Rosmon

Hi BeeCeeBee, My download speed is 20,000 kbit/s down and 1,600 up. I need to use the VPN. Thanks, good to know the specs are fine, Rosmon.

Snap.do to Babylon Hi Starbuck, The malware problem has been solved:) The no sound problem hasn't. I have two new postings. The sound problem is under 'Hardware Issues', although I think it should be somewhere under software. The sound icon has now disappeared from the system tray so things have got worse. The second is also under 'Hardware Misc.' as I'm looking for a new computer. Rosmon.

Hi, Needless to say my troublesome computer will soon be on Ebay and a new notebook will be in the post very soon. I'm looking for a new notebook that can handle streaming. What specs are going to give best performance, i.e., what hard drive rpm should I have, and what difference does the processor make (which type and what core). Would a large hard drive memory compared to a relatively smaller speed effect performance e.g., 750GB with 720rpm compared to 500GB with 720rpm? Is 540rpm enough, as I've seen a notebook that looks quite good with 500GB hard drive memory with that speed? I have been using a computer with 320GB memory with 540rpm and an i3 core. I've had problems with streaming time outs and wonder what could solve these problems. The fault could be from an overloaded VPN or a overloaded network, either my provider or the network I'm connected to. If the problems are from overloaded networks, do the specifications of my computer make any difference? I know the simple answer is go out and spend huge sums of money, but what should I have minimum so I can keep to a budget? Rosmon

No Sound on My Notebook Update, Ref, the above. I just messed around with Windows Media Centre that stated that my tuner was not found. I went into my programs and could not find any media players. There is Windows Live Essentials but I don't think that has much to do with the problem. After the Malwarebytes scan, a bundle was found under VLC Media Player that I deleted. I found something very similar in my programs and deleted that too. Is it possible that I deleted a legit Windows media player by mistake? I went into the ASUS webpages and downloaded drivers: and that's just about what it came down to; they downloaded very nicely and are sitting in my downloads folder, but shouldn't something run? Rosmon

Hi, After removing a dose of Babylon from my notebook, ref. Freepchelp, Snap.do Malware Removal, I discovered that I had no sound again. I've gone through the same procedures as a month ago, ref. Freepchelp, 'Hard Drive Backup', and it seems that I'm in the same position as before. Could I have missed something? Going through control panel I got into 'Manage audio devices' but had no option for 'Test' as it was greyed out. Prior to that, and I don't know how I did this, I got the test arrow to show green and got a message stating 'Windows error' after clicking it. I have no x against my speaker icon in the system tray because I have no speaker icon in my system tray:confused:. This is a development from earlier and at another earlier point I had an x mark over my speaker icon. I hope this is the right section for this because it could be a software issue. Rosmon.

Snap.do to Babylon Hi Starbuck, I can't remember if I did the Esets scan. Would the report have been just a few lines long. Was it that that found the Yontoo? The good news about my sound problem is that I have an x next to the speaker, so this time it's probably a software problem and won't need a factory fix. I look forward to your reply Rosmon.

Snap.do to Babylon Hi Starbuck, Yes, I must have been online when I connected to the link for AdwCleaner but I can't remember what else, if anything, was open at the same time. I'm not a particularly adventurous surfer so it's highly unlikely that I had anything risky open in the background. I can clearly remember that three downloads came at the same time. And for sure you're right, I ran OTL from my computer. Now for an interesting list; Esetsmartin, AdwCleaner, Revo Uninstaller, and finally the Malware program that successfully found the malware: Malwarebytes. I ran all of the above but the only one that found the malware identified as 'WLC MediaPlayer (or VLC MediaPlayer) - PUP Bundelns' was malwarebytes. I'm not sure if all of the other programs are for malware removal so not a fully fair comparison. Even so, when I open up Google the first tab is still Babylon, the subsequent tabs are Google, but Babylon is not listed as a Browser in 'Manage Browsers' under settings. A full scan by Malwarebytes takes quite a while to complete so I was happy to hear the ping from the computer when it was finished and duly removed the malware. I checked in my programs and it was still listed in them so I deleted it from there too, just to make sure. Incidentally, that ping was the last sound that I have heard from my computer. Yes, isn't that just the best, my computer has no sound again. I'm right back to where I started when I first contacted freepchelp; remember, 'no sound on my computer' just less than one month ago. Whatever that malware was it took my computer's sound with it. I've checked back to KenB's postings about the sound problem, but found the link download not so useful. It downloaded onto my computer OK, but when I double clicked on the program and went into the selection boxes and clicked through there was no confirmation of what it was doing and what had been completed, and still no sound. Though I haven't had time to go through this again thoroughly yet. For what this is worth now, here is the report from AdwCleaner. I posted the other one but it again seemed to vanish in the ether. # AdwCleaner v2.003 - Logfile created 10/07/2012 at 16:36:26 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : ****** - ****** # Boot Mode : Normal # Running from : C:\Users\******\Downloads\adwcleaner (2).exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Browser Manager ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Browser Manager Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\Roland\AppData\Roaming\Babylon Folder Deleted : C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23765~1.24\{16cdf~1\browse~1.dll Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Tarma Installer Key Deleted : HKU\S-1-5-21-2723320869-2266038694-3479430049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ry947akd.default\prefs.js C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ry947akd.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&b[...] Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.id", "9a0ba1e500000000000000fff16bee29"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15620"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.714:15:26"); Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=KW_ss&m[...] -\\ Google Chrome v [unable to get version] File : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29" ] Deleted [l.1829] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29" ] ************************* AdwCleaner[s1].txt - [5650 octets] - [07/10/2012 16:36:26] ########## EOF - C:\AdwCleaner[s1].txt - [5710 octets] ########## Rosmon.

Snap.do to Babylon Hi Starbuck, Yes I am saying AdwCleaner installed Babylon onto my computer, or something in the link. I clicked the link and I saw three arrows shoot down to point to three downloads on the bottom left of my screen. I clicked on the first which came up as some kind of media player, which didn't sound right, but Windows Explorer opens photograph files, so I went with it wondering what its function was and discovered Babylon had been installed. The last time I got Babylon on my computer, I had so little experience with computers that I simply went back to factory setting and re-installed everything. If Babylon didn't come with the AdwCleaner and the media player download, it came with the second OTL run that I did mistakenly again just before that, from another link in this thread, (because I clicked on the wrong link in the thread: it's getting so long that I didn't notice that were onto a second page now), which I posted in a recent reply. I can't believe that Babylon came with AdwCleaner too, but what I have described is what happened; it appeared immediately after the download(s):confused:. I went to another forum to find out how to get rid of Babylon. It's not a unique problem and there was an archive thread that I followed that recommended running AdwCleaner. I trusted it from the other forum thread as I believed that the software is legit, and lightening would not strike in the same place twice. I ran it: it worked to a point (The first tab opened on Google is still Babylon, but the second is not. It is not on the Browser list in Google settings. It is not present on Firefox, and IE, and AdwCleaner removed the German Bing bar too from IE: which I have been trying to do for ages:)) . I posted the report on their forum: I then got a snotty message from someone for acting independently. They wanted a Hijack This report that I have done. I look forward to your reply. Rosmon

Hi, Now I have Babylon on my browsers. That's 100% totally infuriating:mad::mad::mad::mad::mad::mad::mad::mad::mad::mad::mad::mad::mad::mad::mad:. I've just got rid of Snap.do after many hours of work, deleting and re-installing the malware and browsers to download AdwCleaner by Xplode to clean any traces that were left to find that it has downloaded Babylon onto my computer, which is simply the same **** just a different name. Now how do I get rid of this. I've done the same as I did with Snap.do. I've deleted it from add or remove programs and gone into my browser settings to find the **** is still there. This has extremely annoyed me. Rosmon

Snap.do to Babylon Starbuck, Thanks for that link because I've now got Babylon on my computer which I'm struggling to delete. Rosmon.

Snap.do report part 2 [2012/09/19 17:47:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2012/09/19 17:47:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2012/09/19 17:47:30 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2012/09/19 17:47:30 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2012/09/19 17:47:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2012/09/19 17:47:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2012/09/19 17:47:30 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2012/09/19 17:47:30 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2012/09/19 17:47:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2012/09/19 17:47:20 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/09/19 17:47:18 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/09/19 17:47:18 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/09/19 17:47:17 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/09/19 17:47:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/09/19 17:46:27 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2012/09/19 17:46:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2012/09/19 17:46:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2012/09/19 17:46:19 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/09/19 17:46:19 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/09/19 17:46:16 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012/09/19 17:46:15 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012/09/19 17:46:15 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/09/19 17:46:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/09/19 17:46:05 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/09/19 17:46:00 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2012/09/19 17:46:00 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2012/09/19 17:45:59 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2012/09/19 17:45:59 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2012/09/19 17:45:59 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2012/09/19 17:45:58 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2012/09/19 17:45:58 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2012/09/19 17:45:58 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2012/09/19 17:45:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2012/09/19 17:45:58 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2012/09/19 17:45:58 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2012/09/19 17:45:58 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2012/09/19 17:45:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2012/09/19 17:45:39 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/09/19 17:45:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/09/19 17:45:37 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012/09/19 17:45:37 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012/09/19 17:45:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012/09/19 17:45:28 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012/09/19 17:45:28 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012/09/19 17:45:24 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012/09/19 17:45:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012/09/19 17:45:22 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2012/09/19 17:45:22 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2012/09/19 17:45:21 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2012/09/19 17:45:21 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2012/09/19 17:45:19 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/09/19 17:45:19 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/09/19 17:45:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/09/19 17:45:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/09/19 17:45:17 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/19 17:45:08 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2012/09/19 17:45:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2012/09/19 17:45:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2012/09/19 17:45:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/09/19 17:45:07 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/09/19 17:45:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/09/19 17:44:53 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/09/19 17:44:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/09/19 17:44:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/09/19 17:44:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/09/19 17:44:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/09/19 17:44:48 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2012/09/19 17:44:41 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/09/19 17:44:39 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/09/19 17:44:39 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/09/19 17:44:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/09/19 17:44:29 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/09/19 17:44:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/09/19 03:40:36 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2012/09/19 03:40:36 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2012/09/19 03:40:36 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2012/09/19 03:40:35 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2012/09/19 03:40:35 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2012/09/19 03:40:35 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2012/09/19 03:40:35 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2012/09/19 03:40:28 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2012/09/19 03:40:27 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2012/09/19 03:40:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2012/09/19 03:40:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2012/09/19 03:40:27 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2012/09/19 03:40:27 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2012/09/19 03:40:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2012/09/19 03:40:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2012/09/19 03:40:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2012/09/19 03:40:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2012/09/19 03:40:18 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/09/19 03:39:57 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/09/19 03:39:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/09/19 03:33:56 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/09/19 03:33:56 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/09/19 03:33:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/09/19 03:33:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/09/19 03:33:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/09/19 03:33:55 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/09/19 03:33:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/09/19 03:33:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/09/19 03:33:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/09/19 03:33:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/09/19 03:33:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/09/19 03:33:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/09/19 03:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/09/19 03:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/09/19 03:33:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/09/19 03:33:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/09/19 03:33:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/09/19 03:33:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/09/19 03:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/09/19 03:33:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2012/09/19 03:33:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2012/09/19 03:33:25 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/09/19 03:33:25 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/09/19 03:33:25 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/09/19 03:33:25 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/09/19 03:33:23 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2012/09/19 03:33:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2012/09/19 03:33:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2012/09/19 03:33:20 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/09/19 03:33:16 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012/09/19 03:33:09 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2012/09/19 03:33:09 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2012/09/19 03:33:07 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2012/09/19 03:33:07 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2012/09/19 03:32:37 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2012/09/19 03:32:36 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2012/09/19 03:32:34 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012/09/19 03:32:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012/09/19 03:32:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012/09/19 03:30:57 | 000,060,320 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012/09/19 03:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection [2012/09/19 03:30:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BioAPIFFDB [2012/09/19 03:30:27 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys [2012/09/19 03:30:26 | 000,331,776 | ---- | C] (Alfa Corporation) -- C:\Windows\SysWow64\DrvCrypt.dll [2012/09/19 03:30:26 | 000,063,120 | ---- | C] (Alfa Corporation) -- C:\Windows\SysNative\drivers\AlfaFF.sys [2012/09/19 03:30:26 | 000,024,208 | ---- | C] (Alfa Corporation) -- C:\Windows\SysWow64\AlfaFF.dll [2012/09/19 03:30:22 | 000,181,576 | ---- | C] (G DATA Software Sp. z o.o.) -- C:\Windows\KbdLockService.exe [2012/09/19 03:30:22 | 000,058,872 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GLogin.sys [2012/09/19 03:30:13 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012/09/19 03:30:13 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012/09/19 03:30:13 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012/09/19 03:30:11 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012/09/19 03:30:11 | 000,031,608 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys [2012/09/19 03:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software [2012/09/19 03:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012/09/19 03:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2012/09/19 03:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data [2012/09/19 03:27:43 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Downloaded Installations [2012/09/19 03:14:53 | 000,000,000 | ---D | C] -- C:\temp [2012/09/19 03:11:51 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012/09/19 03:11:51 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012/09/19 03:04:48 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/09/19 03:04:48 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/09/19 03:04:48 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/09/19 03:04:35 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012/09/19 03:04:34 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012/09/19 03:04:34 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012/09/19 03:04:30 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/09/19 03:04:30 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/09/18 02:14:17 | 000,000,000 | R--D | C] -- C:\Users\Roland\Dropbox [2012/09/18 02:04:23 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012/09/18 02:04:05 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Dropbox [2012/09/18 01:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN [2012/09/18 01:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HMA! Pro VPN [2012/09/18 01:29:07 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Mozilla [2012/09/18 01:29:07 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Mozilla [2012/09/18 01:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/09/18 01:18:47 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Deployment [2012/09/18 01:18:47 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Apps [2012/09/18 00:56:56 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Macromedia [2012/09/18 00:56:51 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Adobe [2012/09/18 00:56:48 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Google [2012/09/18 00:55:59 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Diagnostics [2012/09/18 00:34:40 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\CyberLink [2012/09/18 00:32:27 | 000,000,000 | ---D | C] -- C:\Users\Roland\Documents\ASUS WebStorage [2012/09/18 00:32:27 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Asus WebStorage [2012/09/18 00:30:47 | 000,000,000 | R--D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/09/18 00:30:47 | 000,000,000 | R--D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/09/18 00:30:46 | 000,000,000 | R--D | C] -- C:\Users\Roland\Searches [2012/09/18 00:30:46 | 000,000,000 | -H-D | C] -- C:\Users\Roland\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/09/18 00:30:38 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Power2Go [2012/09/18 00:30:31 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Identities [2012/09/18 00:30:28 | 000,000,000 | R--D | C] -- C:\Users\Roland\Contacts [2012/09/18 00:30:27 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\VirtualStore [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\AppData\Local\Temporary Internet Files [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Templates [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Start Menu [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\SendTo [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Recent [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\PrintHood [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\NetHood [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Documents\My Videos [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Documents\My Pictures [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Documents\My Music [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\My Documents [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Local Settings [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\AppData\Local\History [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Cookies [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\Application Data [2012/09/18 00:30:11 | 000,000,000 | -HSD | C] -- C:\Users\Roland\AppData\Local\Application Data [2012/09/18 00:30:11 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Temp [2012/09/18 00:30:11 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Microsoft [2012/09/18 00:30:11 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Media Center Programs [2012/09/18 00:30:10 | 000,000,000 | --SD | C] -- C:\Users\Roland\AppData\Roaming\Microsoft [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Videos [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Saved Games [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Pictures [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Music [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Links [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Favorites [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Downloads [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Documents [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\Desktop [2012/09/18 00:30:10 | 000,000,000 | R--D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/09/18 00:30:10 | 000,000,000 | -H-D | C] -- C:\Users\Roland\AppData [2012/09/18 00:30:10 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2012/09/14 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2012/09/14 19:08:09 | 000,000,000 | -H-D | C] -- C:\ASUS.DAT [2012/09/14 19:05:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2012/10/07 12:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/07 12:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/07 10:44:20 | 000,817,683 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012/10/07 10:44:20 | 000,044,703 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012/10/07 09:47:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/07 09:47:15 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 09:47:15 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 09:40:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/07 09:39:34 | 3051,536,384 | -HS- | M] () -- C:\hiberfil.sys [2012/10/06 18:39:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/10/06 15:43:49 | 000,002,261 | ---- | M] () -- C:\Users\Roland\Desktop\Google Chrome.lnk [2012/10/06 15:33:27 | 000,001,319 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/10/06 13:01:29 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/04 08:47:01 | 007,302,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/04 08:47:01 | 000,705,842 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012/10/04 08:47:01 | 000,704,866 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012/10/04 08:47:01 | 000,702,604 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012/10/04 08:47:01 | 000,700,520 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012/10/04 08:47:01 | 000,690,754 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012/10/04 08:47:01 | 000,663,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/04 08:47:01 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/04 08:47:01 | 000,563,182 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2012/10/04 08:47:01 | 000,396,732 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2012/10/04 08:47:01 | 000,364,934 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2012/10/04 08:47:01 | 000,140,814 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012/10/04 08:47:01 | 000,137,504 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012/10/04 08:47:01 | 000,136,692 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012/10/04 08:47:01 | 000,133,892 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012/10/04 08:47:01 | 000,133,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/04 08:47:01 | 000,130,896 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012/10/04 08:47:01 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2012/10/04 08:47:01 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/04 08:47:01 | 000,093,188 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2012/10/04 08:47:01 | 000,072,846 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2012/10/03 00:58:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Roland\Desktop\esetsmartinstaller_enu (3).exe [2012/10/02 23:45:48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/10/02 23:07:19 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/02 23:07:19 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/02 00:22:44 | 000,051,914 | ---- | M] () -- C:\Users\Roland\Documents\snap OTL report..odt [2012/10/01 01:24:20 | 000,002,220 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/09/30 23:12:43 | 000,018,308 | ---- | M] () -- C:\Users\Roland\Documents\seprech.odt [2012/09/28 17:48:31 | 000,015,424 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012/09/28 09:18:08 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk [2012/09/28 09:17:05 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\LifeFrame.lnk [2012/09/28 09:13:12 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\AI Recovery Burner.lnk [2012/09/28 06:11:17 | 000,001,327 | ---- | M] () -- C:\Users\Roland\Desktop\Wiesn Tour-1 - Shortcut.lnk [2012/09/28 05:54:48 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012/09/28 05:53:01 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012/09/28 05:53:01 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012/09/28 05:53:01 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012/09/26 17:54:42 | 000,022,994 | ---- | M] () -- C:\Users\Roland\Desktop\Sept Schedule.ods [2012/09/25 22:06:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/09/25 22:06:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/09/25 22:06:29 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/25 22:06:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/25 22:06:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/25 22:06:29 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/25 14:47:24 | 000,010,792 | ---- | M] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.en.dll [2012/09/25 03:38:12 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/25 03:11:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/09/24 18:13:08 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012/09/23 00:30:15 | 000,293,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/09/22 22:55:42 | 000,028,583 | ---- | M] () -- C:\Users\Roland\Desktop\October schedule.ods [2012/09/22 22:35:53 | 000,001,241 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012/09/22 22:24:25 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012/09/20 22:43:54 | 000,001,443 | ---- | M] () -- C:\Users\Roland\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/09/20 20:45:01 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012/09/20 20:45:01 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012/09/20 20:45:00 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012/09/20 20:45:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012/09/20 20:45:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012/09/20 20:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012/09/20 20:45:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012/09/20 20:45:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012/09/20 20:45:00 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012/09/20 20:45:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012/09/20 20:45:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012/09/20 20:44:59 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012/09/20 20:44:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012/09/20 20:44:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012/09/20 20:44:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012/09/20 20:44:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012/09/20 20:44:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012/09/20 20:44:59 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012/09/20 20:44:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012/09/20 20:44:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012/09/20 20:44:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012/09/20 20:44:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012/09/20 20:44:58 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012/09/20 20:44:58 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012/09/20 20:44:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012/09/20 20:44:57 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012/09/20 20:44:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012/09/20 20:44:55 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012/09/20 20:44:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012/09/20 20:44:55 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012/09/20 20:44:54 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012/09/20 20:44:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012/09/20 20:44:54 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012/09/20 20:44:54 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012/09/20 20:44:54 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012/09/20 20:44:54 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012/09/20 20:44:54 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012/09/20 20:44:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012/09/20 20:44:53 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012/09/20 20:44:53 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012/09/20 20:44:53 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012/09/20 20:44:53 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012/09/20 20:44:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012/09/20 20:44:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012/09/20 20:44:53 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012/09/20 20:44:52 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012/09/20 20:44:52 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012/09/20 20:44:52 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012/09/20 20:44:52 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012/09/20 20:44:52 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012/09/20 20:44:52 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012/09/20 20:44:52 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012/09/20 20:44:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012/09/20 20:44:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012/09/20 20:44:52 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012/09/20 20:44:52 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012/09/20 20:44:51 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012/09/20 20:44:51 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012/09/20 20:44:51 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012/09/19 03:30:27 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys [2012/09/19 03:30:26 | 000,331,776 | ---- | M] (Alfa Corporation) -- C:\Windows\SysWow64\DrvCrypt.dll [2012/09/19 03:30:26 | 000,063,120 | ---- | M] (Alfa Corporation) -- C:\Windows\SysNative\drivers\AlfaFF.sys [2012/09/19 03:30:26 | 000,024,208 | ---- | M] (Alfa Corporation) -- C:\Windows\SysWow64\AlfaFF.dll [2012/09/19 03:30:22 | 000,181,576 | ---- | M] (G DATA Software Sp. z o.o.) -- C:\Windows\KbdLockService.exe [2012/09/19 03:30:22 | 000,058,872 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GLogin.sys [2012/09/19 03:30:11 | 000,031,608 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys [2012/09/19 03:30:03 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk [2012/09/18 02:14:17 | 000,001,004 | ---- | M] () -- C:\Users\Roland\Desktop\Dropbox.lnk [2012/09/18 02:04:31 | 000,001,014 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/09/18 01:35:04 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk [2012/09/18 00:25:14 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012/09/18 00:25:14 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012/09/14 19:44:18 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini ========== Files Created - No Company Name ========== [2012/10/06 15:43:49 | 000,002,261 | ---- | C] () -- C:\Users\Roland\Desktop\Google Chrome.lnk [2012/10/06 15:42:58 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/06 15:42:57 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/06 13:01:29 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/10/06 13:01:29 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/02 00:22:41 | 000,051,914 | ---- | C] () -- C:\Users\Roland\Documents\snap OTL report..odt [2012/09/30 23:12:41 | 000,018,308 | ---- | C] () -- C:\Users\Roland\Documents\seprech.odt [2012/09/28 09:18:08 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk [2012/09/28 09:17:04 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\LifeFrame.lnk [2012/09/28 06:11:17 | 000,001,327 | ---- | C] () -- C:\Users\Roland\Desktop\Wiesn Tour-1 - Shortcut.lnk [2012/09/25 22:12:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/25 03:38:12 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/25 03:37:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/09/25 03:11:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/09/22 22:55:40 | 000,028,583 | ---- | C] () -- C:\Users\Roland\Desktop\October schedule.ods [2012/09/22 22:36:58 | 000,022,994 | ---- | C] () -- C:\Users\Roland\Desktop\Sept Schedule.ods [2012/09/22 22:35:53 | 000,001,241 | ---- | C] () -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012/09/22 22:24:25 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012/09/20 22:43:06 | 000,001,449 | ---- | C] () -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/09/20 21:48:25 | 000,817,683 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012/09/20 21:48:25 | 000,044,703 | ---- | C] () -- C:\Windows\SysWow64\nmp.map [2012/09/20 20:44:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012/09/20 20:44:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012/09/19 03:30:03 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk [2012/09/18 02:14:17 | 000,001,004 | ---- | C] () -- C:\Users\Roland\Desktop\Dropbox.lnk [2012/09/18 02:04:31 | 000,001,014 | ---- | C] () -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/09/18 01:35:04 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk [2012/09/18 00:56:44 | 000,001,443 | ---- | C] () -- C:\Users\Roland\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/09/18 00:31:38 | 000,001,415 | ---- | C] () -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/09/18 00:30:41 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe [2012/09/18 00:30:11 | 000,000,290 | ---- | C] () -- C:\Users\Roland\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/09/18 00:30:11 | 000,000,272 | ---- | C] () -- C:\Users\Roland\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/09/14 19:05:52 | 3051,536,384 | -HS- | C] () -- C:\hiberfil.sys [2011/07/27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/07/27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/07/27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/05/04 02:47:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/05/04 02:14:02 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011/05/04 00:23:58 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/03/07 05:50:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free Part 2 for Starbuck. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Thanks Rosmon.

Snap.do malware report part 1 Hi Starbuck, I think you wanted this too. I sent the other but I have no idea where it went. OTL logfile created on: 10/7/2012 12:52:09 PM - Run 2 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Roland\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.79 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.66% Memory free 7.58 Gb Paging File | 5.61 Gb Available in Paging File | 74.09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 32.98 Gb Free Space | 44.26% Space Free | Partition Type: NTFS Drive D: | 202.08 Gb Total Space | 201.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: BENTEN | User Name: Roland | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Roland\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG) PRC - C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software) PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe (NetcoSolutions) PRC - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpn.exe () PRC - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () ========== Services (SafeList) ========== SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software) SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) SRV - (OpenVPNService) -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe () SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software) DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/06 13:01:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/18 01:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roland\AppData\Roaming\Mozilla\Extensions [2012/10/06 13:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/06 03:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/06 03:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Translate = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\ CHR - Extension: YouTube = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: https://maps.google.com/ = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fechlkhcpcpaffdigchfolpfbpnbpcgi\2012.10.7.25732_0\ CHR - Extension: Skype Click to Call = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: Gmail = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/10/02 23:45:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37E61AFE-B7A5-40E3-8EA8-C37CF8135587}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69747B4B-8851-4FD6-906D-D6FCA951B4CB}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF046389-65E7-4AA3-80BD-B182E4397AD7}: DhcpNameServer = 208.67.222.222 208.67.220.220 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/06 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\OverPlay.net, LP [2012/10/06 21:44:00 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OverPlay.net, LP [2012/10/06 21:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tap0901 [2012/10/06 15:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/10/06 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/10/06 13:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/03 00:57:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Roland\Desktop\esetsmartinstaller_enu (3).exe [2012/10/03 00:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/10/02 23:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012/10/02 22:24:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012/09/28 09:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G [2012/09/25 22:13:05 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Macromedia [2012/09/25 22:12:55 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/09/25 22:12:55 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/25 22:12:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/09/25 22:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/09/25 22:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/25 22:06:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/09/25 22:06:36 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/09/25 22:06:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/25 22:06:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/25 22:06:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/25 22:06:33 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/25 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/09/25 03:38:15 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Apple Computer [2012/09/25 03:38:15 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Apple Computer [2012/09/25 03:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/09/25 03:37:34 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012/09/25 03:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/09/25 03:37:05 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Apple [2012/09/25 03:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/09/25 03:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/09/25 03:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/09/25 03:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/09/25 03:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/09/25 03:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/09/25 03:11:29 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Skype [2012/09/25 03:11:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/09/25 03:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/09/25 03:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/09/25 03:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/09/24 18:12:47 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.en.dll [2012/09/23 03:25:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/23 03:25:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/23 03:25:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/23 03:25:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/23 03:25:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/23 03:25:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/23 03:25:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/23 03:25:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/23 03:25:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/23 03:25:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/23 03:25:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/23 03:25:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/23 03:25:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/23 03:25:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/23 03:25:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/22 22:35:48 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\OpenOffice.org [2012/09/22 22:24:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012/09/22 22:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012/09/22 22:21:52 | 000,000,000 | ---D | C] -- C:\Users\Roland\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files [2012/09/22 22:00:19 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Microsoft Games [2012/09/22 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\FLEXnet [2012/09/22 21:41:24 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Nuance [2012/09/22 21:41:21 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Zeon [2012/09/21 08:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012/09/20 21:08:58 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2012/09/20 21:08:57 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2012/09/20 21:08:57 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2012/09/20 21:08:57 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2012/09/20 21:08:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2012/09/20 21:08:57 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2012/09/20 21:08:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2012/09/20 21:08:57 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2012/09/20 20:53:40 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2012/09/20 20:53:39 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2012/09/20 20:52:13 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2012/09/20 20:52:12 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2012/09/20 20:52:12 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2012/09/20 20:52:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2012/09/20 20:52:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2012/09/20 20:52:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2012/09/20 20:52:12 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2012/09/20 20:45:01 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012/09/20 20:45:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012/09/20 20:45:00 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012/09/20 20:45:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012/09/20 20:45:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012/09/20 20:45:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012/09/20 20:45:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012/09/20 20:45:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012/09/20 20:45:00 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012/09/20 20:45:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012/09/20 20:45:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012/09/20 20:44:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012/09/20 20:44:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012/09/20 20:44:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012/09/20 20:44:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012/09/20 20:44:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012/09/20 20:44:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012/09/20 20:44:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012/09/20 20:44:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012/09/20 20:44:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012/09/20 20:44:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012/09/20 20:44:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012/09/20 20:44:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012/09/20 20:44:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012/09/20 20:44:57 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012/09/20 20:44:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012/09/20 20:44:55 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012/09/20 20:44:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012/09/20 20:44:55 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012/09/20 20:44:54 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012/09/20 20:44:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012/09/20 20:44:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012/09/20 20:44:54 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012/09/20 20:44:54 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012/09/20 20:44:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012/09/20 20:44:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012/09/20 20:44:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012/09/20 20:44:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012/09/20 20:44:53 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012/09/20 20:44:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012/09/20 20:44:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012/09/20 20:44:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012/09/20 20:44:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012/09/20 20:44:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012/09/20 20:44:52 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012/09/20 20:44:52 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012/09/20 20:44:52 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012/09/20 20:44:52 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012/09/20 20:44:52 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012/09/20 20:44:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012/09/20 20:44:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012/09/20 20:44:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012/09/20 20:44:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012/09/20 20:44:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012/09/20 20:44:51 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012/09/20 20:44:51 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012/09/20 20:44:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012/09/19 17:58:34 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012/09/19 17:47:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/09/19 17:47:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012/09/19 17:47:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012/09/19 17:47:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2012/09/19 17:47:38 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012/09/19 17:47:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2012/09/19 17:47:34 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

VPN Hi pc49, Sorry for such a late posting but I've been sorting out a malware problem. There are two UK VPN services which rate and perform well, but they are not free though they have very good packages: Overplay.net and HideMyAss. You can subscribe for just one month if you want to, which is probably going to be long enough for a holiday, and won't cost you your spare wheel: approx. 10GBP. During peak times they can time-out, which can be very annoying for sports events, or if it times-out when Poirot is about to unveil the murderer. If this happens for more than 20 seconds it may be a total freeze and if you're using Hide My Ass, the best option is to click the small arrow on the right in the system tray, right click, and select change location. I'm still not very familiar with Overplay.net at the moment as I haven't used it too much but I'm currently running them both to compare performances. And that's the last thing, don't run them together; they don't play in the sandpit well together. I'll normally click a running VPN off from the system tray if I'm going to change from one to another to make sure. If you're already back from your holiday, I guess this isn't much use to you, but you mentioned that you live in Spain. And don't forget..... Whatever you watch, wherever you watch it. You need to be covered by a TV license.:cool:

Snap.do malware Hi Starbuck, I'm not sure what I should have done. I deleted Firefox so I had to use the %APPDATA%\Mozilla\Firefox\Profiles option which worked fine, but then what should I have done? Do I systematically delete everything or just what I don't want which is only snap.do, where ever that is. The Google option looked like a complete history wipe out, but I need my bookmarks for some work related projects, so I don't want to lose them. I have them in Dropbox in a json file format, but nothing can open them apart from json software, which I don't plan to download. The present situation with snap.do after I deleted it from Google is that it is suspicious in it's absence. Rosmon.

Update, I just went into Google Chrome settings again and selected Google as my default browser which then rendered an x on the right of Snap.do with enabled me to delete it. Hooray for the time being. Rosmon