Snap.do Malware.

Rosmon · October 1, 2012

Hi,

My computer has just got a dose of Snap.do malware.:mad: How do I get rid of it? It's very stubborn and can not be deleted from control panel/uninstall. I tried to download Dolphin browser and this seems to have been the source of the malware:confused:

Any helpful hints would be appreciated. I've tried some of the solutions that are online that didn't work and one was suggesting that I hit the F8 button before windows opens. It sounded very drastic and I'm not sure I won't wipe my computer.

Does anyone know if this came with Dolphin and could someone suggest another browser that won't keep freezing when I'm streaming film/TV; neither Firefox or Chrome work effectively.

Rosmon.

Starbuck · October 1, 2012

Hi Rosmon,

I tried to download Dolphin browser and this seems to have been the source of the malware

I'm slightly confused here, because the Dolphin Browser is a proprietary mobile browser for the Android operating system and iOS developed by Mobotap.

Why would you try to install this on your PC?

My computer has just got a dose of Snap.do malware.

Normally this will add it's self to your browsers.

Removing it shouldn't be a huge problem.

Download OTL to your desktop.
If using Firefox ..right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Thanks

Rosmon · October 1, 2012

snap.do malware

Hi Starbuck,

You are a brave and honourable man. Here's what you have asked for. Enjoy your reading.

I've had to split this in two replies as it has too many characters.

Part 1

OTL.Txt - Notepad.

OTL logfile created on: 10/1/2012 11:06:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roland\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.79 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 61.90% Memory free

7.58 Gb Paging File | 5.61 Gb Available in Paging File | 74.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.52 Gb Total Space | 36.76 Gb Free Space | 49.33% Space Free | Partition Type: NTFS

Drive D: | 202.08 Gb Total Space | 201.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: BENTEN | User Name: Roland | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Roland\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)

PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)

PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUS)

PRC - C:\Windows\AsScrPro.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)

PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe (G Data Software AG)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)

SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

SRV - (OpenVPNService) -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe ()

SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software)

DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)

DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=hp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=hp"

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687

FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00

FF - prefs.js..keyword.URL: "http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roland\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roland\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/22 21:27:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/18 01:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roland\AppData\Roaming\Mozilla\Extensions

[2012/10/01 01:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\ry947akd.default\extensions

[2012/10/01 00:51:33 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\ry947akd.default\extensions\plugin@yontoo.com

[2012/10/01 01:00:33 | 000,002,385 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\ry947akd.default\searchplugins\Web Search.xml

[2012/09/25 03:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/09/25 03:11:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/09/28 05:53:01 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

[2012/09/06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/09/06 04:32:43 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/09/06 04:32:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/09/06 04:32:44 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/09/06 04:32:44 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/09/06 04:32:44 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/09/06 04:32:44 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Web (Enabled)

CHR - default_search_provider: search_url = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=288bdd57-daad-4429-b880-4f281a5c169e&searchtype=ds&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Roland\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Roland\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Roland\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Roland\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Roland\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: http://www.bbc.co.uk/iplayer/ = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagandflokhelgooebhjlfapcoehemdp\2012.9.17.65221_0\

CHR - Extension: YouTube = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: http://www.wunderground.com/cgi-bin/findweath = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\faogllefecblkbhoipnhlpgeocalffpb\2012.9.18.1405_0\

CHR - Extension: Watch ITV = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbbjfmphmogchbnmjehbbahdepekbcn\1.1_0\

CHR - Extension: Skype Click to Call = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

CHR - Extension: Google Maps = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\

CHR - Extension: Weather Underground = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\

CHR - Extension: Gmail = C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)

O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)

O4 - Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37E61AFE-B7A5-40E3-8EA8-C37CF8135587}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69747B4B-8851-4FD6-906D-D6FCA951B4CB}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{dcf2f51d-75e7-11e0-82f9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{dcf2f51d-75e7-11e0-82f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SYSTEM\AUTOSTRT.EXE

O33 - MountPoints2\{dcf2f51d-75e7-11e0-82f9-806e6f6e6963}\Shell\install1\command - "" = E:\system\Elevate.exe "Start.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/01 13:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snap Toolbar Removal Tool

[2012/10/01 00:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo

[2012/10/01 00:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2012/09/28 09:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G

[2012/09/25 22:13:05 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Macromedia

[2012/09/25 22:12:55 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/09/25 22:12:55 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/09/25 22:12:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/09/25 22:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/09/25 22:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/09/25 22:06:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012/09/25 22:06:36 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012/09/25 22:06:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/09/25 22:06:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/09/25 22:06:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/09/25 22:06:33 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012/09/25 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/09/25 03:38:15 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Apple Computer

[2012/09/25 03:38:15 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Apple Computer

[2012/09/25 03:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/09/25 03:37:34 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/09/25 03:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/09/25 03:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/09/25 03:37:05 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Apple

[2012/09/25 03:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/09/25 03:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/09/25 03:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/09/25 03:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012/09/25 03:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/09/25 03:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012/09/25 03:11:29 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Skype

[2012/09/25 03:11:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/09/25 03:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/09/25 03:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/09/25 03:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/09/24 18:12:47 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.en.dll

[2012/09/23 03:25:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/09/23 03:25:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/09/23 03:25:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/09/23 03:25:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/09/23 03:25:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/09/23 03:25:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/09/23 03:25:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/09/23 03:25:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/09/23 03:25:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/09/23 03:25:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/09/23 03:25:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/09/23 03:25:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/09/23 03:25:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/09/23 03:25:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/09/23 03:25:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/09/22 22:35:48 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\OpenOffice.org

[2012/09/22 22:24:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2012/09/22 22:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3

[2012/09/22 22:21:52 | 000,000,000 | ---D | C] -- C:\Users\Roland\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files

[2012/09/22 22:00:19 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Local\Microsoft Games

[2012/09/22 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\FLEXnet

[2012/09/22 21:41:24 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Nuance

[2012/09/22 21:41:21 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Zeon

[2012/09/21 08:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2012/09/20 21:08:58 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2012/09/20 21:08:57 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2012/09/20 21:08:57 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2012/09/20 21:08:57 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2012/09/20 21:08:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2012/09/20 21:08:57 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2012/09/20 21:08:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2012/09/20 21:08:57 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2012/09/20 20:53:40 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2012/09/20 20:53:39 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2012/09/20 20:52:13 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2012/09/20 20:52:12 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2012/09/20 20:52:12 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2012/09/20 20:52:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2012/09/20 20:52:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2012/09/20 20:52:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2012/09/20 20:52:12 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2012/09/20 20:45:01 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/09/20 20:45:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/09/20 20:45:00 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/09/20 20:45:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/09/20 20:45:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/09/20 20:45:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/09/20 20:45:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/09/20 20:45:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/09/20 20:45:00 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/09/20 20:45:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/09/20 20:45:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/09/20 20:44:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/09/20 20:44:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/09/20 20:44:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/09/20 20:44:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/09/20 20:44:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/09/20 20:44:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/09/20 20:44:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/09/20 20:44:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/09/20 20:44:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/09/20 20:44:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/09/20 20:44:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/09/20 20:44:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/09/20 20:44:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/09/20 20:44:57 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/09/20 20:44:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/09/20 20:44:55 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2012/09/20 20:44:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2012/09/20 20:44:55 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2012/09/20 20:44:54 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2012/09/20 20:44:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2012/09/20 20:44:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2012/09/20 20:44:54 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/09/20 20:44:54 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2012/09/20 20:44:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2012/09/20 20:44:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2012/09/20 20:44:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2012/09/20 20:44:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2012/09/20 20:44:53 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2012/09/20 20:44:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2012/09/20 20:44:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2012/09/20 20:44:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2012/09/20 20:44:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2012/09/20 20:44:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/09/20 20:44:52 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/09/20 20:44:52 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2012/09/20 20:44:52 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2012/09/20 20:44:52 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/09/20 20:44:52 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2012/09/20 20:44:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2012/09/20 20:44:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2012/09/20 20:44:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2012/09/20 20:44:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2012/09/20 20:44:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/09/20 20:44:51 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2012/09/20 20:44:51 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2012/09/20 20:44:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2012/09/19 17:58:34 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe

[2012/09/19 17:47:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012/09/19 17:47:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2012/09/19 17:47:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2012/09/19 17:47:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2012/09/19 17:47:38 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2012/09/19 17:47:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012/09/19 17:47:34 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2012/09/19 17:47:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2012/09/19 17:47:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2012/09/19 17:47:30 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2012/09/19 17:47:30 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2012/09/19 17:47:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2012/09/19 17:47:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2012/09/19 17:47:30 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2012/09/19 17:47:30 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2012/09/19 17:47:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2012/09/19 17:47:20 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/09/19 17:47:18 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2012/09/19 17:47:18 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2012/09/19 17:47:17 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2012/09/19 17:47:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2012/09/19 17:46:27 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2012/09/19 17:46:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2012/09/19 17:46:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2012/09/19 17:46:19 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2012/09/19 17:46:19 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2012/09/19 17:46:16 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012/09/19 17:46:15 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012/09/19 17:46:15 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012/09/19 17:46:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012/09/19 17:46:05 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012/09/19 17:46:00 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2012/09/19 17:46:00 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2012/09/19 17:45:59 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2012/09/19 17:45:59 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2012/09/19 17:45:59 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2012/09/19 17:45:58 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2012/09/19 17:45:58 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2012/09/19 17:45:58 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2012/09/19 17:45:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2012/09/19 17:45:58 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2012/09/19 17:45:58 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2012/09/19 17:45:58 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2012/09/19 17:45:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2012/09/19 17:45:39 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/09/19 17:45:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/09/19 17:45:37 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2012/09/19 17:45:37 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012/09/19 17:45:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2012/09/19 17:45:28 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2012/09/19 17:45:28 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2012/09/19 17:45:24 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2012/09/19 17:45:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2012/09/19 17:45:22 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2012/09/19 17:45:22 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2012/09/19 17:45:21 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2012/09/19 17:45:21 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2012/09/19 17:45:19 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/09/19 17:45:19 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/09/19 17:45:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/09/19 17:45:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/09/19 17:45:17 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/09/19 17:45:08 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2012/09/19 17:45:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2012/09/19 17:45:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2012/09/19 17:45:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/09/19 17:45:07 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/09/19 17:45:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/09/19 17:44:53 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2012/09/19 17:44:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/09/19 17:44:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2012/09/19 17:44:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2012/09/19 17:44:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012/09/19 17:44:48 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2012/09/19 17:44:41 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/09/19 17:44:39 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/09/19 17:44:39 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/09/19 17:44:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/09/19 17:44:29 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/09/19 17:44:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/09/19 03:40:36 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2012/09/19 03:40:36 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2012/09/19 03:40:36 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2012/09/19 03:40:35 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2012/09/19 03:40:35 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2012/09/19 03:40:35 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2012/09/19 03:40:35 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2012/09/19 03:40:28 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2012/09/19 03:40:27 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2012/09/19 03:40:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2012/09/19 03:40:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2012/09/19 03:40:27 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2012/09/19 03:40:27 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax

[2012/09/19 03:40:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2012/09/19 03:40:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax

[2012/09/19 03:40:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax

[2012/09/19 03:40:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax

[2012/09/19 03:40:18 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/09/19 03:39:57 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/09/19 03:39:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/09/19 03:33:56 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/09/19 03:33:56 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/09/19 03:33:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/09/19 03:33:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/09/19 03:33:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/09/19 03:33:55 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/09/19 03:33:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/09/19 03:33:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/09/19 03:33:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/09/19 03:33:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/09/19 03:33:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/09/19 03:33:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/09/19 03:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/09/19 03:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/09/19 03:33:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/09/19 03:33:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/09/19 03:33:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/09/19 03:33:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/09/19 03:33:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/09/19 03:33:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/09/19 03:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/09/19 03:33:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2012/09/19 03:33:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2012/09/19 03:33:25 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2012/09/19 03:33:25 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

more to follow......

Rosmon · October 2, 2012

snap.do malware report part 2

C:\Windows\SysWow64\explorer.exe