00.557 Number of processors: 2 586 0x170A
18:59:00.557 ComputerName: GORDON-PC UserName: gordon
18:59:01.992 Initialize success
19:00:55.603 AVAST engine defs: 12103000
19:01:08.769 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
19:01:08.769 Disk 0 Vendor: ATA_____ 3B01 Size: 610480MB BusType: 11
19:01:08.785 Disk 0 MBR read successfully
19:01:08.785 Disk 0 MBR scan
19:01:08.800 Disk 0 Windows 7 default MBR code
19:01:08.800 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
19:01:08.816 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10942 MB offset 161792
19:01:08.863 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599458 MB offset 22571008
19:01:08.909 Disk 0 scanning C:\Windows\system32\drivers
19:01:20.438 Service scanning
19:01:46.131 Modules scanning
19:01:46.131 Disk 0 trace - called modules:
19:01:46.162 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
19:01:46.162 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800689f060]
19:01:46.178 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800689e5c0]
19:01:46.178 5 iaStorF.sys[fffff880018bd168] -> nt!IofCallDriver -> [0xfffffa800480d040]
19:01:46.194 7 ACPI.sys[fffff88000f137a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa800474a060]
19:02:27.643 AVAST engine scan C:\Windows
19:02:30.123 AVAST engine scan C:\Windows\system32
19:02:37.362 Disk 0 MBR has been saved successfully to "C:\Users\gordon\Desktop\MBR.dat"
19:02:37.362 The log file has been saved successfully to "C:\Users\gordon\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-30 19:07:44
-----------------------------
19:07:44.812 OS Version: Windows x64 6.1.7601 Service Pack 1
19:07:44.812 Number of processors: 2 586 0x170A
19:07:44.812 ComputerName: GORDON-PC UserName: gordon
19:07:46.107 Initialize success
19:07:52.191 AVAST engine defs: 12103000
19:07:59.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
19:07:59.679 Disk 0 Vendor: ATA_____ 3B01 Size: 610480MB BusType: 11
19:07:59.695 Disk 0 MBR read successfully
19:07:59.695 Disk 0 MBR scan
19:07:59.710 Disk 0 Windows 7 default MBR code
19:07:59.710 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
19:07:59.742 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10942 MB offset 161792
19:07:59.757 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599458 MB offset 22571008
19:07:59.788 Disk 0 scanning C:\Windows\system32\drivers
19:08:12.190 Service scanning
19:08:37.197 Modules scanning
19:08:37.197 Disk 0 trace - called modules:
19:08:37.213 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
19:08:37.228 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800689f060]
19:08:37.228 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800689e5c0]
19:08:37.244 5 iaStorF.sys[fffff880018bd168] -> nt!IofCallDriver -> [0xfffffa800480d040]
19:08:37.260 7 ACPI.sys[fffff88000f137a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa800474a060]
19:08:38.804 AVAST engine scan C:\Windows
19:08:42.002 AVAST engine scan C:\Windows\system32
19:11:37.903 AVAST engine scan C:\Windows\system32\drivers
19:11:51.163 AVAST engine scan C:\Users\gordon
19:14:56.354 AVAST engine scan C:\ProgramData
19:16:09.653 Scan finished successfully
20:40:41.503 Disk 0 MBR has been saved successfully to "C:\Users\gordon\Desktop\MBR.dat"
20:40:41.508 The log file has been saved successfully to "C:\Users\gordon\Desktop\aswMBR.txt"

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:12 PM

Posted 30 October 2012 - 05:32 PM

Please run the following

Open up Chrome

1. click the wench icon in the top right hand corner.
2. go to settings
3. at the left hand side of the page you have three options, history, extensions and settings, click extensions
4. delete any incredibar extensions (let me know what other extensions are listed as well)


NEXT




Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 31 October 2012 - 11:54 AM

ComboFix 12-10-31.03 - gordon 31/10/2012 16:45:53.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2818 [GMT 0:00]
Running from: c:\users\gordon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 16:50 . 2012-10-31 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-31 16:50 . 2012-10-31 16:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-31 14:20 . 2012-10-31 14:20 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2012-10-30 17:16 . 2012-10-30 17:48 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-10-30 16:39 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6518462-2495-4ECD-A861-63D66C9BE953}\mpengine.dll
2012-10-29 12:46 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-26 17:24 . 2012-10-26 17:25 -------- d-----w- c:\users\gordon\AppData\Local\CutePDF Writer
2012-10-25 06:42 . 2012-10-25 06:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-25 06:42 . 2012-10-25 06:42 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-25 06:42 . 2012-10-25 06:42 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-25 06:42 . 2012-10-25 06:42 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-25 06:42 . 2012-10-25 06:42 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-25 06:42 . 2012-10-25 06:42 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-25 06:42 . 2012-10-25 06:42 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-25 06:42 . 2012-10-25 06:42 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-25 06:42 . 2012-10-25 06:42 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-23 18:54 . 2012-10-23 18:54 -------- d-----w- c:\program files\Realtek
2012-10-23 18:54 . 2012-10-23 18:54 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-10-23 18:48 . 2012-10-23 18:48 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-10-23 18:47 . 2012-10-23 18:47 -------- d-----w- c:\users\gordon\AppData\Roaming\Intel Corporation
2012-10-23 18:44 . 2012-07-09 12:43 645952 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2012-10-23 18:44 . 2012-07-09 12:43 27456 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2012-10-23 18:43 . 2012-10-23 18:43 -------- d-----w- c:\users\gordon\AppData\Roaming\InstallShield
2012-10-23 18:39 . 2012-10-23 18:44 -------- d-----w- c:\program files (x86)\Intel
2012-10-23 18:39 . 2000-01-01 00:00 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-10-23 18:31 . 2012-10-30 18:15 -------- d-----w- c:\users\UpdatusUser
2012-10-23 18:19 . 2000-01-01 00:00 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-10-23 18:19 . 2000-01-01 00:00 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-10-23 18:19 . 2012-10-23 18:53 -------- d-----w- c:\program files (x86)\Realtek
2012-10-23 18:09 . 2012-10-23 18:09 -------- d-----w- c:\windows\Options
2012-10-23 18:09 . 2011-01-24 12:41 2700288 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-10-23 18:09 . 2011-01-24 12:41 2700288 ----a-w- c:\windows\system32\athrx.sys
2012-10-23 18:09 . 2012-10-23 18:09 -------- d-----w- c:\programdata\Dell
2012-10-23 18:00 . 2012-10-31 16:37 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-23 17:59 . 2012-10-23 17:59 -------- d-----w- c:\users\gordon\AppData\Local\SlimWare Utilities Inc
2012-10-23 17:59 . 2012-10-23 17:59 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-10-23 17:53 . 2012-10-25 06:57 -------- d-----w- c:\program files (x86)\Secunia
2012-10-23 16:30 . 2012-10-23 16:30 -------- d-----w- c:\users\gordon\AppData\Roaming\Malwarebytes
2012-10-23 16:30 . 2012-10-23 16:30 -------- d-----w- c:\programdata\Malwarebytes
2012-10-23 16:30 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-21 21:04 . 2012-10-21 21:04 -------- d-----w- c:\users\gordon\AppData\Local\MetaGeek,_LLC
2012-10-20 06:06 . 2012-09-28 15:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C87FEC19-0360-4D7B-85D3-881D88ED8D0D}\gapaengine.dll
2012-10-19 15:00 . 2012-10-30 18:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-18 22:01 . 2012-10-18 22:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedMaxPc
2012-10-18 22:01 . 2012-10-20 09:55 -------- d-----w- c:\programdata\SpeedMaxPc
2012-10-18 22:01 . 2012-10-20 09:55 -------- d-----w- c:\program files (x86)\SpeedMaxPc
2012-10-18 15:24 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 06:21 . 2012-10-18 06:31 -------- d-----w- c:\users\gordon\DNT tool
2012-10-17 16:40 . 2012-10-30 06:37 -------- d-----w- c:\users\gordon\routerstats6.8a
2012-10-17 07:40 . 2012-10-26 15:10 -------- d-----w- c:\users\gordon\AppData\Roaming\Foxit Software
2012-10-16 18:15 . 2012-10-16 18:15 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-15 19:41 . 2012-09-18 23:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C0776C1-2287-4448-923C-2FD1C1D3CFAE}\mpengine.dll
2012-10-15 15:34 . 2012-10-16 09:53 -------- d-----w- c:\programdata\AVG
2012-10-15 15:34 . 2012-10-15 15:34 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-15 08:23 . 2012-10-16 17:41 -------- d-----w- c:\program files (x86)\RouterStats-Lite
2012-10-13 08:21 . 2012-10-13 08:21 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-11 19:28 . 2012-10-11 19:28 -------- d-----w- c:\users\gordon\AppData\Roaming\Google Chrome Backup
2012-10-11 11:47 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 11:47 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 11:20 . 2012-10-11 11:20 -------- d-----w- c:\users\gordon\AppData\Roaming\Serif
2012-10-11 10:51 . 2012-10-11 10:51 692224 ----a-w- c:\windows\SysWow64\libeay32.dll
2012-10-11 10:51 . 2012-10-11 10:51 151552 ----a-w- c:\windows\SysWow64\ssleay32.dll
2012-10-11 07:48 . 2012-10-11 07:48 -------- d-----w- c:\users\gordon\AppData\Local\jZip
2012-10-10 12:54 . 2012-10-10 12:54 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-09 19:58 . 2012-10-09 19:58 -------- d-----w- C:\d90620553d297e6b16f9
2012-10-09 17:30 . 2012-10-09 17:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-09 17:30 . 2012-10-09 17:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-09 11:37 . 2012-10-09 11:37 -------- d-----w- c:\users\gordon\NT user All
2012-10-06 18:29 . 2012-10-06 18:29 -------- d-----w- c:\users\gordon\AppData\Roaming\DriverCure
2012-10-06 09:54 . 2012-10-06 09:54 -------- d---a-w- c:\windows\system32\catroot2.old
2012-10-06 07:38 . 2012-09-28 15:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-06 07:35 . 2012-10-11 10:52 -------- d-----w- c:\users\gordon\AppData\Local\ElevatedDiagnostics
2012-10-03 21:02 . 2012-10-28 16:46 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-10-03 21:01 . 2012-10-03 21:01 -------- d-----w- c:\users\gordon\AppData\Local\Trusteer
2012-10-03 20:59 . 2012-10-03 20:59 -------- d-----w- c:\programdata\Trusteer
2012-10-02 15:38 . 2012-10-02 15:38 -------- d-----w- c:\users\gordon\AppData\Local\Windows Live Writer
2012-10-02 15:08 . 2012-10-16 17:57 -------- d-----w- c:\users\gordon\AppData\Local\Windows Live
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 18:17 . 2012-10-16 18:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-12 18:09 . 2012-09-27 05:18 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-11 11:51 . 2012-09-25 16:23 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-02 19:51 . 2009-09-24 14:04 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2009-09-24 14:04 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2009-09-24 14:04 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2009-09-24 14:04 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2009-09-24 14:04 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-30 16:57 . 2012-09-30 16:57 45056 ----a-r- c:\users\gordon\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-09-29 17:27 . 2012-09-29 17:27 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-29 17:27 . 2012-09-29 17:27 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-09-29 17:27 . 2012-09-29 17:27 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-09-28 15:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-28 15:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-28 11:37 . 2012-09-28 11:37 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-28 11:37 . 2012-09-28 11:37 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-28 11:37 . 2012-09-28 11:37 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-25 16:31 . 2012-09-25 16:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-25 16:31 . 2012-09-25 16:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-25 16:31 . 2012-09-25 16:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-25 16:31 . 2012-09-25 16:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-25 16:31 . 2012-09-25 16:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-25 16:31 . 2012-09-25 16:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-25 16:31 . 2012-09-25 16:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-25 16:31 . 2012-09-25 16:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-25 16:31 . 2012-09-25 16:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-25 16:31 . 2012-09-25 16:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-25 16:31 . 2012-09-25 16:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-25 16:31 . 2012-09-25 16:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-25 16:31 . 2012-09-25 16:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-25 16:31 . 2012-09-25 16:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-25 16:31 . 2012-09-25 16:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-25 16:31 . 2012-09-25 16:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-25 16:31 . 2012-09-25 16:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-25 16:31 . 2012-09-25 16:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-25 16:31 . 2012-09-25 16:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-25 16:31 . 2012-09-25 16:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-25 16:31 . 2012-09-25 16:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-25 16:31 . 2012-09-25 16:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-25 16:31 . 2012-09-25 16:31 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-25 16:31 . 2012-09-25 16:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-25 16:31 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-25 16:31 . 2012-09-25 16:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-25 16:31 . 2012-09-25 16:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-25 16:31 . 2012-09-25 16:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-25 16:31 . 2012-09-25 16:31 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-25 16:31 . 2012-09-25 16:31 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-25 16:31 . 2012-09-25 16:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-25 16:31 . 2012-09-25 16:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-25 16:31 . 2012-09-25 16:31 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-25 16:31 . 2012-09-25 16:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-25 16:31 . 2012-09-25 16:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-25 16:31 . 2012-09-25 16:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-25 16:31 . 2012-09-25 16:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-25 16:31 . 2012-09-25 16:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-25 16:31 . 2012-09-25 16:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-25 16:31 . 2012-09-25 16:31 448512 ----a-w- c:\windows\system32\html.iec
2012-09-25 16:31 . 2012-09-25 16:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-25 16:31 . 2012-09-25 16:31 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-25 16:31 . 2012-09-25 16:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-25 16:31 . 2012-09-25 16:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-25 16:31 . 2012-09-25 16:31 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-25 16:31 . 2012-09-25 16:31 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-25 16:31 . 2012-09-25 16:31 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-25 16:31 . 2012-09-25 16:31 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-25 16:31 . 2012-09-25 16:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 16:31 . 2012-09-25 16:31 237056 ----a-w- c:\windows\system32\url.dll
2012-09-25 16:31 . 2012-09-25 16:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-25 16:31 . 2012-09-25 16:31 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-25 16:31 . 2012-09-25 16:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-25 16:31 . 2012-09-25 16:31 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-25 16:31 . 2012-09-25 16:31 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-25 16:31 . 2012-09-25 16:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-25 16:31 . 2012-09-25 16:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-25 16:31 . 2012-09-25 16:31 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-25 16:31 . 2012-09-25 16:31 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-25 16:31 . 2012-09-25 16:31 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-25 16:31 . 2012-09-25 16:31 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-25 16:31 . 2012-09-25 16:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-25 16:31 . 2012-09-25 16:31 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-25 16:31 . 2012-09-25 16:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-25 16:31 . 2012-09-25 16:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-25 16:31 . 2012-09-25 16:31 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-25 16:31 . 2012-09-25 16:31 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-25 16:31 . 2012-09-25 16:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-25 16:31 . 2012-09-25 16:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-25 16:31 . 2012-09-25 16:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-25 16:31 . 2012-09-25 16:31 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-12 14:33 . 2012-09-28 06:04 87152 ----a-w- c:\windows\system32\cpwmon64.dll
2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2012-08-30 21:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-29 05:49 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-29 05:49 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-29 05:49 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-29 05:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-02 17:58 . 2012-09-25 16:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-25 16:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-30 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-25 19456]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-31 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-25 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-07-09 645952]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-07-09 27456]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-10-28 101688]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-23 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-10-28 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-10-28 297240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-01-14 135168]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-12-17 53920]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-07-09 7168]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2000-01-01 1258856]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-10-28 976728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-12-17 28832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2000-01-01 189288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 565352]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055155093-2603920669-3764954328-1000Core.job
- c:\users\gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 17:21]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055155093-2603920669-3764954328-1000UA.job
- c:\users\gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 17:21]
.
2012-10-31 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-10-14 14:29]
.
2012-10-30 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-10-19 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2012-06-26 21:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-12-17 613536]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-12-17 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,e7,76,
1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:59,a3,4c,ed,68,9e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,55,b9,ae,f8,f0,1a,42,a9,e7,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,55,b9,ae,f8,f0,1a,42,a9,e7,86,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-31 16:52:05
ComboFix-quarantined-files.txt 2012-10-31 16:52
ComboFix2.txt 2012-10-31 16:33
.
Pre-Run: 561,474,801,664 bytes free
Post-Run: 561,345,032,192 bytes free
.
- - End Of File - - EC32A3D48B0238D69086D59515FA8F19


Other extensions in Chrome

Adblock Plus 1.3

Extensions Manager (aka Switcher) 0.1.9.48

IE Tab 3.10.10.1

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:12 PM

Posted 31 October 2012 - 04:39 PM

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT


please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 01 November 2012 - 10:15 AM

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
gordon :: GORDON-PC [administrator]

Protection: Enabled

01/11/2012 07:07:09
mbam-log-2012-11-01 (07-07-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242797
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===================================================================
C:\Users\gordon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application
C:\Users\gordon\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk Win32/Adware.ADON application

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:12 PM

Posted 01 November 2012 - 06:42 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\gordon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk 
C:\Users\gordon\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 02 November 2012 - 04:19 AM

ComboFix 12-10-31.03 - gordon 02/11/2012 9:00.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2632 [GMT 0:00]
Running from: c:\users\gordon\Desktop\ComboFix.exe
Command switches used :: c:\users\gordon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\gordon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk"
"c:\users\gordon\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk"
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 09:04 . 2012-11-02 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 09:04 . 2012-11-02 09:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-01 16:29 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{235744F5-9318-4037-9A04-DEAB88E31A04}\mpengine.dll
2012-11-01 15:20 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-01 07:15 . 2012-11-01 07:15 -------- d-----w- c:\program files (x86)\ESET
2012-11-01 06:56 . 2012-11-01 06:56 -------- d-----w- c:\users\gordon\AppData\Roaming\Apple Computer
2012-10-31 18:13 . 2012-10-31 18:13 -------- d-----w- c:\programdata\Apple Computer
2012-10-31 18:11 . 2012-10-31 18:11 -------- d-----w- c:\users\gordon\AppData\Local\Apple
2012-10-31 18:11 . 2012-10-31 18:11 -------- d-----w- c:\programdata\Apple
2012-10-31 14:20 . 2012-10-31 14:20 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2012-10-30 17:16 . 2012-11-01 11:05 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-10-26 17:24 . 2012-10-26 17:25 -------- d-----w- c:\users\gordon\AppData\Local\CutePDF Writer
2012-10-25 06:42 . 2012-10-25 06:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-25 06:42 . 2012-10-25 06:42 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-25 06:42 . 2012-10-25 06:42 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-25 06:42 . 2012-10-25 06:42 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-25 06:42 . 2012-10-25 06:42 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-25 06:42 . 2012-10-25 06:42 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-25 06:42 . 2012-10-25 06:42 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-25 06:42 . 2012-10-25 06:42 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-25 06:42 . 2012-10-25 06:42 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-23 18:54 . 2012-10-23 18:54 -------- d-----w- c:\program files\Realtek
2012-10-23 18:54 . 2012-10-23 18:54 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-10-23 18:48 . 2012-10-23 18:48 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-10-23 18:47 . 2012-10-23 18:47 -------- d-----w- c:\users\gordon\AppData\Roaming\Intel Corporation
2012-10-23 18:44 . 2012-07-09 12:43 645952 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2012-10-23 18:44 . 2012-07-09 12:43 27456 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2012-10-23 18:43 . 2012-10-23 18:43 -------- d-----w- c:\users\gordon\AppData\Roaming\InstallShield
2012-10-23 18:39 . 2012-10-23 18:44 -------- d-----w- c:\program files (x86)\Intel
2012-10-23 18:39 . 2000-01-01 00:00 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-10-23 18:31 . 2012-10-30 18:15 -------- d-----w- c:\users\UpdatusUser
2012-10-23 18:19 . 2000-01-01 00:00 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-10-23 18:19 . 2000-01-01 00:00 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-10-23 18:19 . 2012-10-23 18:53 -------- d-----w- c:\program files (x86)\Realtek
2012-10-23 18:09 . 2012-10-23 18:09 -------- d-----w- c:\windows\Options
2012-10-23 18:09 . 2011-01-24 12:41 2700288 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-10-23 18:09 . 2011-01-24 12:41 2700288 ----a-w- c:\windows\system32\athrx.sys
2012-10-23 18:09 . 2012-10-23 18:09 -------- d-----w- c:\programdata\Dell
2012-10-23 18:00 . 2012-11-02 08:45 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-23 17:59 . 2012-10-23 17:59 -------- d-----w- c:\users\gordon\AppData\Local\SlimWare Utilities Inc
2012-10-23 17:59 . 2012-10-23 17:59 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-10-23 17:53 . 2012-10-25 06:57 -------- d-----w- c:\program files (x86)\Secunia
2012-10-23 16:30 . 2012-10-23 16:30 -------- d-----w- c:\users\gordon\AppData\Roaming\Malwarebytes
2012-10-23 16:30 . 2012-10-23 16:30 -------- d-----w- c:\programdata\Malwarebytes
2012-10-23 16:30 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-21 21:04 . 2012-10-21 21:04 -------- d-----w- c:\users\gordon\AppData\Local\MetaGeek,_LLC
2012-10-20 06:06 . 2012-09-28 15:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C87FEC19-0360-4D7B-85D3-881D88ED8D0D}\gapaengine.dll
2012-10-19 15:00 . 2012-11-02 07:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-18 22:01 . 2012-10-18 22:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedMaxPc
2012-10-18 22:01 . 2012-10-20 09:55 -------- d-----w- c:\programdata\SpeedMaxPc
2012-10-18 22:01 . 2012-10-20 09:55 -------- d-----w- c:\program files (x86)\SpeedMaxPc
2012-10-18 15:24 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 06:21 . 2012-10-18 06:31 -------- d-----w- c:\users\gordon\DNT tool
2012-10-17 16:40 . 2012-11-01 07:03 -------- d-----w- c:\users\gordon\routerstats6.8a
2012-10-17 07:40 . 2012-10-26 15:10 -------- d-----w- c:\users\gordon\AppData\Roaming\Foxit Software
2012-10-16 18:15 . 2012-10-16 18:15 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-15 19:41 . 2012-09-18 23:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C0776C1-2287-4448-923C-2FD1C1D3CFAE}\mpengine.dll
2012-10-15 15:34 . 2012-10-16 09:53 -------- d-----w- c:\programdata\AVG
2012-10-15 15:34 . 2012-10-15 15:34 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-15 08:23 . 2012-10-16 17:41 -------- d-----w- c:\program files (x86)\RouterStats-Lite
2012-10-13 08:21 . 2012-10-13 08:21 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-11 19:28 . 2012-10-11 19:28 -------- d-----w- c:\users\gordon\AppData\Roaming\Google Chrome Backup
2012-10-11 11:47 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 11:47 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 11:20 . 2012-10-11 11:20 -------- d-----w- c:\users\gordon\AppData\Roaming\Serif
2012-10-11 10:51 . 2012-10-11 10:51 692224 ----a-w- c:\windows\SysWow64\libeay32.dll
2012-10-11 10:51 . 2012-10-11 10:51 151552 ----a-w- c:\windows\SysWow64\ssleay32.dll
2012-10-11 07:48 . 2012-10-11 07:48 -------- d-----w- c:\users\gordon\AppData\Local\jZip
2012-10-10 12:54 . 2012-10-10 12:54 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-09 19:58 . 2012-10-09 19:58 -------- d-----w- C:\d90620553d297e6b16f9
2012-10-09 17:30 . 2012-10-09 17:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-09 17:30 . 2012-10-09 17:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-09 11:37 . 2012-10-09 11:37 -------- d-----w- c:\users\gordon\NT user All
2012-10-06 18:29 . 2012-10-06 18:29 -------- d-----w- c:\users\gordon\AppData\Roaming\DriverCure
2012-10-06 09:54 . 2012-10-06 09:54 -------- d---a-w- c:\windows\system32\catroot2.old
2012-10-06 07:38 . 2012-09-28 15:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-06 07:35 . 2012-10-11 10:52 -------- d-----w- c:\users\gordon\AppData\Local\ElevatedDiagnostics
2012-10-03 21:02 . 2012-10-28 16:46 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-10-03 21:01 . 2012-10-03 21:01 -------- d-----w- c:\users\gordon\AppData\Local\Trusteer
2012-10-03 20:59 . 2012-10-03 20:59 -------- d-----w- c:\programdata\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 18:17 . 2012-10-16 18:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-12 18:09 . 2012-09-27 05:18 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-11 11:51 . 2012-09-25 16:23 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-02 19:51 . 2009-09-24 14:04 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2009-09-24 14:04 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2009-09-24 14:04 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2009-09-24 14:04 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2009-09-24 14:04 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-30 16:57 . 2012-09-30 16:57 45056 ----a-r- c:\users\gordon\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-09-29 17:27 . 2012-09-29 17:27 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-29 17:27 . 2012-09-29 17:27 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-09-29 17:27 . 2012-09-29 17:27 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-09-28 15:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-28 15:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-28 11:37 . 2012-09-28 11:37 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-28 11:37 . 2012-09-28 11:37 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-28 11:37 . 2012-09-28 11:37 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-25 16:31 . 2012-09-25 16:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-25 16:31 . 2012-09-25 16:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-25 16:31 . 2012-09-25 16:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-25 16:31 . 2012-09-25 16:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-25 16:31 . 2012-09-25 16:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-25 16:31 . 2012-09-25 16:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-25 16:31 . 2012-09-25 16:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-25 16:31 . 2012-09-25 16:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-25 16:31 . 2012-09-25 16:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-25 16:31 . 2012-09-25 16:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-25 16:31 . 2012-09-25 16:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-25 16:31 . 2012-09-25 16:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-25 16:31 . 2012-09-25 16:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-25 16:31 . 2012-09-25 16:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-25 16:31 . 2012-09-25 16:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-25 16:31 . 2012-09-25 16:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-25 16:31 . 2012-09-25 16:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-25 16:31 . 2012-09-25 16:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-25 16:31 . 2012-09-25 16:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-25 16:31 . 2012-09-25 16:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-25 16:31 . 2012-09-25 16:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-25 16:31 . 2012-09-25 16:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-25 16:31 . 2012-09-25 16:31 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-25 16:31 . 2012-09-25 16:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-25 16:31 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-25 16:31 . 2012-09-25 16:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-25 16:31 . 2012-09-25 16:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-25 16:31 . 2012-09-25 16:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-25 16:31 . 2012-09-25 16:31 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-25 16:31 . 2012-09-25 16:31 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-25 16:31 . 2012-09-25 16:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-25 16:31 . 2012-09-25 16:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-25 16:31 . 2012-09-25 16:31 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-25 16:31 . 2012-09-25 16:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-25 16:31 . 2012-09-25 16:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-25 16:31 . 2012-09-25 16:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-25 16:31 . 2012-09-25 16:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-25 16:31 . 2012-09-25 16:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-25 16:31 . 2012-09-25 16:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-25 16:31 . 2012-09-25 16:31 448512 ----a-w- c:\windows\system32\html.iec
2012-09-25 16:31 . 2012-09-25 16:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-25 16:31 . 2012-09-25 16:31 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-25 16:31 . 2012-09-25 16:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-25 16:31 . 2012-09-25 16:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-25 16:31 . 2012-09-25 16:31 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-25 16:31 . 2012-09-25 16:31 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-25 16:31 . 2012-09-25 16:31 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-25 16:31 . 2012-09-25 16:31 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-25 16:31 . 2012-09-25 16:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 16:31 . 2012-09-25 16:31 237056 ----a-w- c:\windows\system32\url.dll
2012-09-25 16:31 . 2012-09-25 16:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-25 16:31 . 2012-09-25 16:31 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-25 16:31 . 2012-09-25 16:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-25 16:31 . 2012-09-25 16:31 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-25 16:31 . 2012-09-25 16:31 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-25 16:31 . 2012-09-25 16:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-25 16:31 . 2012-09-25 16:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-25 16:31 . 2012-09-25 16:31 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-25 16:31 . 2012-09-25 16:31 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-25 16:31 . 2012-09-25 16:31 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-25 16:31 . 2012-09-25 16:31 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-25 16:31 . 2012-09-25 16:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-25 16:31 . 2012-09-25 16:31 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-25 16:31 . 2012-09-25 16:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-25 16:31 . 2012-09-25 16:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-25 16:31 . 2012-09-25 16:31 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-25 16:31 . 2012-09-25 16:31 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-25 16:31 . 2012-09-25 16:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-25 16:31 . 2012-09-25 16:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-25 16:31 . 2012-09-25 16:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-25 16:31 . 2012-09-25 16:31 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-12 14:33 . 2012-09-28 06:04 87152 ----a-w- c:\windows\system32\cpwmon64.dll
2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2012-08-30 21:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-29 05:49 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-29 05:49 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-29 05:49 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-29 05:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-30 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-25 19456]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-11-02 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-25 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-07-09 645952]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-07-09 27456]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-10-28 101688]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-23 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-10-28 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-10-28 297240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-01-14 135168]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-12-17 53920]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-07-09 7168]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2000-01-01 1258856]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-10-28 976728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-12-17 28832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2000-01-01 189288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 565352]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055155093-2603920669-3764954328-1000Core.job
- c:\users\gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 17:21]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055155093-2603920669-3764954328-1000UA.job
- c:\users\gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 17:21]
.
2012-11-02 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-10-14 14:29]
.
2012-11-01 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-10-19 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2012-06-26 21:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-12-17 613536]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-12-17 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,e7,76,
1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:59,a3,4c,ed,68,9e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,55,b9,ae,f8,f0,1a,42,a9,e7,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,55,b9,ae,f8,f0,1a,42,a9,e7,86,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-02 09:06:12
ComboFix-quarantined-files.txt 2012-11-02 09:06
ComboFix2.txt 2012-10-31 16:52
ComboFix3.txt 2012-10-31 16:33
.
Pre-Run: 561,934,585,856 bytes free
Post-Run: 561,876,008,960 bytes free
.
- - End Of File - - 86BFAE2FB413DACF1384CB0E413F0875
================================================================
Computer seems OK at the moment

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:12 PM

Posted 02 November 2012 - 04:45 PM

Please run the following:


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply



please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 03 November 2012 - 04:14 AM

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 09:06:25
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : gordon - GORDON-PC
# Boot Mode : Normal
# Running from : C:\Users\gordon\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\gordon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************
AdwCleaner[S2].txt - [720 octets] - [03/11/2012 09:06:25]

########## EOF - C:\AdwCleaner[S2].txt - [779 octets] ##########

===========================================================================================
AFAICS no outstanding issues.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:12 PM

Posted 03 November 2012 - 09:57 AM

We just have some housekeeping to do now,

Please do the following:


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


NEXT

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.



If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 poulner

poulner
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:12 PM

Posted 06 November 2012 - 06:31 AM

Thank you for help! All appears OK now, so thread may be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users