[Closed] Rootkit found

By Padredw
Nov 16, 2012
Topic Status:
Not open for further replies.
  1. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Just ran the OLT fix and the following file came up automatically. I will run again as directed--after this post:

    All processes killed
    ========== OTL ==========
    Use Chrome's Settings page to change the HomePage.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to change the HomePage.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com folder moved successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Padredw
    ->Temp folder emptied: 71812 bytes
    ->Temporary Internet Files folder emptied: 29181329 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 125829588 bytes
    ->Google Chrome cache emptied: 11659974 bytes
    ->Flash cache emptied: 42225 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 131862 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 12253137 bytes

    Total Files Cleaned = 171.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11272012_142215

    Files\Folders moved on Reboot...
    C:\Users\Padredw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  2. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    I should report that the 2083006 error was corrected on the FIRST run of the OTL fix (yesterday), but the ROOTKIT error report by Avast continues every time -- a few minutes after startup. There is one new anomaly which began after we started these procedures, and continues: At every shutdown, Windows Update attempts "1 of 1 Update." There is no error report, but the same attempt at update repeats exactly at next shutdown.

    I am now about to run OTL the second time as directed.
  3. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    First half of OTL Scan report:

    OTL logfile created on: 11/27/2012 2:36:42 PM - Run 7
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 63.86% Memory free
    7.81 Gb Paging File | 6.22 Gb Available in Paging File | 79.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.24 Gb Total Space | 71.80 Gb Free Space | 64.54% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

    Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/20 08:19:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Padredw\Downloads\OTL.exe
    PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/06/20 17:21:46 | 001,556,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    PRC - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    PRC - [2012/02/16 17:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    PRC - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    PRC - [2011/12/23 15:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2011/12/22 18:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2011/12/05 16:21:50 | 000,646,808 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
    PRC - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2011/10/24 16:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2011/10/04 14:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    PRC - [2011/10/04 14:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
    PRC - [2011/10/03 13:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/09 00:10:06 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/06/29 18:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2008/12/22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/13 20:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
    MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
    MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
    DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
    DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
    [2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
    [2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
    [2012/11/27 14:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - default_search_provider: MyStart Search ()
    CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O13 - gopher Prefix: missing
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\javascript - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local - No CLSID value found
    O18:64bit: - Protocol\Handler\mailto - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\javascript - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\local - No CLSID value found
    O18 - Protocol\Handler\mailto - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  4. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    SECOND half OTL report:



    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/27 11:26:04 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/11/26 12:29:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/11/24 10:32:49 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\mbar
    [2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
    [2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
    [2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
    [2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
    [2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
    [2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
    [2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
    [2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%

    ========== Files - Modified Within 30 Days ==========

    [2012/11/27 14:32:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/27 14:32:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/27 14:25:10 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2012/11/27 14:25:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/27 14:24:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/27 14:24:51 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/27 11:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/25 18:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
    [2012/11/24 10:48:45 | 000,053,262 | ---- | M] () -- C:\Users\Padredw\Desktop\MalwareClean Nov. 24 10.48.jpg
    [2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\2083006 Nov. 23 13.56.jpg
    [2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
    [2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScanMess Nov. 21 09.08.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
    [2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
    [2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini

    ========== Files Created - No Company Name ==========

    [2012/11/24 10:48:45 | 000,053,262 | ---- | C] () -- C:\Users\Padredw\Desktop\MalwareClean Nov. 24 10.48.jpg
    [2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\2083006 Nov. 23 13.56.jpg
    [2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScanMess Nov. 21 09.08.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okie dokie. Open Google Chrome, hit the Wrench icon (or the stack of triple dashes in the right-hand corner), and select "Settings".

    For the Homepage section...hit "Set pages" beside Open a specific page or set of pages.

    Delete this homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b

    -You can delete home pages by hitting the X at the far right next to the URL line.

    -In addition, delete any other entries that you don't think are legitimate or that you don't want. Feel free to adjust it however.

    Under Search, hit Manage Search Engines... and make Google the default search engine, by hovering over it and selecting "Make Default". Then, MyStart Search and any other bad looking entries should be deleted in the upper panel and in the lower panel of the Search settings box.

    For the top box, these are the default entries, and the URL that is associated with them. Make sure everything matches my screenshot below:

    chromesearch1.PNG


    Once you've done that, post new OTL log, and also do the following:

    Open Avast! program, hit the Scan tab and do a Full System Scan.

    Once that's done and it finishes doing any other necessary duties, and the scan results appear, please take a screenshot of the results and post it in your next reply. :)
  6. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    OK Chrome is adjusted just as your screen shot indicates--three search engines, Google as default (even as you probably know, I rarely use Chrome.) Now I am posting the OTL report text. Here is section ONE:

    OTL logfile created on: 11/28/2012 4:06:23 PM - Run 8
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.30% Memory free
    7.81 Gb Paging File | 5.63 Gb Available in Paging File | 72.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.24 Gb Total Space | 71.66 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

    Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/20 08:19:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Padredw\Desktop\OTL.exe
    PRC - [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/10/08 18:58:30 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    PRC - [2012/09/08 07:08:44 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/06/20 17:21:46 | 001,556,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    PRC - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    PRC - [2012/02/16 17:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    PRC - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    PRC - [2011/12/23 15:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2011/12/22 18:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2011/12/05 16:21:50 | 000,646,808 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
    PRC - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2011/10/24 16:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2011/10/04 14:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    PRC - [2011/10/04 14:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
    PRC - [2011/10/03 13:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/09 00:10:06 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/06/29 18:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2008/12/22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/13 20:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/18 07:53:26 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    MOD - [2012/10/31 16:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
    MOD - [2012/10/31 16:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
    MOD - [2012/10/31 16:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    MOD - [2012/10/31 16:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
    MOD - [2012/10/31 16:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
    MOD - [2012/10/31 16:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
    MOD - [2012/10/31 16:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
    MOD - [2012/10/31 16:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
    MOD - [2012/10/08 18:58:29 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    MOD - [2012/09/08 07:08:43 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
    MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
    MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
    DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
    DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
    [2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
    [2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
    [2012/11/27 14:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O13 - gopher Prefix: missing
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\javascript - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local - No CLSID value found
    O18:64bit: - Protocol\Handler\mailto - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\javascript - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\local - No CLSID value found
    O18 - Protocol\Handler\mailto - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========
  7. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    And here is Section TWO. (I will run the Avast full scan as requested after I post this.)



    [2012/11/27 11:26:04 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/11/26 12:29:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/11/24 10:32:49 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\mbar
    [2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
    [2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
    [2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
    [2012/11/20 08:19:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Padredw\Desktop\OTL.exe
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
    [2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
    [2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
    [2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
    [2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/11/28 16:00:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/28 16:00:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/28 15:52:51 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2012/11/28 15:52:47 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/28 15:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/28 15:52:36 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/27 15:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
    [2012/11/27 15:17:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/24 10:48:45 | 000,053,262 | ---- | M] () -- C:\Users\Padredw\Desktop\MalwareClean Nov. 24 10.48.jpg
    [2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\2083006 Nov. 23 13.56.jpg
    [2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
    [2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScanMess Nov. 21 09.08.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
    [2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/20 08:19:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Padredw\Desktop\OTL.exe
    [2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

    ========== Files Created - No Company Name ==========

    [2012/11/24 10:48:45 | 000,053,262 | ---- | C] () -- C:\Users\Padredw\Desktop\MalwareClean Nov. 24 10.48.jpg
    [2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\2083006 Nov. 23 13.56.jpg
    [2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScanMess Nov. 21 09.08.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
  8. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    OK here is the summary screen from Avast. I will post the full report in the next message:
    [​IMG]
  9. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Full report. I selected "delete" , Avast responded "completed on next reboot."

    [​IMG]
  10. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    I am sorry to have to tell you that the exact same message from Avast appeared upon reboot (not immediately, but at about the same time as usual after boot.)

    [​IMG]
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    • Please download Unhide by Grinler from here and save it to your desktop.
    • Double click unhide.exe to run the tool.
    • It will take some time to go through all your files, so please be patient.
    • Post logs, if any.


    RogueKiller Scan

    If you have any old version, delete that and do a new one please:

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  12. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Here is the log from UNHIDE:

    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 11/29/2012 10:41:57 AM
    Windows Version: Windows 7

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 157763 files processed.

    Processing the D:\ drive
    Finished processing the D:\ drive. 9275 files processed.

    Processing the Q:\ drive
    Finished processing the Q:\ drive. 0 files processed.

    The C:\Users\Padredw\AppData\Local\Temp\smtmp\ folder does not exist!!
    Unhide cannot restore your missing shortcuts!!
    Please see this topic in order to learn how to restore default
    Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

    Searching for Windows Registry changes made by FakeHDD rogues.
    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    No registry changes detected.

    Program finished at: 11/29/2012 10:44:48 AM
    Execution time: 0 hours(s), 2 minute(s), and 51 seconds(s)
  13. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    REPORT from RougeKiller:

    RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Padredw [Admin rights]
    Mode : Shortcuts HJfix -- Date : 11/29/2012 11:06:11

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 2 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 91 / Fail 0
    My documents: Success 0 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 25 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [Q:] \Device\SftVol -- 0x3 --> Restored

    Finished : << RKreport[3]_SC_11292012_02d1106.txt >>
    RKreport[1]_S_11292012_02d1104.txt ; RKreport[2]_D_11292012_02d1105.txt ; RKreport[3]_SC_11292012_02d1106.txt
     
  14. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    ABOVE was Report # 3. Below is Report # 1

    RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Padredw [Admin rights]
    Mode : Scan -- Date : 11/29/2012 11:04:05

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SanDisk SSD U100 128GB +++++
    --- User ---
    [MBR] ad783b9bf09aa0a92dc771bf1c09fde3
    [BSP] 1419c486b7ec0f63d56f86313fa755fc : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 113910 Mo
    1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 233289728 | Size: 8192 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WD 1600BMV External USB Device +++++
    --- User ---
    [MBR] f3a6ba5017b7aa3832cee05e72b93b55
    [BSP] d0ec2211ba2260ee6d54a28c5292c11f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_11292012_02d1104.txt >>
    RKreport[1]_S_11292012_02d1104.txt
  15. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Report # 2

    RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Padredw [Admin rights]
    Mode : Remove -- Date : 11/29/2012 11:05:23

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SanDisk SSD U100 128GB +++++
    --- User ---
    [MBR] ad783b9bf09aa0a92dc771bf1c09fde3
    [BSP] 1419c486b7ec0f63d56f86313fa755fc : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 113910 Mo
    1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 233289728 | Size: 8192 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WD 1600BMV External USB Device +++++
    --- User ---
    [MBR] f3a6ba5017b7aa3832cee05e72b93b55
    [BSP] d0ec2211ba2260ee6d54a28c5292c11f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_11292012_02d1105.txt >>
    RKreport[1]_S_11292012_02d1104.txt ; RKreport[2]_D_11292012_02d1105.txt
  16. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    BTW. The link to RogueKiller download seemed to work fine on my desktop, but on this (UltraBook) it bought up all sorts of optional downloads--too many to try to record, and NEVER did get the rouguekiller.exe. Fortunately, I found the download site directly. Just a interesting fact about the different responses to the link in your last post.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I know, all those download ads are terrible.

    Please run Panda ActiveScan online scan.
    • Choose Quick Scan then click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply
  18. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    SEE POST BELOW RE: INTERNET EXPLORER

    OK. The website would not scan directly. Here is the message:

    [​IMG]
  19. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    SO. . . I went ahead and downloaded as it offered, with the following result:[​IMG]h this result:
  20. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    It offered no txt file report. I tried a second time with the exact same response. That is where we are . . .
  21. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    OK, decided to use Internet Explorer. Here is the report:

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2012-11-30 14:41:58
    PROTECTIONS: 1
    MALWARE: 6
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! Antivirus Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\padredw\appdata\roaming\microsoft\windows\cookies\low\l5tpmqvz.txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\padredw\appdata\roaming\microsoft\windows\cookies\low\9f3xwo9s.txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\padredw\appdata\roaming\microsoft\windows\cookies\ypcj9xl7.txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\padredw\appdata\roaming\microsoft\windows\cookies\low\m1s6espd.txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\padredw\appdata\roaming\microsoft\windows\cookies\17yp3bae.txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\padredw\appdata\roaming\microsoft\windows\cookies\xwp654uo.txt
    00170559 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\padredw\appdata\roaming\microsoft\windows\cookies\yd8t2nep.txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  23. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Hello, my patient friend, we have both spent a fair amount of time and website space on this. It is no problem for me, I have enjoyed it, and it should be obvious I am not dependent upon the computer in question, as I use it primarily for traveling and I have no such plans for a while. So ... I have nothing but appreciation for all your efforts. It is simply out of honest that I report to you that the original message which occasioned my entry upon this website, has just appeared as it has, without one exception, upon every startup of this computer. Just to remind you here is that message: (The text of my personal message to you will follow in a separate post.)

    [​IMG]
  24. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Now, for the good news: the computer seems to be operating just fine. I have never detected any malfunction based on that message, but it is still there, as it has been throughout our extended conversation.

    In fact, there is still that additional anomaly that appeared during our efforts: every time I shut down, I get the normal Windows message that 1 of 1 updates is being installed and that I should not turn off or unplug my computer. On attempt at manual install, the one update fails.

    You have nothing but my good will and appreciation. None of this is intended as complaint, but I do not wish to set up restore point, etc. yet.

    Remember, have patience with an 80 year old--who is doing his best.

    Thank you, friend.
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It is recommended to do a reformat and reinstall of your operating system. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

    I recommend the following articles to read:
    Guide for format and reinstall:
    http://www.helpmyos.com/tutorials-s...-your-operating-system-the-easy-way-t1307.htm
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.