Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with iminent tool bar.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Dommer5000

Dommer5000

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 10 October 2013 - 03:36 PM

After installing Firefox, I noticed the iminent tool bar program in my programs list. I un-installed it successfully, ran a Malwarebytes full scan (which removed two Firefox components), but now I am concerned there still may be a security issue. I did not see any evidence of it operating in any of my browsers, but nonetheless, I am not happy that it ever appeared. Any help checking that that all is well would be much appreciated. 



BC AdBot (Login to Remove)

 


#2 Dommer5000

Dommer5000
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 11 October 2013 - 04:06 AM

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/04/2013 14:38:05
System Uptime: 11/10/2013 08:41:36 (2 hours ago)
.
Motherboard: CLEVO CO.                        |  | W240EU/W250EUQ/W270EUQ          
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz | SOCKET 0 | 1378/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 852.438 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: PCI Device
Device ID: PCI\VEN_10EC&DEV_5289&SUBSYS_02401558&REV_01\4&35B8490B&0&00E3
Manufacturer: 
Name: PCI Device
PNP Device ID: PCI\VEN_10EC&DEV_5289&SUBSYS_02401558&REV_01\4&35B8490B&0&00E3
Service: 
.
==== System Restore Points ===================
.
RP88: 03/10/2013 23:16:33 - Windows Update
RP89: 07/10/2013 18:11:01 - Windows Update
RP90: 08/10/2013 19:28:05 - Installed Java 7 Update 40
RP91: 10/10/2013 20:41:58 - Windows Update
.
==== Installed Programs ======================
.
888poker
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BetMost Poker
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Full Tilt Poker
Google Chrome
Google Update Helper
Holdem Manager 2
IBM SPSS Statistics 20
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 40
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Mouse and Keyboard Center
Microsoft Office Professional Plus 2013 - en-us
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Platform
PokerStars
PokerStars.fr
PokerStrategy.com Equilab
PostgreSQL 8.4
Rapport
REALTEK Bluetooth Driver
Realtek Ethernet Controller Driver
REALTEK Wireless LAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Sky Poker
Skype Click to Call
Skype™ 6.6
SpeedFan (remove only)
SpywareBlaster 5.0
TeamViewer 8
Trusteer Endpoint Protection
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VIA Platform Device Manager
WebDrive
Winamax Poker
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (04/13/2012 1.4.538.1)
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
11/10/2013 09:38:43, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
10/10/2013 21:43:52, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the RtkBleServ service to connect.
10/10/2013 20:41:39, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
10/10/2013 20:41:38, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
10/10/2013 20:41:38, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
08/10/2013 18:21:27, Error: Service Control Manager [7034]  - The Rapport Management Service service terminated unexpectedly.  It has done this 1 time(s).
06/10/2013 16:37:16, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

Edited by Dommer5000, 11 October 2013 - 04:10 AM.


#3 Dommer5000

Dommer5000
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 11 October 2013 - 04:24 AM

Note this problem was created by downloading Firefox via the EZ download link which should be avoided like the plague. 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 12 October 2013 - 10:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please run the DDS tool one more time and post the DDS.TXT log this time.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#5 Dommer5000

Dommer5000
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 12 October 2013 - 11:13 AM

# AdwCleaner v3.007 - Report created 12/10/2013 at 16:59:06
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Dom - DOM-PC
# Running from : C:\Users\Dom\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2064 octets] - [11/10/2013 10:32:29]
AdwCleaner[R1].txt - [874 octets] - [12/10/2013 16:57:40]
AdwCleaner[S0].txt - [2151 octets] - [11/10/2013 10:34:12]
AdwCleaner[S1].txt - [796 octets] - [12/10/2013 16:59:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [855 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x64
Ran by Dom on 12/10/2013 at 17:05:28.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Dom\appdata\local\adawarebp"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/10/2013 at 17:11:39.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 Dommer5000

Dommer5000
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 12 October 2013 - 11:28 AM

 
ComboFix 13-10-12.01 - Dom 12/10/2013  17:16:11.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.16275.13974 [GMT 1:00]
Running from: C:\Users\Dom\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 
 
(((((((((((((((((((((((((   Files Created from 2013-09-12 to 2013-10-12  )))))))))))))))))))))))))))))))
 
 
2013-10-12 16:24:06 . 2013-10-12 16:24:06 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-10-12 16:24:06 . 2013-10-12 16:24:06 -------- d-----w- C:\Users\postgres\AppData\Local\temp
2013-10-12 16:24:06 . 2013-10-12 16:24:06 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-10-12 16:11:18 . 2013-09-05 05:32:08 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9774295-7827-4CF0-9F86-C5D5D288D0DA}\mpengine.dll
2013-10-12 16:05:26 . 2013-10-12 16:05:26 -------- d-----w- C:\Windows\ERUNT
2013-10-11 09:29:44 . 2013-10-12 15:59:12 -------- d-----w- C:\AdwCleaner
2013-10-11 09:10:16 . 2013-10-11 09:10:42 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-10-10 20:15:59 . 2013-09-05 05:32:08 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-10 20:15:39 . 2013-10-10 20:40:10 -------- d-----w- C:\Program Files (x86)\SpeedFan
2013-10-09 19:51:27 . 2013-10-09 19:51:27 -------- d-----w- C:\Users\Dom\AppData\Local\Mozilla
2013-10-08 18:28:58 . 2013-10-08 18:28:59 -------- d-----w- C:\ProgramData\Oracle
2013-10-08 18:28:56 . 2013-10-08 18:28:56 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-10-08 18:28:48 . 2013-10-08 18:28:24 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-08 18:28:48 . 2013-10-08 18:28:24 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-10-08 18:28:39 . 2013-10-08 18:28:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 18:28:22 . 2013-10-08 18:28:22 -------- d-----w- C:\Program Files (x86)\Java
2013-10-08 18:27:17 . 2013-10-08 18:27:17 -------- d-----w- C:\ProgramData\McAfee
2013-10-07 11:51:44 . 2013-10-07 11:51:44 -------- d-----w- C:\Users\Dom\AppData\Roaming\com.orbis.air.SkyPoker
2013-10-07 11:51:36 . 2013-10-07 11:51:37 -------- d-----w- C:\Program Files (x86)\SkyPoker
2013-10-04 12:04:23 . 2013-10-04 12:04:23 -------- d-----w- C:\Program Files\iPod
2013-10-04 12:04:22 . 2013-10-04 12:05:27 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 12:04:22 . 2013-10-04 12:05:24 -------- d-----w- C:\Program Files\iTunes
2013-10-04 12:04:22 . 2013-10-04 12:05:22 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-03 00:07:51 . 2013-10-03 00:07:51 -------- d-----w- C:\Users\Dom\AppData\Roaming\cef-cache
2013-10-03 00:07:43 . 2013-10-03 00:07:43 -------- d-----w- C:\Users\Dom\AppData\Roaming\Party
2013-10-03 00:06:21 . 2013-10-03 00:06:21 -------- d-----w- C:\Programs
2013-10-02 12:48:45 . 2013-10-02 13:09:36 -------- d-----w- C:\Users\Dom\AppData\Roaming\PacificPoker
2013-10-02 12:48:32 . 2013-10-02 12:49:43 -------- d-----w- C:\Program Files (x86)\PacificPoker
2013-09-30 13:46:58 . 2013-09-30 13:46:58 -------- d-----w- C:\Users\Dom\AppData\Roaming\SPSSInc
2013-09-30 12:07:15 . 2013-09-30 12:07:15 -------- d--h--w- C:\ProgramData\WebDrive
2013-09-30 12:07:03 . 2013-09-30 12:07:08 -------- d-----w- C:\Program Files\WebDrive
2013-09-12 18:23:52 . 2013-09-12 18:23:52 -------- d-----w- C:\Users\Dom\AppData\Local\Diagnostics
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-10-10 20:07:08 . 2013-04-12 16:07:54 566480 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-10 19:49:42 . 2013-04-17 09:23:12 80541720 ----a-w- C:\Windows\system32\MRT.exe
2013-10-08 17:22:37 . 2013-07-06 12:27:43 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 17:22:37 . 2013-07-06 12:27:43 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-10 22:18:28 . 2013-04-15 20:24:18 295696 ----a-w- C:\Windows\system32\drivers\RapportKE64.sys
2013-09-05 21:04:44 . 2013-09-05 21:05:06 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD9FD7FF-6431-4730-844E-66A3EB3CB86B}\gapaengine.dll
2013-08-29 01:48:15 . 2013-10-09 19:06:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-22 12:39:26 . 2013-04-28 11:42:10 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-05 02:25:45 . 2013-09-10 22:52:27 155584 ----a-w- C:\Windows\system32\drivers\ataport.sys
2013-08-02 02:14:57 . 2013-09-10 22:52:10 215040 ----a-w- C:\Windows\system32\winsrv.dll
2013-08-02 02:13:34 . 2013-09-10 22:52:12 424448 ----a-w- C:\Windows\system32\KernelBase.dll
2013-08-02 02:13:34 . 2013-09-10 22:52:11 1161216 ----a-w- C:\Windows\system32\kernel32.dll
2013-08-02 02:12:47 . 2013-09-10 22:52:10 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-08-02 02:12:20 . 2013-09-10 22:52:09 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-10 22:52:08 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-10 22:52:08 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-10 22:52:08 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-10 22:52:07 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-10 22:52:07 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-10 22:52:07 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-10 22:51:58 6656 ----a-w- C:\Windows\system32\apisetschema.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:07 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:06 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:06 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:06 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:05 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:05 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:04 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:04 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:04 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:04 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-10 22:52:00 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-10 22:52:08 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-10 22:52:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-10 22:52:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-10 22:52:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-10 22:52:02 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-10 22:52:02 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-10 22:51:59 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50:42 . 2013-09-10 22:52:11 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:09 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:09 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:08 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:07 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:06 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:06 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:06 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:05 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:05 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:04 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:52:00 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-10 22:51:59 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-08-02 01:48:14 . 2013-09-10 22:52:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-10 22:52:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-10 22:52:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-10 22:52:00 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09:17 . 2013-09-10 22:52:10 338432 ----a-w- C:\Windows\system32\conhost.exe
2013-08-02 00:59:09 . 2013-09-10 22:52:11 112640 ----a-w- C:\Windows\system32\smss.exe
2013-08-02 00:43:05 . 2013-09-10 22:52:01 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-10 22:52:01 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-10 22:52:01 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-10 22:52:01 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24:57 . 2013-09-10 22:51:47 14172672 ----a-w- C:\Windows\system32\shell32.dll
2013-07-26 02:24:56 . 2013-09-10 22:51:45 197120 ----a-w- C:\Windows\system32\shdocvw.dll
2013-07-25 09:25:54 . 2013-08-14 19:41:00 1888768 ----a-w- C:\Windows\system32\WMVDECOD.DLL
2013-07-25 08:57:27 . 2013-08-14 19:41:00 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 . 2013-08-14 19:46:15 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-07-19 01:41:01 . 2013-08-14 19:46:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-10-10 20:10:28 1724616 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-10-10 20:10:28 1724616 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-10-10 20:10:28 1724616 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 22:24:42 423144]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 01:26:26 291648]
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-10 16:46:30 5119600]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 20:43:52 59720]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 01:23:16 152392]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 08:16:26 254336]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RtkBleServ;RtkBleServ;C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe;C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [x]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys;C:\Windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\Windows\system32\DRIVERS\RtkBtfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 RapportKE64;RapportKE64;C:\Windows\System32\Drivers\RapportKE64.sys;C:\Windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 BTDevManager;BTDevManager;C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe;C:\Windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 WebDriveFSD;WebDrive Filesystem Driver;C:\Program Files\WebDrive\wdfsd.sys;C:\Program Files\WebDrive\wdfsd.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;C:\Windows\system32\DRIVERS\point64.sys;C:\Windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtwlane.sys;C:\Windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys;C:\Windows\SYSNATIVE\drivers\viahduaa.sys [x]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-06 15:39:08 1185744 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2013-10-12 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-06 12:27:43 . 2013-10-08 17:22:38]
 
2013-10-12 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 15:42:16 . 2013-04-12 15:42:15]
 
2013-10-12 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 15:42:16 . 2013-04-12 15:42:15]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-10-10 20:10:34 2328264 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-10-10 20:10:34 2328264 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-10-10 20:10:34 2328264 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2010-05-25 13:57:50 1853440 ----a-w- C:\Windows\System32\wdShellExt.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtServer"="C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2012-03-23 15:55:22 419840]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2013-06-20 19:27:08 1356240]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-12-14 01:42:14 172144]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-12-14 01:42:10 399984]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-12-14 01:42:14 441968]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
IE: Send page to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
 
- - - - ORPHANS REMOVED - - - -
 
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/04/2013 14:38:05
System Uptime: 12/10/2013 16:59:59 (1 hours ago)
.
Motherboard: CLEVO CO.                        |  | W240EU/W250EUQ/W270EUQ          
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz | SOCKET 0 | 1586/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 852.559 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: PCI Device
Device ID: PCI\VEN_10EC&DEV_5289&SUBSYS_02401558&REV_01\4&35B8490B&0&00E3
Manufacturer: 
Name: PCI Device
PNP Device ID: PCI\VEN_10EC&DEV_5289&SUBSYS_02401558&REV_01\4&35B8490B&0&00E3
Service: 
.
==== System Restore Points ===================
.
RP88: 03/10/2013 23:16:33 - Windows Update
RP89: 07/10/2013 18:11:01 - Windows Update
RP90: 08/10/2013 19:28:05 - Installed Java 7 Update 40
RP91: 10/10/2013 20:41:58 - Windows Update
RP92: 12/10/2013 17:14:10 - ComboFix created restore point
.
==== Installed Programs ======================
.
888poker
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BetMost Poker
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Full Tilt Poker
Google Chrome
Google Update Helper
Holdem Manager 2
IBM SPSS Statistics 20
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 40
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Mouse and Keyboard Center
Microsoft Office Professional Plus 2013 - en-us
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Platform
PokerStars
PokerStars.fr
PokerStrategy.com Equilab
PostgreSQL 8.4
Rapport
REALTEK Bluetooth Driver
Realtek Ethernet Controller Driver
REALTEK Wireless LAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Sky Poker
Skype Click to Call
Skype™ 6.6
SpeedFan (remove only)
SpywareBlaster 5.0
TeamViewer 8
Trusteer Endpoint Protection
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VIA Platform Device Manager
WebDrive
Winamax Poker
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (04/13/2012 1.4.538.1)
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
12/10/2013 17:24:29, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
12/10/2013 17:13:54, Error: Service Control Manager [7034]  - The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================


#7 Dommer5000

Dommer5000
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 12 October 2013 - 11:30 AM

Currently, I can see no evidence that the iminent tool bar has had any lasting effect on my laptop, but I wanted to be sure. Thanks for for your help thus far. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 12 October 2013 - 01:02 PM

Looking good.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#9 Dommer5000

Dommer5000
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 12 October 2013 - 02:05 PM

Thank you SO much for your time/help. I will be donating again. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 13 October 2013 - 07:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users