Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows explorer hanging up, files on drive C will not delete etc [Sol


  • This topic is locked This topic is locked

#46
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Please boot into Safe Mode and run the AdwCleaner tool again using the same settings.
  • 0

Advertisements


#47
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Report run in Safe Mode


# AdwCleaner v3.022 - Report created 16/03/2014 at 21:27:14
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)
# Username : Hightorque UK - HIGHTORQUEUK-PC
# Running from : C:\Users\Hightorque UK\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Hightorque UK\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Hightorque UK\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Hightorque UK\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Hightorque UK\AppData\Roaming\uniblue
Folder Deleted : C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Neville\AppData\Local\AOL Toolbar
Folder Deleted : C:\Users\Neville\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Neville\AppData\LocalLow\Toolbar4
File Deleted : C:\Users\HIGHTO~1\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Hightorque UK\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Hightorque UK\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19507


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

[ File : C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18241 octets] - [16/03/2014 07:06:18]
AdwCleaner[R1].txt - [16995 octets] - [16/03/2014 08:38:08]
AdwCleaner[R2].txt - [17117 octets] - [16/03/2014 21:26:30]
AdwCleaner[S0].txt - [1828 octets] - [16/03/2014 07:10:33]
AdwCleaner[S1].txt - [363 octets] - [16/03/2014 08:42:15]
AdwCleaner[S2].txt - [16830 octets] - [16/03/2014 21:27:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [16891 octets] ##########
  • 0

#48
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. Please boot normally and download and run the following program.


Scan with JRT:

Posted Image Please download Junkware Removal Tool and save it to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The JRT.txt log
  • 0

#49
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
JRT Log



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista ™ Business x86
Ran by Hightorque UK on 17/03/2014 at 8:17:53.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Hightorque UK\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{00FE7AC8-79AD-4C0C-8E9C-42B395217C6C}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{0357DE83-8D8E-4B1B-9E8C-A5EF0BD9820D}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{0FF82537-B218-4738-A444-37DDE69480AB}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{15CEEAC6-917A-40A5-9D68-906BC66B426A}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{1735EC7B-3AAD-47E5-B9B8-69698E624106}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{29BF08A3-B5F6-4E09-9459-579FF1D73746}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{2D532699-88F9-4FD6-8AD7-D4FC46A9E09C}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{33FEF386-B360-421E-93A9-F2B7EE3B1E9A}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{3BBBC7E8-F5B4-4B85-970C-2365ABBCEFF5}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{4952007A-7C4F-401F-A2F2-B2D13888FEDF}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{52862E4A-D3BE-47FE-B847-53B5DD6E7B89}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{56503789-201B-4412-930B-5AE5E497B7D5}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{580105A9-80F4-42C5-8174-12D0FB90BE7D}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{590B107F-D893-4523-B009-90A89A39AE3B}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{59F416E4-33B0-4C80-8A95-94597C55BE4B}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{62A3330E-1B56-4916-9FCA-E1318133F15A}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{631E70E1-FAC5-4F83-BF0B-CA5E9E0160D3}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{75069DD7-4789-4F6F-86DD-ED064451AE7A}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{7DF8462B-6BF2-4130-918B-4C36D41F7D86}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{818D8610-1C8F-428F-B2C2-70F924F3A4DF}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{83039CE3-5127-4D48-BF11-F293C463472F}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{89619DB0-269F-47F9-AA02-62C9BA09E42F}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{96CE5738-CC51-4FBC-AFA9-1012B4D56299}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{AB096BE0-3D02-4A80-AC0E-12D5339C0B99}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{CBE47370-4E19-45CB-BF9D-B27787DA0642}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{E8EDD8B3-FB22-4BC0-B289-1FADDE3AC74B}
Successfully deleted: [Empty Folder] C:\Users\Hightorque UK\appdata\local\{F3D16F14-5E53-44B7-A5D4-0E8CDF6165AF}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/03/2014 at 8:40:38.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#50
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Please get me a fresh OTL scan using the settings below.
Have you ever cleaned the IE temporary files?


Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console<---Very Important
    NOTE: There won't be a Include 64bit Scans box at the top of the console because this is a 32-bit system.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question above.
2. The new OTL.txt log
  • 0

#51
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
OTL text


OTL logfile created on: 17/03/2014 18:40:05 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hightorque UK\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19507)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.99% Memory free
6.14 Gb Paging File | 4.12 Gb Available in Paging File | 67.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 90.83 Gb Free Space | 31.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.42 Gb Free Space | 44.15% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 171.75 Gb Free Space | 57.62% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 36.71 Gb Free Space | 32.84% Space Free | Partition Type: NTFS
Drive H: | 931.28 Gb Total Space | 365.12 Gb Free Space | 39.21% Space Free | Partition Type: FAT32

Computer Name: HIGHTORQUEUK-PC | User Name: Hightorque UK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 11:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hightorque UK\Downloads\OTL.exe
PRC - [2014/01/23 19:04:28 | 006,292,472 | ---- | M] (Activeris) -- C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe
PRC - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/18 07:47:14 | 003,795,160 | ---- | M] (Speedbit Ltd.) -- C:\Programs\DAP\DAP.exe
PRC - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/08/27 15:57:32 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/13 15:22:10 | 001,493,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
PRC - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/16 15:18:28 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/03/16 15:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1255507870\ee\aolsoftware.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 15:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/19 06:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/19 06:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/08/15 16:53:36 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtserv.exe
PRC - [2008/05/08 05:24:04 | 004,483,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Virtual PC\Virtual PC.exe
PRC - [2008/02/25 10:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE


========== Modules (No Company Name) ==========

MOD - [2014/02/14 07:40:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/14 07:39:58 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9f3c96d8466cab4684312622d13781b7\CustomMarshalers.ni.dll
MOD - [2014/02/14 07:39:50 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\032ab8e56366d48dc3f04b6eb7bc8c9f\System.Runtime.Serialization.ni.dll
MOD - [2014/02/14 07:39:46 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a8726347d3e5269f6d4fcb972341898c\SMDiagnostics.ni.dll
MOD - [2014/02/14 07:39:45 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1120b79bc6e03a4c84832103d1f05b67\System.ServiceModel.ni.dll
MOD - [2014/02/14 07:38:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\73726634ae4a00a21279a6a66b081301\System.ServiceProcess.ni.dll
MOD - [2014/02/14 07:38:44 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\890433199e7e462f76600e3aa64e435e\System.Web.Services.ni.dll
MOD - [2014/02/14 07:38:36 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.ni.dll
MOD - [2014/02/14 07:38:35 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\24c666e940e61baf4d33315346a03ab6\System.Transactions.ni.dll
MOD - [2014/02/14 07:38:32 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2183861863b3c98036f0d75f303d2a65\System.Web.ni.dll
MOD - [2014/02/14 07:37:58 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3cf321fb70231d473d99105a582c23e1\System.Deployment.ni.dll
MOD - [2014/02/14 07:37:49 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/14 06:59:40 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/14 06:58:56 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/14 06:58:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/14 06:58:05 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\2abd059b5e13d704f38c2179c01fff3a\System.Data.ni.dll
MOD - [2014/02/14 06:57:54 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd996f730710dbbac36cba28f7214b29\System.Core.ni.dll
MOD - [2014/02/13 22:47:33 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/13 22:47:11 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2014/01/23 19:04:34 | 001,718,264 | ---- | M] () -- C:\Program Files\Activeris AntiMalware\acrissys.dll
MOD - [2014/01/17 06:56:24 | 000,010,752 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
MOD - [2014/01/17 06:56:22 | 000,012,800 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
MOD - [2014/01/17 06:56:15 | 000,012,800 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
MOD - [2014/01/17 06:56:07 | 000,010,240 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
MOD - [2014/01/17 06:56:03 | 000,011,776 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
MOD - [2013/10/21 07:44:45 | 000,009,216 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\AddonsCondition.dll
MOD - [2012/09/26 15:31:16 | 000,886,272 | ---- | M] () -- C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll
MOD - [2011/11/25 08:15:36 | 000,057,344 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSLOG.DLL
MOD - [2010/03/14 17:01:05 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/03/30 04:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 04:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/03/30 04:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2006/07/17 16:56:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSEVENT.DLL
MOD - [2006/07/17 16:56:32 | 000,024,576 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSERROR.DLL
MOD - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
MOD - [2006/07/17 16:44:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSREG.DLL
MOD - [2006/07/17 16:40:50 | 000,016,384 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SMSG.DLL


========== Services (SafeList) ==========

SRV - [2014/03/12 14:38:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/16 15:18:28 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/01/18 13:21:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/08/19 06:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/08/15 16:53:36 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 10:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/21 02:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netfilter.sys -- (netfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HIGHTO~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HIGHTO~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/12/13 06:33:17 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/10/25 02:34:18 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/10/25 02:34:18 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/01 10:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/12/01 10:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2009/12/31 15:56:38 | 000,177,748 | ---- | M] (Divio Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcam.sys -- (DCamUSBNW802)
DRV - [2009/11/16 03:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/10/21 06:38:35 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/26 17:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/08/19 07:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 07:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/02/05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/21 02:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/29 22:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{86789896-718A-4BDD-93BC-10B967B0B5FC}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 8A F6 F7 95 A3 CC 01 [binary data]
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\SearchScopes\{7382B45C-D8A1-4143-8EE6-B25852BFA719}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\SearchScopes\FFF9366C2DEB4E6B8AE77F135949B1E9: "URL" = http://search.speedb...q={searchTerms}
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 09:20:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programs\DAP\daplinkchecker [2013/10/18 07:50:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Programs\DAP\DAPFireFox [2013/10/18 07:50:48 | 000,000,000 | ---D | M]

[2010/07/23 10:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hightorque UK\AppData\Roaming\Mozilla\Extensions
[2010/07/23 10:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hightorque UK\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = http://www.google.com,
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DAP Link Checker = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_1\
CHR - Extension: Google Search = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Google Wallet = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/09/01 12:17:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Programs\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programs\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1255507870\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [DAP10] C:\Programs\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [DownloadAccelerator] C:\Programs\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [NBJ] File not found
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Programs\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Programs\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Programs\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Programs\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..Trusted Domains: rapidgator.net ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..Trusted Domains: rapidgator.net ([www] http in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{625F0475-6EA3-4FEA-B9C8-224019DDD165}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2014/03/17 08:17:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/17 08:06:17 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Hightorque UK\Desktop\JRT.exe
[2014/03/16 07:06:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/15 20:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/03/15 05:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/03/15 05:17:49 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Activeris
[2014/03/15 05:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
[2014/03/15 05:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Activeris
[2014/03/15 05:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Activeris AntiMalware
[2014/03/15 05:17:06 | 000,784,968 | ---- | C] (Reimage®) -- C:\TRANSLATE
[2014/03/15 05:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
[2014/03/14 06:52:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/14 06:52:45 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/14 06:52:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2014/03/14 06:52:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/03/14 06:52:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/03/14 06:52:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/14 06:52:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/03/14 06:52:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/03/14 06:52:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/14 06:52:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/14 06:52:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/14 06:52:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/14 06:52:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/03/14 06:52:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/03/14 06:52:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/14 06:52:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/14 06:52:36 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/14 06:52:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2014/03/14 06:52:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/03/14 06:52:34 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/14 06:52:32 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/14 06:52:30 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/14 06:50:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/03/12 06:41:47 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/10 08:55:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/08 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\iPubsoft files
[2014/03/08 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\iPubsoft
[2014/03/08 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\iPubsoft
[2014/03/08 09:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPubsoft
[2014/03/08 09:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPubsoft
[2014/03/08 09:39:08 | 003,692,780 | ---- | C] (iPubsoft ) -- C:\Users\Hightorque UK\Desktop\ipub-word2pdf-converter.exe
[2014/03/06 13:34:51 | 000,000,000 | ---D | C] -- C:\eBooks
[2014/03/06 13:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to ePUB Mobi Converter
[2014/03/06 13:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\PDF to ePUB Mobi Converter
[2014/03/04 17:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/04 17:33:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/03 11:19:45 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\damaged_parcel
[2014/03/01 06:54:44 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/02/25 13:34:48 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Roxio Log Files
[2014/02/24 18:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeSoft
[2014/02/24 18:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/02/22 11:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/22 07:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Plugins
[2014/02/21 14:58:21 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV
[2014/02/19 08:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7c
[2014/02/18 10:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/18 10:09:20 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/02/17 14:05:01 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\My Kindle Content
[2014/02/17 10:15:21 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\TSM4
[2014/02/17 10:13:13 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\TSM
[2014/02/16 12:45:23 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\.android
[2014/02/16 12:45:12 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Local\cache
[2014/02/15 20:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB to MOBI
[2014/02/15 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\EPUB to MOBI
[2011/03/03 09:38:21 | 014,117,728 | ---- | C] (IObit ) -- C:\Users\Hightorque UK\is360setup.exe
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Hightorque UK\*.tmp files -> C:\Users\Hightorque UK\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/17 18:54:11 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95D5E3F6-1BC2-48DA-87DA-387FB7EB0FB8}.job
[2014/03/17 18:52:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1187167D-694A-4D97-9748-C1A6B331311F}.job
[2014/03/17 18:38:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/17 18:22:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/17 17:31:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/17 17:31:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/17 11:19:38 | 000,002,435 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Betting Assistant.lnk
[2014/03/17 09:30:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/17 09:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/17 09:30:16 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/17 08:12:53 | 000,000,878 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\msseces.exe - Shortcut.lnk
[2014/03/17 08:06:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Hightorque UK\Desktop\JRT.exe
[2014/03/16 07:04:31 | 001,950,720 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\AdwCleaner.exe
[2014/03/15 20:44:20 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/15 13:44:36 | 000,649,822 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/15 13:44:36 | 000,125,862 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/15 06:01:10 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/03/15 05:17:43 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Activeris AntiMalware.lnk
[2014/03/15 05:17:16 | 000,784,968 | ---- | M] (Reimage®) -- C:\TRANSLATE
[2014/03/15 03:23:32 | 000,786,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/14 16:15:24 | 000,000,513 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\OTL.exe - Shortcut.lnk
[2014/03/14 12:27:54 | 000,000,512 | ---- | M] () -- C:\Users\Hightorque UK\Documents\MBR.dat
[2014/03/14 07:08:28 | 000,000,624 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\TFC.exe - Shortcut.lnk
[2014/03/14 07:07:55 | 000,000,631 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\FRST.exe - Shortcut.lnk
[2014/03/12 14:38:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/12 14:38:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/12 11:07:04 | 000,224,768 | ---- | M] () -- C:\Users\Hightorque UK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/10 08:13:34 | 000,000,710 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Norton_Removal_Tool.exe - Shortcut.lnk
[2014/03/08 10:19:44 | 383,168,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/08 09:39:51 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\iPubsoft Word to PDF Converter.lnk
[2014/03/08 09:39:13 | 003,692,780 | ---- | M] (iPubsoft ) -- C:\Users\Hightorque UK\Desktop\ipub-word2pdf-converter.exe
[2014/03/07 09:39:23 | 000,000,897 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\PDFToePUB.exe - Shortcut.lnk
[2014/03/07 09:10:14 | 000,070,664 | ---- | M] () -- C:\Users\Hightorque UK\Documents\Inv141667.pdf
[2014/03/06 13:32:21 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\PDF to ePUB Mobi Converter.lnk
[2014/03/06 12:13:43 | 000,000,680 | ---- | M] () -- C:\Users\Hightorque UK\AppData\Local\d3d9caps.dat
[2014/03/04 17:34:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/04 11:04:12 | 000,000,524 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\New - Shortcut.lnk
[2014/03/03 11:19:45 | 006,754,680 | ---- | M] () -- C:\Users\Hightorque UK\Documents\damaged_parcel.zip
[2014/02/28 14:18:02 | 000,000,876 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Norton Installation Files.lnk
[2014/02/25 13:38:18 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2014/02/23 17:44:42 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/23 17:44:35 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2014/02/23 17:44:34 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/23 17:44:34 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/02/23 17:44:33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/02/23 17:44:32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/23 17:44:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/23 17:44:31 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/02/23 17:44:31 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/02/23 17:44:31 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/23 17:44:31 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/02/23 17:44:31 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/02/23 17:44:31 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/02/23 17:44:27 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2014/02/23 16:45:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/02/23 16:38:31 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/02/23 16:38:28 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/23 16:38:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/02/23 16:38:15 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/23 08:29:04 | 000,001,957 | ---- | M] () -- C:\Users\Hightorque UK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/21 14:58:23 | 000,000,945 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\OutfoxTV.lnk
[2014/02/19 13:14:23 | 000,059,059 | ---- | M] () -- C:\Users\Hightorque UK\Documents\inv141597.html
[2014/02/19 08:37:21 | 000,000,909 | ---- | M] () -- C:\Users\Hightorque UK\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2014/02/19 08:37:18 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
[2014/02/19 07:06:47 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/19 00:20:57 | 000,018,432 | ---- | M] () -- C:\Users\Hightorque UK\Documents\[email protected]_com.eml
[2014/02/18 10:40:24 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/18 09:38:45 | 000,070,404 | ---- | M] () -- C:\Users\Hightorque UK\Documents\inv141599.pdf
[2014/02/16 09:09:33 | 000,000,804 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\epubtomobi.exe - Shortcut.lnk
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Hightorque UK\*.tmp files -> C:\Users\Hightorque UK\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/17 08:12:53 | 000,000,878 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\msseces.exe - Shortcut.lnk
[2014/03/17 07:57:05 | 3184,513,024 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/16 07:04:23 | 001,950,720 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\AdwCleaner.exe
[2014/03/15 05:17:43 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Activeris AntiMalware.lnk
[2014/03/15 05:17:20 | 000,016,384 | ---- | C] () -- C:\Windows\System32\acrisnative32.exe
[2014/03/15 05:04:28 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/03/14 16:15:24 | 000,000,513 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\OTL.exe - Shortcut.lnk
[2014/03/14 12:27:54 | 000,000,512 | ---- | C] () -- C:\Users\Hightorque UK\Documents\MBR.dat
[2014/03/14 07:08:31 | 000,000,624 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\TFC.exe - Shortcut.lnk
[2014/03/14 07:08:00 | 000,000,631 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\FRST.exe - Shortcut.lnk
[2014/03/10 08:13:39 | 000,000,710 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\Norton_Removal_Tool.exe - Shortcut.lnk
[2014/03/08 09:39:50 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\iPubsoft Word to PDF Converter.lnk
[2014/03/07 09:39:23 | 000,000,897 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\PDFToePUB.exe - Shortcut.lnk
[2014/03/07 09:10:12 | 000,070,664 | ---- | C] () -- C:\Users\Hightorque UK\Documents\Inv141667.pdf
[2014/03/06 13:32:20 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\PDF to ePUB Mobi Converter.lnk
[2014/03/04 17:34:15 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/04 11:04:26 | 000,000,524 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\New - Shortcut.lnk
[2014/03/04 08:06:54 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/03 11:18:52 | 006,754,680 | ---- | C] () -- C:\Users\Hightorque UK\Documents\damaged_parcel.zip
[2014/02/25 13:38:16 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2014/02/22 11:59:12 | 000,001,957 | ---- | C] () -- C:\Users\Hightorque UK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/22 11:59:12 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/21 14:58:22 | 000,000,945 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\OutfoxTV.lnk
[2014/02/19 13:14:23 | 000,059,059 | ---- | C] () -- C:\Users\Hightorque UK\Documents\inv141597.html
[2014/02/18 10:17:26 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/02/18 10:11:09 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/18 09:38:43 | 000,070,404 | ---- | C] () -- C:\Users\Hightorque UK\Documents\inv141599.pdf
[2014/02/16 09:09:33 | 000,000,804 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\epubtomobi.exe - Shortcut.lnk
[2013/08/11 19:07:17 | 000,224,041 | ---- | C] () -- C:\Users\Hightorque UK\Northampton_Milton_Keynes_Leighton_Buzzard_London.pdf
[2013/04/30 13:32:14 | 000,282,624 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\SettingsDB.sdf
[2012/11/22 08:19:20 | 000,013,399 | ---- | C] () -- C:\Users\Hightorque UK\248.pdf
[2012/11/19 16:19:07 | 000,013,535 | ---- | C] () -- C:\Users\Hightorque UK\247.pdf
[2012/11/19 09:15:24 | 000,013,456 | ---- | C] () -- C:\Users\Hightorque UK\246.pdf
[2012/11/19 08:05:09 | 000,013,446 | ---- | C] () -- C:\Users\Hightorque UK\245.pdf
[2012/11/11 19:29:13 | 000,013,438 | ---- | C] () -- C:\Users\Hightorque UK\243.pdf
[2012/11/05 20:36:21 | 000,013,412 | ---- | C] () -- C:\Users\Hightorque UK\242.pdf
[2012/10/27 08:53:01 | 000,013,419 | ---- | C] () -- C:\Users\Hightorque UK\241.pdf
[2012/10/24 08:08:34 | 000,013,434 | ---- | C] () -- C:\Users\Hightorque UK\240.pdf
[2012/10/20 06:53:25 | 000,000,000 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\.NANotifyHere
[2012/10/05 15:42:42 | 000,013,395 | ---- | C] () -- C:\Users\Hightorque UK\237.pdf
[2012/10/05 15:42:26 | 000,013,393 | ---- | C] () -- C:\Users\Hightorque UK\236.pdf
[2012/09/29 06:53:56 | 000,013,400 | ---- | C] () -- C:\Users\Hightorque UK\235.pdf
[2012/09/20 14:40:24 | 000,013,497 | ---- | C] () -- C:\Users\Hightorque UK\234.pdf
[2012/09/18 07:37:21 | 000,013,549 | ---- | C] () -- C:\Users\Hightorque UK\233.pdf
[2012/09/15 18:48:01 | 000,013,382 | ---- | C] () -- C:\Users\Hightorque UK\232.pdf
[2012/09/05 09:49:38 | 000,013,481 | ---- | C] () -- C:\Users\Hightorque UK\231.pdf
[2012/09/04 12:20:38 | 000,005,102 | ---- | C] () -- C:\Users\Hightorque UK\page.pdf
[2012/09/03 12:16:39 | 000,060,285 | ---- | C] () -- C:\Users\Hightorque UK\RE-1201012735.pdf
[2012/03/16 11:02:58 | 000,014,412 | ---- | C] () -- C:\Users\Hightorque UK\Invoice R Gorry.pdf
[2012/02/10 09:30:35 | 000,000,000 | ---- | C] () -- C:\Users\Hightorque UK\chkdsk
[2011/09/01 15:29:54 | 009,395,499 | ---- | C] () -- C:\Users\Hightorque UK\smartstampsetup3.0.0.8XP.zip
[2010/08/25 09:54:17 | 000,000,780 | ---- | C] () -- C:\Users\Hightorque UK\.recently-used.xbel
[2010/06/18 14:40:14 | 000,000,340 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\wklnhst.dat
[2009/12/09 11:43:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/24 08:39:59 | 000,178,688 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2009/10/22 15:21:53 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/10/14 09:24:51 | 000,000,680 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Local\d3d9caps.dat
[2009/10/13 13:50:47 | 000,224,768 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 11:05:29 | 000,000,008 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\usb.dat.bin

========== ZeroAccess Check ==========

[2006/11/02 12:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/01 07:22:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Genie-Soft
[2010/02/24 13:28:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/04/01 07:22:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Genie-Soft
[2010/02/24 13:28:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2012/04/27 07:04:15 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\1Million Ltd
[2010/05/08 11:31:06 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\8941552A24D5D328DC13B138230BD8B4
[2011/02/18 14:22:54 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\acccore
[2014/03/15 05:17:49 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Activeris
[2011/05/03 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Alibre Design
[2011/06/26 09:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Betting Assistant
[2010/03/01 11:20:08 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Chinaweal Longteng
[2010/02/16 14:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/31 12:01:37 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\CrashPlan
[2011/04/05 13:09:31 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\DraftSight
[2012/02/10 09:36:48 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\EMCO
[2011/04/01 07:23:44 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Genie-Soft
[2014/02/18 23:35:04 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\go
[2009/10/27 11:46:31 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\GoodSync
[2013/12/11 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Gruss Software
[2009/11/24 11:36:38 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Infacta
[2010/06/21 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\inkscape
[2014/03/08 09:39:55 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\iPubsoft
[2013/02/07 14:14:25 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Research In Motion
[2009/10/13 13:02:16 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Serif
[2010/06/18 14:40:16 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Template
[2010/07/23 10:19:12 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\TomTom
[2009/12/18 09:45:40 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Trusteer
[2011/04/17 18:55:29 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Windows Live Writer
[2009/12/23 16:18:02 | 000,000,000 | ---D | M] -- C:\Users\Neville\AppData\Roaming\Blitware
[2009/10/27 17:21:07 | 000,000,000 | ---D | M] -- C:\Users\Neville\AppData\Roaming\GoodSync
[2009/12/23 16:17:48 | 000,000,000 | ---D | M] -- C:\Users\Neville\AppData\Roaming\Infacta
[2009/12/19 10:07:39 | 000,000,000 | ---D | M] -- C:\Users\Neville\AppData\Roaming\Trusteer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 09:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 02:24:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 02:24:42 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 06:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 06:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 14:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 06:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 02:24:58 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 04:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 06:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 15:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 02:25:28 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 06:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 02:24:35 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 06:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 06:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 02:25:20 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 02:24:39 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 02:24:49 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 02:24:11 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 02:25:11 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 06:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 14:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 14:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 06:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 02:24:45 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 06:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 02:24:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 14:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 06:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 16:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 11:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 06:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 18:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 06:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 11:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 06:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 06:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 06:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 06:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 02:23:52 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 02:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 06:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 06:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 06:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 06:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 06:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 22:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 06:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 19:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 11:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2009/04/11 16:40:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/11 16:40:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 16:40:23 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 16:40:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: RPCSS.DLL >
[2009/10/09 04:17:05 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/21 02:24:32 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\ERDNT\cache\rpcss.dll
[2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/10/09 04:17:05 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/10/09 04:17:06 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/10/09 04:17:06 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 02:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 02:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 02:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 02:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< c:\program files (x86)\Google\Desktop >
[2006/11/02 13:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 13:01:23 | 000,032,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/13 10:05:53 | 000,000,434 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{95D5E3F6-1BC2-48DA-87DA-387FB7EB0FB8}.job
[2009/10/23 06:42:16 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 06:42:16 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/12/14 16:28:46 | 000,000,422 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1187167D-694A-4D97-9748-C1A6B331311F}.job
[2012/04/16 06:27:21 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is C854-A80F
Directory of C:\
13/10/2009 10:00 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
13/10/2009 10:00 <JUNCTION> Application Data [C:\ProgramData]
13/10/2009 10:00 <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/10/2009 10:00 <JUNCTION> Documents [C:\Users\Public\Documents]
13/10/2009 10:00 <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/10/2009 10:00 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/10/2009 10:00 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
13/10/2009 10:00 <SYMLINKD> All Users [C:\ProgramData]
13/10/2009 10:00 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
13/10/2009 10:00 <JUNCTION> Application Data [C:\ProgramData]
13/10/2009 10:00 <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/10/2009 10:00 <JUNCTION> Documents [C:\Users\Public\Documents]
13/10/2009 10:00 <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/10/2009 10:00 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/10/2009 10:00 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
13/10/2009 10:00 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
13/10/2009 10:00 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
13/10/2009 10:00 <JUNCTION> My Documents [C:\Users\Default\Documents]
13/10/2009 10:00 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/10/2009 10:00 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/10/2009 10:00 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
13/10/2009 10:00 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
13/10/2009 10:00 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
13/10/2009 10:00 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
13/10/2009 10:00 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
13/10/2009 10:00 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
13/10/2009 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
13/10/2009 10:00 <JUNCTION> My Music [C:\Users\Default\Music]
13/10/2009 10:00 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
13/10/2009 10:00 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Hightorque UK
13/10/2009 10:03 <JUNCTION> Application Data [C:\Users\Hightorque UK\AppData\Roaming]
13/10/2009 10:03 <JUNCTION> Cookies [C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Cookies]
13/10/2009 10:03 <JUNCTION> Local Settings [C:\Users\Hightorque UK\AppData\Local]
13/10/2009 10:03 <JUNCTION> My Documents [C:\Users\Hightorque UK\Documents]
13/10/2009 10:03 <JUNCTION> NetHood [C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/10/2009 10:03 <JUNCTION> PrintHood [C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/10/2009 10:03 <JUNCTION> Recent [C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Recent]
13/10/2009 10:03 <JUNCTION> SendTo [C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\SendTo]
13/10/2009 10:03 <JUNCTION> Start Menu [C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Start Menu]
13/10/2009 10:03 <JUNCTION> Templates [C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Hightorque UK\AppData\Local
13/10/2009 10:03 <JUNCTION> Application Data [C:\Users\Hightorque UK\AppData\Local]
13/10/2009 10:03 <JUNCTION> History [C:\Users\Hightorque UK\AppData\Local\Microsoft\Windows\History]
13/10/2009 10:03 <JUNCTION> Temporary Internet Files [C:\Users\Hightorque UK\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Hightorque UK\Documents
13/10/2009 10:03 <JUNCTION> My Music [C:\Users\Hightorque UK\Music]
13/10/2009 10:03 <JUNCTION> My Pictures [C:\Users\Hightorque UK\Pictures]
13/10/2009 10:03 <JUNCTION> My Videos [C:\Users\Hightorque UK\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Neville
14/10/2009 09:20 <JUNCTION> Application Data [C:\Users\Neville\AppData\Roaming]
14/10/2009 09:20 <JUNCTION> Cookies [C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Cookies]
14/10/2009 09:20 <JUNCTION> Local Settings [C:\Users\Neville\AppData\Local]
14/10/2009 09:20 <JUNCTION> My Documents [C:\Users\Neville\Documents]
14/10/2009 09:20 <JUNCTION> NetHood [C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/10/2009 09:20 <JUNCTION> PrintHood [C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/10/2009 09:20 <JUNCTION> Recent [C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Recent]
14/10/2009 09:20 <JUNCTION> SendTo [C:\Users\Neville\AppData\Roaming\Microsoft\Windows\SendTo]
14/10/2009 09:20 <JUNCTION> Start Menu [C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Start Menu]
14/10/2009 09:20 <JUNCTION> Templates [C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Neville\AppData\Local
14/10/2009 09:20 <JUNCTION> Application Data [C:\Users\Neville\AppData\Local]
14/10/2009 09:20 <JUNCTION> History [C:\Users\Neville\AppData\Local\Microsoft\Windows\History]
14/10/2009 09:20 <JUNCTION> Temporary Internet Files [C:\Users\Neville\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Neville\Documents
14/10/2009 09:20 <JUNCTION> My Music [C:\Users\Neville\Music]
14/10/2009 09:20 <JUNCTION> My Pictures [C:\Users\Neville\Pictures]
14/10/2009 09:20 <JUNCTION> My Videos [C:\Users\Neville\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
13/10/2009 10:00 <JUNCTION> My Music [C:\Users\Public\Music]
13/10/2009 10:00 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
13/10/2009 10:00 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
08/10/2009 18:41 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
25/02/2014 13:35 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2009 18:41 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
25/02/2014 13:35 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
08/10/2009 18:41 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2009 18:41 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/10/2009 18:41 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
72 Dir(s) 95,339,573,248 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 929 bytes -> C:\Users\Hightorque UK\Documents\[email protected]_com.eml:OECustomProperty
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >
  • 0

#52
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Hi
For your information, file deletion appears to be working OK again on drive C
  • 0

#53
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

For your information, file deletion appears to be working OK again on drive C

That's good news. :) We're making progress.
I see a new program on the computer, Activeris Antimalware, did you install this on 3/15/2014?


Delete IE TEMP Files

Close all browsers and open windows.

  • Open Internet Options by clicking the Start Posted Image button, clicking Control Panel, clicking Network and Internet.
  • Under the Internet Options section, click Delete browsing history and cookies. The Internet Properties window will open.
  • In the Browsing history section click the Delete... button. The Delete Browsing History page will open.
  • Select the Preserve Favorites website data check box if you do not want to delete the cookies and files associated with websites in your Favorites list.
  • Select the check box next to the following:
    • Temporary Internet Files
    • Cookies
    • Cache
  • Remove the check marks from any other boxes unless you want them cleared also.
  • Click the Delete button. NOTE: This could take awhile if you have a lot of files and history.

    Back on the Internet Properties window:
  • In the Browsing history section, check the box next to Delete browsing history on exit. This will delete the TEMP files every time you close the IE browser and they won't build up.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question about the Antiveris Antimalware program
2. Let m know how deleting the files in IE went.
  • 0

#54
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Antiveris Antimalware must have been another "piggyback", I have uninstalled the program

IE I already ahd the Delete Browsing History on exit ticked.

Deleting history took about one second
  • 0

#55
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Antiveris Antimalware must have been another "piggyback", I have uninstalled the program

These 3rd party programs being bundled with a program that you want are starting to become a real problem. Some legitimate programs have started including them. I know they have to genetate revenue so that they can keep their programs free but, as you can see, it is starting to become a real issue.
Most programs have a box for the programs that are bundled with the download and you can uncheck that box before you download the program and avoid the bundled program(s). Java, FlashPlayer, Adobe Reader and others all work that way.
But some programs don't give the option not to download the bundled program. If I don't see an option to exclude 3rd party programs, toolbars, etc; before downloading, when I install the program I will choose Custom Install from the install menu. If any bundled programs have been included with the program you wanted to download they will normally show up there. Then you can just uncheck the box for any program(s) that you didn't want and install just the program you wanted. That's gotten to be standard way I install downloaded programs that are free. It's getting to be the only way that you can stop a lot of this rubbish from installing and causing havoc on your machine.

IE I already ahd the Delete Browsing History on exit ticked.
Deleting history took about one second

Understood. The reason I asked to do that was because the first OTL fix hung at emptying the Norton files and the TFC program also got hung. We are gonna run another OTL fix. If this one stops responding please look at the bottom of the OTL window and tell me where it was when if got hung. If it is on Emptying Temp Files it may take it a while to complete so just let it run.

There are several things to do here. Just take your time and if you have any questions stop and ask me. It may be helpful to print these instructions out or save them to a text file before you start so you will have them handy.


Step-1.

Posted Image OTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/01/23 19:04:28 | 006,292,472 | ---- | M] (Activeris) -- C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe
MOD - [2014/01/23 19:04:34 | 001,718,264 | ---- | M] () -- C:\Program Files\Activeris AntiMalware\acrissys.dll
MOD - [2012/09/26 15:31:16 | 000,886,272 | ---- | M] () -- C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HIGHTO~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [NBJ] File not found
[2014/03/15 05:17:49 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Activeris
[2014/03/15 05:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
[2014/03/15 05:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Activeris
[2014/03/15 05:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Activeris AntiMalware
[2014/03/15 05:17:49 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Activeris

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Reset/Delete a Search engine in Chrome

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the "Search" section.
  • Click Manage search engines.
  • Remove a search engine: Select the Conduit Search search engine and click the x or trash can that appears at the end of the row.
Set your default search engine

  • Click the Chrome menu Posted Image on the browser toolbar.
  • Select Settings and find the Search section.
  • Select the search engine you want to use from the menu (like Google). If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
  • Click the Make default button that appears at the end of the row, or mouse over your choice and click Make Default.
  • Close the browser and re-open it and verify that the Conduit Search engine is gone.

Step-3.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\System32\acrisnative32.exe.
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The Virustotal URL link
2. Let me know if you were able to change the default search engine in Chrome successfully.
3. The OTL fixes log
  • 0

Advertisements


#56
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Hi

OTL hung up with [emptytemp] showing in the text box (It was left running all night)

Chrome search default changed

C:\Windows\System32\acrisnative32.exe not found (Could not paste into the box it always opened a search for the file) also I told you last answer I had uninstalled Activeris AntiMalware.
  • 0

#57
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

OTL hung up with [emptytemp] showing in the text box (It was left running all night)

That certainly should have been enough time to clean the TEMP folders. I don't think I've ever had a system where the emptytemp command and the TFC program wouldn't work on a machine. I'm gonna ask the tool developer if he has any ideas as to why we are having such a problem removing the Temp files.

C:\Windows\System32\acrisnative32.exe not found (Could not paste into the box it always opened a search for the file)...

Understood. Maybe the file is not on the system any longer.

...also I told you last answer I had uninstalled Activeris AntiMalware.

I saw that. :thumbsup: I was just trying to tell you how these dubious 3rd party programs are getting installed and give you the things to look for when you download or install a program that might help keep them off of the computer. We know that nothing can stop every malware, adware, crapware program out there but the things I mentioned can help keep some of them from being downloaded. And if you don't see any programs that you didn't want being bundled with the program that you downloaded then using the Custom install option when the downloaded program is installed will give you one last chance see if any 3rd party programs were included in the download and you can prevent them from getting installed when you install the program that you did want.

I want you to look in the C:\_OTL\MovedFiled folder for a file named 03182014_hhmmss.log (where the hhmmss is the time of the tool run). If the OTL fix completed to the point of generating a log, this will be it. If the file is there, please open it and make sure it isn't blank and post it for me.

If the file isn't there or it it's blank, let's run the OTL fix again using the instructions below. I will remove the emptytemp command and hopefully that will prevent it from hanging.

Posted Image OTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/01/23 19:04:28 | 006,292,472 | ---- | M] (Activeris) -- C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe
MOD - [2014/01/23 19:04:34 | 001,718,264 | ---- | M] () -- C:\Program Files\Activeris AntiMalware\acrissys.dll
MOD - [2012/09/26 15:31:16 | 000,886,272 | ---- | M] () -- C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HIGHTO~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [NBJ] File not found
[2014/03/15 05:17:49 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Activeris
[2014/03/15 05:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
[2014/03/15 05:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Activeris
[2014/03/15 05:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Activeris AntiMalware
[2014/03/15 05:17:49 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Activeris

:FILES
ipconfig /flushdns /c

:COMMANDS
[reboot]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The 03182014_hhmmss.log file OR the new OTL fixes log.
  • 0

#58
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Hi

OTL log produced last night previous log was dated March 11

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named ActiverisAntiMalware.exe was found!
Error: No service named cpuz134 was found to stop!
Service\Driver key cpuz134 not found.
File C:\Users\HIGHTO~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ not found.
Registry value HKEY_USERS\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}\ not found.
Registry value HKEY_USERS\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NBJ not found.
Folder C:\Users\Hightorque UK\AppData\Roaming\Activeris\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware\ not found.
Folder C:\ProgramData\Activeris\ not found.
Folder C:\Program Files\Activeris AntiMalware\ not found.
Folder C:\Users\Hightorque UK\AppData\Roaming\Activeris\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Hightorque UK\Downloads\cmd.bat deleted successfully.
C:\Users\Hightorque UK\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 03192014_223916
  • 0

#59
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. Let's scan for any residual malware files.

Please disable any screen saver you have running before completing the following.


Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MalwareBytes icon on the desktop and click Run as Administrator and OK any UAC prompts to run the application. You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the computer is running and if you have any outstanding issues.
2. The MalwareBytes log.
  • 0

#60
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Hi,

I ran Malwarebytes FULL SCAN on March 9th.

Ran it again overnight, it ran for 15 hours 22min, no threats detected, had to abort while in Drive F in order to get on with some work, I will run F and G drives again tonight.

On previous scans it has not listed any System Volume Information files in any of the Logs or Quarantined items.

When I went to check the System Volume Information folder, the icon is "grayed out" but will open, but will not allow me into System Restore folder

**********************************************************************

PLEASE NOTE THAT MY DELETED FILES HAVE RESTORED THEMSELVES AGAIN TODAY

**********************************************************************

Here is the log.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.15.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19507
Hightorque UK :: HIGHTORQUEUK-PC [administrator]

20/03/2014 21:29:32
mbam-log-2014-03-20 (21-29-32).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1786820
Time elapsed: 15 hour(s), 22 minute(s), 7 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP