Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Remove MyStart by Incredibar [Solved]


  • This topic is locked This topic is locked
20 replies to this topic

#1 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 22 October 2013 - 08:39 PM

My tablet PC has MyStart Incredibar. How do I remove it ASUS eePC 1025C running Windows 7 Starter DDS File DSDS File DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16720 Run by Patty at 23:28:51 on 2013-10-22 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.164 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\taskeng.exe C:\Program Files\ASUS\InstantOn for EPC\InsOnSrv.exe C:\windows\system32\AsusService.exe C:\windows\system32\atashost.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe C:\windows\system32\dmwu.exe C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe C:\ExpressGateUtil\VAWinService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\ASUS\InstantOn for EPC\InsOnWMI.exe C:\windows\system32\wbem\wmiprvse.exe C:\Windows\System32\jmdp\stij.exe C:\Program Files\Asus\Eee Docking\Eee Docking.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe C:\ExpressGateUtil\VAWinAgent.exe C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe C:\windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Elantech\ETDCtrl.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe C:\Windows\System32\rundll32.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\conhost.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN72404044931960723&UM=2&ctid=CT3279414 uSearch Bar = Preserve uSearch Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Speed Analysis 3: {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - c:\program files\speed analysis 3\ScriptHost.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [BC709601F80CC137C2510FB0F0C99293758EA3EC._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service uRun: [HP Photosmart 5520 series (NET)] "c:\program files\hp\hp photosmart 5520 series\bin\ScanToPCActivationApp.exe" -deviceID "CN31N1609P0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ConduitFloatingPlugin_jccpjpmiegdnbmbnaiaicnaakpacgbdi] "c:\windows\system32\rundll32.exe" "c:\program files\conduit\ct3279414\plugins\TBVerifier.dll",RunConduitFloatingPlugin jccpjpmiegdnbmbnaiaicnaakpacgbdi mRun: [GfxServiceInstall] c:\windows\system32\GfxCUIServiceInstall.vbs mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HotkeyMon] AsusSender.exe c:\program files\asus\hotkeyservice\HotKeyMon.exe mRun: [HotkeyService] AsusSender.exe c:\program files\asus\hotkeyservice\HotkeyService.exe mRun: [SuperHybridEngine] AsusSender.exe c:\program files\asus\she\SuperHybridEngine.exe mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto mRun: [CapsHook] AsusSender.exe c:\program files\asus\capshook\CapsHook.exe mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.108.222\AsusWSPanel.exe /S mRun: [VAWinAgent] c:\expressgateutil\VAWinAgent.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [iSeriesCharge] AsusSender.exe c:\program files\asus\usbchargesetting\iSeriesCharge.exe mRun: [Conime] c:\windows\system32\conime.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{ACF3E696-9908-48CE-B069-C06327FFF7E6} : DHCPNameServer = 24.92.226.11 24.92.226.12 192.168.1.1 TCP: Interfaces\{D8C86D20-7DCF-4CA3-A0EC-27F7BAC44808} : DHCPNameServer = 209.18.47.61 209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-17 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-17 175176] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2012-4-11 11832] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-5 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-5 369584] R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\asus\instanton for epc\InsOnSrv.exe [2011-11-30 92800] R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2012-4-11 224680] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-5 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-5 66336] R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-10-6 133944] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-22 46808] R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-4-11 1432368] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-6-19 394712] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-6-19 777728] R3 AiDriver;ASUS Charger Driver;c:\windows\system32\drivers\AiDriver.sys [2012-10-5 14720] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2012-4-11 118568] R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-4-5 1344512] R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-4-5 419328] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-4-5 278528] R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-12-26 91760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 DCDhcpService;DCDhcpService;c:\program files\wisharing\DCDhcpService.exe [2012-4-11 108544] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-30 14848] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-30 49664] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-8-30 27136] . =============== Created Last 30 ================ . 2013-10-23 03:25:16 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5d76151c-3397-4cd3-b4f7-c8e0cfe1a228}\mpengine.dll 2013-10-23 01:58:53 -------- d-----w- c:\users\patty\appdata\roaming\Malwarebytes 2013-10-23 01:58:34 -------- d-----w- c:\programdata\Malwarebytes 2013-10-23 01:58:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-10-23 01:58:09 -------- d-----w- c:\users\patty\appdata\local\Programs 2013-10-23 01:33:07 -------- d-----w- c:\program files\VS Revo Group 2013-10-22 23:56:47 -------- d-----w- c:\users\patty\appdata\local\{D259815E-39A7-4CE8-B1A0-A88D01E0FD29} 2013-10-21 22:42:09 786336 ----a-w- c:\program files\uninstall information\ib\97\3868\ib_uninstall.exe 2013-10-21 22:40:41 -------- d-----w- c:\programdata\Conduit 2013-10-21 22:40:25 -------- d-----w- c:\users\patty\appdata\local\Conduit 2013-10-21 22:36:52 -------- d-----w- c:\users\patty\appdata\local\CRE 2013-10-21 22:36:49 -------- d-----w- c:\program files\Conduit 2013-10-21 22:36:28 -------- d-----w- c:\users\patty\appdata\roaming\SpeedAnalysis3 2013-10-21 22:36:25 -------- d-----w- c:\program files\MyPC Backup 2013-10-21 22:36:05 -------- d-----w- c:\program files\Speed Analysis 3 2013-10-21 22:35:58 -------- d-----w- c:\programdata\IBUpdaterService 2013-10-21 22:35:57 -------- d-----w- c:\users\patty\appdata\roaming\zulagames 2013-10-21 22:35:57 -------- d-----w- c:\users\patty\appdata\roaming\File Scout 2013-10-21 03:27:55 -------- d-----w- c:\users\patty\appdata\roaming\com.adobe.mauby 2013-10-21 03:08:02 -------- d-----w- c:\users\patty\appdata\local\Wondershare 2013-10-21 03:07:58 -------- d-----w- c:\program files\common files\Wondershare 2013-10-21 03:06:32 -------- d-----w- c:\users\patty\appdata\roaming\Wondershare 2013-10-21 03:06:14 -------- d-----w- c:\program files\Wondershare 2013-10-21 02:52:51 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1327c3f6-ea7e-46d5-9ad8-c044bbe9b521}\offreg.dll 2013-10-21 01:17:11 -------- d-----w- c:\users\patty\appdata\local\{301F341F-093F-4CCE-B69C-AF1E3154D473} 2013-10-20 23:16:44 -------- d-----w- c:\windows\system32\jmdp 2013-10-18 19:55:54 7796464 ------w- c:\programdata\microsoft\windows defender\definition updates\{1327c3f6-ea7e-46d5-9ad8-c044bbe9b521}\mpengine.dll 2013-10-18 19:40:07 -------- d-----w- c:\users\patty\appdata\local\{DD6B93F0-0510-4219-8D80-0AFFADA019C0} 2013-10-17 23:56:38 -------- d-----w- c:\users\patty\appdata\local\{4A9D64F9-3298-4CE1-9B0F-108C6AF3B5A9} 2013-10-15 00:02:06 -------- d-----w- c:\users\patty\appdata\local\{5FCB2AAC-0FF9-4693-88B2-8FB67436D562} 2013-10-13 00:41:35 -------- d-----w- c:\users\patty\appdata\local\{1ED78CBC-E006-4200-A3FC-71BB828126CF} 2013-10-11 19:20:29 -------- d-----w- c:\users\patty\appdata\local\{FB98C699-0460-44D7-A381-B7F726FF29F4} 2013-10-10 18:33:18 -------- d-----w- c:\users\patty\appdata\local\{93DF670D-ECD1-4B00-9190-0801766831C5} 2013-10-10 01:51:05 530432 ----a-w- c:\windows\system32\comctl32.dll 2013-10-10 01:51:01 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys 2013-10-10 01:50:59 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys 2013-10-10 01:50:47 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-10-10 01:50:41 231424 ----a-w- c:\windows\system32\mswsock.dll 2013-10-10 01:50:39 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2013-10-10 01:50:19 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-10 01:50:05 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-10-10 01:50:02 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-10-10 01:50:00 619520 ----a-w- c:\windows\system32\tdh.dll 2013-10-10 01:48:59 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-10-10 01:21:09 -------- d-----w- c:\users\patty\appdata\local\{F39EE16F-3419-4268-B17F-73973D9FAB9D} 2013-10-08 16:51:28 -------- d-----w- c:\users\patty\appdata\local\{8440DA96-8A06-492E-A323-73A73A52F19B} 2013-10-08 16:50:46 -------- d-----w- c:\users\patty\appdata\local\{F90CDDFE-736F-497C-9329-13B72AD08167} 2013-10-07 22:41:30 -------- d-----w- c:\users\patty\appdata\local\{D6FEA074-834D-4BEB-9D04-DC2D3B38C09A} 2013-10-07 22:31:38 -------- d-----w- c:\users\patty\appdata\local\{A8CF9876-BB35-4BF2-ACBE-1D054E7993DC} 2013-10-05 02:25:55 -------- d-----w- c:\users\patty\appdata\local\{6B21BA1D-69AC-4EEB-B3EA-30C29EB93A33} 2013-10-04 14:24:14 -------- d-----w- c:\users\patty\appdata\local\{5AE143A3-8611-424D-94F7-BF25B9E60919} 2013-10-03 15:12:02 -------- d-----w- c:\users\patty\appdata\local\{F89AE466-3634-454D-BF58-A214FDE1BDE7} 2013-10-02 19:25:12 -------- d-----w- c:\users\patty\appdata\local\{FAE32D55-D34F-4C86-A4AC-DC1E09BAB478} 2013-09-30 20:13:15 -------- d-----w- c:\users\patty\appdata\local\{B725C0A3-B7FF-47A4-AC07-C98626A94C6D} 2013-09-30 01:00:17 -------- d-----w- c:\users\patty\appdata\local\{48CB10B6-1FBD-4E54-BC49-D825AF65F411} 2013-09-27 23:31:07 -------- d-----w- c:\users\patty\appdata\local\{70B116F6-55E6-4926-BAD4-F68E0DB07882} 2013-09-26 23:57:28 -------- d-----w- c:\users\patty\appdata\local\{2A4AD4AC-1FC9-4BD3-A135-27627C731645} 2013-09-24 17:19:35 -------- d-----w- c:\users\patty\appdata\local\{CDD9476C-F1FB-4203-A85A-558ACA9768F7} 2013-09-24 16:55:40 -------- d-----w- c:\users\patty\appdata\local\{2F4CB4F1-04C1-4F40-A529-5F4DB464BD70} . ==================== Find3M ==================== . 2013-10-15 08:43:06 1432368 ----a-w- c:\windows\system32\dmwu.exe 2013-10-15 08:35:54 27136 ----a-w- c:\windows\system32\ImHttpComm.dll 2013-10-14 17:41:59 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-10-14 17:41:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-10-14 17:41:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-10-14 17:41:59 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-10-14 17:41:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-10-14 17:41:27 41664 ----a-w- c:\windows\avastSS.scr 2013-10-10 01:27:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-10 01:27:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-30 15:53:04 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-09-30 15:53:04 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-09-30 15:53:04 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-03 18:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll 2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll 2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll 2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe 2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-07-25 20:47:14 6583664 ----a-w- c:\program files\AVAST Softwar 2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL . ============= FINISH: 23:32:24.38 ===============

Edited by dbjb7606, 22 October 2013 - 10:42 PM.

    Advertisements

Register to Remove


#2 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 22 October 2013 - 09:35 PM

Deleted

Edited by dbjb7606, 22 October 2013 - 10:50 PM.


#3 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 24 October 2013 - 05:28 AM

:welcome:

Hello dbjb7606,

my name is Jo and I will help you with your computer problems.


Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic ‘til you get the “all clean” post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I will return as soon as possible with more instructions.

Graduate of the WTT Classroom
Cheers,
Jo

#4 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 24 October 2013 - 11:18 PM

Hello dbjb7606,

1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
  • double-click AdwCleaner.exe
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo

#5 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 26 October 2013 - 08:23 AM

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
ASUS USBChargeSetting iSeriesCharge.exe
AVAST Softwar
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



malware bytes log

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Patty :: PATTY-PC [administrator]

10/25/2013 5:53:06 PM
mbar-log-2013-10-25 (17-53-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 196845
Time elapsed: 37 minute(s), 54 second(s)

Memory Processes Detected: 1
C:\Windows\System32\dmwu.exe (Adware.InstallBrain) -> 1968 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (Adware.InstallBrain) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> No action taken.

Files Detected: 2
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> No action taken.
C:\Windows\System32\dmwu.exe (Adware.InstallBrain) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


adwcleaner log


# AdwCleaner v3.010 - Report created 26/10/2013 at 00:52:41
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Patty - PATTY-PC
# Running from : C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07Z28BDV\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService
Service Deleted : lssvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Linksicle
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\windows\system32\ARFC
Folder Deleted : C:\windows\system32\jmdp
Folder Deleted : C:\windows\system32\WNLT
Folder Deleted : C:\Users\Patty\AppData\Local\Conduit
Folder Deleted : C:\Users\Patty\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Patty\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Patty\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Patty\AppData\Roaming\file scout
Folder Deleted : C:\Users\Patty\AppData\Roaming\SpeedAnalysis3
Folder Deleted : C:\Users\Patty\AppData\Roaming\zulagames
Folder Deleted : C:\Users\Patty\Documents\optimizer pro
Folder Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\END
File Deleted : C:\windows\system32\dmwu.exe
File Deleted : C:\windows\system32\ImhxxpComm.dll
File Deleted : C:\Users\Patty\AppData\Roaming\speedanalysis.ico
File Deleted : C:\Program Files\Mozilla Firefox\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Speed Analysis 3.BackgroundHostObject
Key Deleted : HKLM\SOFTWARE\Classes\Speed Analysis 3.BackgroundHostObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Speed Analysis 3.Navbar
Key Deleted : HKLM\SOFTWARE\Classes\Speed Analysis 3.Navbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Speed Analysis 3.Tool
Key Deleted : HKLM\SOFTWARE\Classes\Speed Analysis 3.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279414
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_angry-birds_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_angry-birds_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6521 octets] - [25/10/2013 18:51:17]
AdwCleaner[S0].txt - [6520 octets] - [26/10/2013 00:52:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6580 octets] ##########

#6 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 26 October 2013 - 11:54 AM

Hello dbjb7606,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
  • Shutdown your antivirus to avoid any potential conflicts.
  • Double click JRT.exe to run the tool.

    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Post the contents of JRT.txt into your next reply.

***

Download OTL to your desktop.
  • Double click on the icon to run it.

    Vista / Windows 7/8 users right-click and select Run As Administrator.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


How the computer is running now?
Graduate of the WTT Classroom
Cheers,
Jo

#7 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 26 October 2013 - 05:36 PM

Malware Byte found nothing

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Starter x86
Ran by Patty on Sat 10/26/2013 at 18:39:35.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3285163521-1088001741-378077828-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}



~~~ Files

Successfully deleted: [File] "C:\Users\Patty\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Patty\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0202CE42-3F89-45E9-8D77-700EE7E498D4}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{025BB4D6-29CA-464F-8BA7-A3C6FCE30F1C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0308ECDA-C83E-4819-B4ED-9CBFED3B80BA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{037C1C25-CADD-4347-B908-E26FD2633A77}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0402D688-74D8-432A-9B7B-98340D54A629}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{047A4D01-77C6-4DCE-83B5-1EB81B1B8483}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{049352A6-39FC-476C-BF8B-9781CE3B9E08}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{04A718A0-E8C4-41AC-B874-C2DF136EDA2C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{04F442F0-EE2B-486E-B097-18C5A02B8D32}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{04FAD0D5-CFAC-4D61-9BA2-7F23565541CB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{063848B0-93AB-46C7-A46C-B1646AA567ED}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{06408578-C26C-4711-BD62-E4CE3F23E231}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0795300A-0263-4460-B026-013D2F9AE0AB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{086D8496-0111-4781-A60A-97F7CCAE18FF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0A0B5F8D-F506-4E66-BA60-737FCFE18134}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0AA56201-626D-481F-A6C8-03A7A2402DFD}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0B12042A-F025-49B3-939B-8F557F98B2C3}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0B354103-B091-47ED-888D-CA7923AAA5BB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0BA7CFE8-0864-427C-9673-D596256CCD28}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0BF6C424-1A32-43F3-9FBE-81B67D353AE7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0C8CDD95-DA43-448E-B3B8-C2620640425B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0CBD7D4A-A657-4BAF-8C2D-7BB238A1E6FD}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0CE34FAC-A8D0-40AF-AF8D-C9AB4E37751D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0D725D8A-A09E-4993-8F1D-E1A6BBC5867F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0E4C0F2D-FC0F-4737-BF3B-C1FF730FD3D6}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{0F13862C-2EBB-4E54-963B-3DDD2255B4B3}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{11FC2634-F8F0-44D2-ABCF-CF073E75F459}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{13C0CA14-A67C-416E-A869-1E0EFD25C1DC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{13C4FC8A-FCD8-4A7D-9A96-A12F033D4BFF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{15B5BB44-8133-4CFD-8E8C-CBED0C0CEDAD}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{16931E73-97AA-4B1B-89B5-8BED74BD419A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1776D3C5-C369-42FE-B29F-F4C6476468E6}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{18BF09B4-DF7E-4756-B3AB-3D07AB226CBB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1926F74C-3512-46FA-93E3-97AAA4FF5E56}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1A96A35F-E6B0-4DCE-990C-076B48395DBB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1B83BEEC-215F-4B65-99B1-84BEEA4E66E1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1BCBBB9E-DF7F-447A-AD7E-404C8D38E8FF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1CF51FA2-5AD7-4D7E-B774-99864931EF7D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1D16CF0B-EC7A-4459-953E-4ECD1B929B2E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1EB90A39-F9C5-4563-B143-031BD0266EDB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1ED78CBC-E006-4200-A3FC-71BB828126CF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{1FA328FE-D8B9-4372-9F92-FD7A18CC8442}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{20EF8F27-DA47-4B4E-8706-2AA0EA2310EC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{2160EA9F-D7CF-4C39-A1E3-CB873269583E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{23B9A736-2E0E-4A7C-9534-0B412916733C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{23F2578E-30B5-44C9-8CC3-61CB76D94AD0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{24F448B5-5E4E-405F-8BF7-D64009DFD206}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{25A6B34A-A19A-4267-9BB0-D2706701ABD8}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{272B8E45-95FF-4442-B9E6-03405A94DF70}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{285B5F49-29A9-44B4-8136-E14AC3D50598}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{2873A594-2D32-4B0B-B4B8-E8FA6E032AF3}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{29611268-C2EE-421C-B354-4635B8B7A02E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{29A6FE66-9E2B-48AE-BD58-6918D8A29D1C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{29FC7A76-C1F3-4CAE-8B1D-EB108B520BD0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{2A4AD4AC-1FC9-4BD3-A135-27627C731645}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{2B4BD0AE-12D3-41E5-88E2-D87AE0B96BC4}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{2B65E4EE-805B-458A-A4B0-CFF7FC8DCC71}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{2D8CFED0-816E-4C44-BACA-68CCC55A1719}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{2F4CB4F1-04C1-4F40-A529-5F4DB464BD70}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{301F341F-093F-4CCE-B69C-AF1E3154D473}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3077AF78-9773-4110-A470-4B3F538BB346}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3108E7B5-EABD-4044-9373-46FFBB84C5C8}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{31B53E66-047F-4DB0-93BB-649AC34A5D2C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3394FBC7-C766-4FFB-B5ED-D6EF9563F9E2}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{33A57222-DC3C-4095-B95A-AE52F3739499}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{34E913FB-9D89-45B1-8667-04A37AD95C98}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3586F154-8348-4666-818C-42DFE7227505}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{36362244-2E37-49AF-B483-7158E89E9402}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{36DF6C7A-8947-47FA-9B03-662D388493CA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{38ABA2E5-2E30-4691-9A87-EB4D05041C65}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{38D0EE0C-60C8-46F2-B8F8-6D880F9E338F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{393FA67D-2B2F-4086-8180-B7B23D2F6608}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{39FD7B60-BE14-426D-B425-92CDD9EF0848}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3A62F8B9-2D56-4966-91C7-8EA477CDDEED}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3B965432-AC5F-464F-9BCC-485E11C57378}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3CBFB059-0E0B-4026-9FC2-5D109DB584E1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3EBBBF75-7D5D-4B50-80CD-509D7FDA2185}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{3F39D094-EA08-4F3B-8DEE-B717B7A7E876}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4041A2D3-1B3A-4A81-8A53-DBBEBD7A8454}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{404B2B13-9A2D-47E6-B41E-9FB37F8EFEC9}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{41A6FE29-8052-45F7-B4CE-F1440CF87947}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{424953AC-6DBF-4A1E-BED5-6D330DB13A36}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{42A92D6E-8467-4F78-B4B1-989D66B363F7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{43A1DB9A-629C-4ED3-9459-5259304FA53C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{43EC43A0-D572-48C5-8C3E-E6AFEFEEE24B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4494B7A6-5260-461B-AA45-1BB01F410645}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{45A59437-7079-4799-82FF-1DA37F10F6F5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{45C36EFC-CAEF-40CA-A649-46930C225DFC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4696CF3D-E54E-4317-A837-E5236D67427D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{46FD6D1B-E5D2-4059-A38A-8D3B56842C16}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4781E320-C067-4B77-AD7D-432EEE5DAC63}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{47DAA185-5E06-4AB1-B152-A9B8A89FA7AE}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{47EB86D2-029D-49AF-AD23-1B19B9233FFF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{481A288E-C1E2-4974-A6CB-1C7DC5B44E2E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{48CB10B6-1FBD-4E54-BC49-D825AF65F411}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4A9D64F9-3298-4CE1-9B0F-108C6AF3B5A9}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4C2021DD-9E47-410A-A4F0-F704862FA401}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4F29C595-5F1F-4AEC-8ACF-10AFB708516F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4FA74F79-283C-4459-B303-EDD4491D75DA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{4FD94E4D-69F9-4390-ACDE-6671F975F2E5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5082ABC4-C656-4A35-A77D-27DF50A44078}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{513CB47A-8A4B-476E-93C8-AB133A576B7E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{55105BC6-2AA4-4660-BED2-D37209D62C92}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{559E0923-6CB0-4D85-8C88-088DEF40829F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{56BF1617-12E1-4AAB-BCB7-9D66533B8428}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{57EE4252-1B13-4B87-AB47-31BF20D2915C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{59482C56-9015-40EA-B58D-D4F3B633F848}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{594EFF15-3851-48BA-8D66-56A0DD8FE431}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5A387585-5564-4C8F-AD56-C0A9E15859C6}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5A4657BE-64EC-4715-BB54-4D62DDB918FE}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5AE143A3-8611-424D-94F7-BF25B9E60919}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5B9CF9FE-F0DC-4908-921B-1F400D53D6D8}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5BBA844A-A160-4793-B6CE-481FEE0AEBE2}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5C2485D0-4D3D-4CC0-8412-B7A9319F0BC2}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5C480DE6-0673-4EE5-9217-CDCE123641DA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5C6E8CCC-A254-4AD2-8519-F80755A6F436}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5EFD8C66-F6F3-4A62-822A-F997E95BBA27}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5FAA49AF-7D21-4ACA-86C1-61F3ED71A902}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5FACFB09-D85A-4B9A-8713-796EC6AB9887}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{5FCB2AAC-0FF9-4693-88B2-8FB67436D562}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{605DD898-383B-40A4-B6B1-20E5B6F354EA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{611518AE-276E-41DD-93FB-E9F2047ACB7C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{63954043-C191-4102-87B2-0C72CF597666}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{641094B5-116C-4899-988B-0C5AF07CFDB2}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{64C783DD-7871-4167-8F19-19C7D159F96B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{694B1738-A74B-4DD1-AB87-16E4AD673D38}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{6B21BA1D-69AC-4EEB-B3EA-30C29EB93A33}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{6B55FD5C-454C-494F-A92D-F002CDB0225A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{70225506-5E9A-4E9E-AF9E-65E1E9954BBA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{70B116F6-55E6-4926-BAD4-F68E0DB07882}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{718B4A12-57AD-4BB8-A036-2B174BCE6C9F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{728CF09F-AD63-42AC-9820-5AB5DD706868}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{73E38C62-9AB1-44D0-9F98-878B88A1D7BE}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{766870A1-CE98-4516-9C5A-39512FFFFE06}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{767835D6-5AEA-464B-9DC5-971EACC54C9B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{77696392-2FCA-40BA-8EFD-22ACB666B6A2}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{77E8A337-5190-4482-93E2-C0A35048DEAA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{77FFBA00-AFB4-47C9-8933-165B42EAD53B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7841E807-EFEE-4C3C-AC80-9B845B0FFD27}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{78D91A87-8056-4614-84EB-2705025C6942}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7A118916-63C1-4ED4-9A57-EF9E559A1997}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7B2D6998-6279-42F0-8684-B3D2789D7BF5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7BB6477F-486E-4A65-9DD1-87BFC3F00C2D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7C1CCC09-672D-4507-9063-7DDA92F258C0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7D55758E-2E79-4BB3-8CD8-65208331BE8E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7E30AD63-740F-4098-8632-65880FA6FDD3}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7E7741C6-0E7D-4692-84C0-DE835CCA6E92}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7F5EBA1C-B0F6-4A07-83A8-64414EE3915A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{7F806F3F-8C65-4504-A320-B0F9D7EA9A97}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{8242730F-C64C-4D63-9B77-724C939E9AC9}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{829DD7F2-576B-400C-9F5A-5742BBE9F1C5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{82AAA84A-30BF-4DA7-8197-F643EED7A048}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{83DF4F8F-E4B3-4D2F-AC1F-9D3B113DBDA7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{8440DA96-8A06-492E-A323-73A73A52F19B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{853AD9D9-0274-40D9-A99A-934726D3C83B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{865A915F-2849-486E-953C-6D5DAEFD4D36}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{868EE955-A955-4570-9261-ECA44C8EF819}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{87A82216-71D5-4F58-BD41-B9678B656B6D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{8911FA7F-C535-421D-BDAE-2B9B2A0B3BFA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{8BDA5DC3-F644-4E6F-88CD-2D23D3EBE5F1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{8D9456F8-AE75-4FBC-8394-D5691E91A404}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{8E7B189B-00A8-4002-BA56-A96946C5A572}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{8EABD0F9-F308-47E9-8C94-EF02F28CBE9B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9054ECBF-2672-42C6-9701-7D51B5478EE7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9099493E-19E4-4F49-8215-07B0DB52F403}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9287E7CC-73FE-416F-885F-4E18587A6F02}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{92899287-10EC-4871-B8CA-CD20B5D1ADDD}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{93DF670D-ECD1-4B00-9190-0801766831C5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{94A796A0-92EC-4B02-9279-F681C7024F2E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{95C0DAC6-D520-403A-B522-6031BFD4FAFF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9627BCF6-15F4-4E17-8F3E-CC9C08348ADF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9700FDAE-4F99-4A97-9FA8-5938F3A9A283}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{97E7322C-D199-4392-8D67-C68697CE1129}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9AA8E047-B2C8-483B-AF36-5E027B96C049}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9C896F2A-ABDB-4186-8691-1F2B288F40BC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9C90A3DA-80AC-44F0-9A30-35B757C5FFEF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9D6205A8-550C-426D-8B61-810FC5D8B7B6}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{9E93E290-874D-4CE3-AD80-02D38FA18198}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A2AE7E67-428C-42BA-B9E1-2125A491FD69}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A3768EB1-76F3-465E-9604-6BBA313BD69A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A3F6390C-E62D-4479-A7C8-BFEFCF5B6E6B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A43D90CF-2C23-4BB8-A915-E867023DC702}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A5F266F5-7015-4C6D-96A2-5141D99A9289}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A63C997B-FDCA-47A8-882E-114731F37467}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A6A82ED1-9888-4D18-B5FF-792EA3F6C674}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A7835A28-7A70-423E-AAC6-89AEB6F44543}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{A8CF9876-BB35-4BF2-ACBE-1D054E7993DC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{AA511A10-134E-4F6F-885C-429664D4756C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{AA5ACB17-510E-486E-87D5-84266505FD09}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{AC236530-9C07-49E6-8477-223787A4BB62}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{AC54544C-98EA-4FB0-A3F2-96191515D4CB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{AC8E883B-C6E5-4D91-A4CC-7D2A95E19EDC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{ACA12DCC-7927-4354-8063-B86E58627AB5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{AF78B3DE-381B-42D8-86E6-C59CD46F75F4}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{AF996292-F582-4911-BB5E-E8E86126A818}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B08AE933-DF95-43D3-88E0-4FCCF349725B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B1D9250E-FA5C-44C4-9A9B-3D87478EE092}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B2090661-5573-4338-99F9-1C3DEDD3E013}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B214DD30-48A7-4AC5-9A87-EEA9913638D2}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B6334849-B901-47D9-BB2B-D2AD3197D3CC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B725C0A3-B7FF-47A4-AC07-C98626A94C6D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B7EAA77F-D68F-40C5-BD15-B7D2B3A6080C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B88B3CE2-C580-40CB-8D68-A3A76E0F96D1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B8F52C38-CE19-4A7A-A363-96B2E4029726}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B9655BF5-04C6-4D38-B65A-BDF1472CEFA1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{B9ECA74C-07F1-4DD1-BE21-EC8267F4721F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BBE562C2-2D80-4459-9D57-6181ED760A6C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BC0E1993-0C72-4AFA-A932-29A1AE1EF943}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BC424298-00CD-4DAC-849E-DA5535CFB963}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BC7A78BD-AC55-439F-931C-DE929A350268}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BD31E101-C26A-441C-B83C-77BB46A08A79}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BE1D5DB1-0F08-4879-B0E7-F94362648083}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BE8389B8-AC3B-4D8A-8B8A-BBEF81842B22}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{BF531029-6965-4633-89AE-E75338CDAE97}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{C0243022-D336-4914-AD2A-3A8CDAEC3E2A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{C0678C7C-6AA0-48AC-94BB-ACC4F8B829A1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{C3EB9205-E802-4460-87FC-3A254A1774DC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{C4B66046-A913-4238-B167-71FF00A33DC0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{C57E9264-2704-4C91-B0D0-17FA3F3684C5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{C8B920D5-C688-44FF-A716-3B9329219D1F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{C8F4503C-C251-49C6-B459-549ADC587A48}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{CAA41B9B-A40F-40A5-9211-CF5C3DFA962E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{CC8FF818-FD7E-4D1B-B2D6-C30527A30AAC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{CCF8716F-D918-4FDF-A76E-E648F7BE81B3}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{CDD9476C-F1FB-4203-A85A-558ACA9768F7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{CDF9C8B9-AD80-4278-9A37-33B8B1366967}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{CE528876-408E-412C-93D1-6C2DA4B5A0E5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D0248924-7099-4CC4-BD96-5DD6E5568C01}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D14B69A7-EA2A-48F0-8824-EE5827289D8B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D15C3BF6-1432-44C8-AFB4-0E4D12361131}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D1989E02-1B48-423E-B31F-4F02C9CA38EA}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D259815E-39A7-4CE8-B1A0-A88D01E0FD29}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D379E4B7-1F53-42F8-8696-FBD7B0F51444}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D4557B6F-E3C3-4197-9BFF-4F94C3D81281}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D46B851C-C60E-47F2-B444-ABA4BA96E29B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D65DAD5A-2524-486A-A965-A67F8DF6A3DB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D6FEA074-834D-4BEB-9D04-DC2D3B38C09A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D70C0AB7-2229-410A-BE21-E26E5045ADD0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D7AE17D2-9328-463A-A76B-43C4B701A747}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D814DEB7-E075-4E94-B6DE-A7D2101C0756}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D8C2E84E-BEF5-4D23-A509-4713E1CBCA3A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D943F0C4-F1BB-4AA4-8068-9F965F7D11B5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{D997BDF9-DAAF-492C-85BE-19894BEBB301}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{DA7A6E79-F951-4821-A116-B32D16B92FB6}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{DAF34068-01EA-40B4-A94E-034B6970EEC6}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{DD05CC90-DAD4-4316-9ED2-112EF457FAA6}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{DD6B93F0-0510-4219-8D80-0AFFADA019C0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{DE20B765-DC0A-4397-926D-577F1E01F2D7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E1588376-A04E-4BD8-942A-6E39F1D6AEED}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E25262E5-5073-4A8D-A65D-1D723E254932}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E27883C1-2E6C-44A2-8BA1-6C0C4A82FD55}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E2D4ED5E-B4AF-460A-83E5-644EAD64F304}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E373E65B-AF29-4254-9946-A8BC5FAB81F7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E5D783F1-989C-4FDB-95E6-B7EB4476002F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E5EB5FA3-4DF1-470A-8626-0076CCD09899}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E633CFEF-8313-4A00-8357-A87BA35AFCFB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E6EC0EB0-AEA0-4A64-9535-95D69670F5F7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E71960B0-28DA-4014-99C9-64C6FB0BC7A0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E74814E9-B542-42DA-BAB5-A458E78C339D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E75504F3-923F-45F4-A06A-452557B837A9}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{E9834434-8FFA-42DB-830B-0945402FDAEB}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{EA97F8D9-1D49-419C-ACE9-0F88B0D18957}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{EAD93520-4122-4127-9C8C-EE191E8D17B5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{EB040D03-3321-4673-B01B-2D2D69901F25}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{EC883464-6988-41D8-9210-2EE8DC5AAE4F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{ECEBB328-7062-41D4-8887-F598B3675350}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{ED38067F-B5F9-4EDE-8698-EEE98170679D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{ED3BBF81-D2B3-4094-AAF3-FB37368933A1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{ED674886-F252-443E-9C8E-B798A698096A}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{EE6351B0-450E-4578-A88A-F1B504377C2C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F097D23C-323C-4968-BF99-B0D9B71E5A0C}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F1E4E3A9-5947-4238-88B5-BF5C1D5C16BF}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F291DB27-7002-46EB-9628-E1FD9867E3C0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F2C106A7-BAF1-4F6C-9C4A-09B6A1EC3105}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F39EE16F-3419-4268-B17F-73973D9FAB9D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F55CF932-501C-4B6C-8ED2-748F27DA838F}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F5A35CD9-21F8-40F8-BF83-8CFD2625502E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F89AE466-3634-454D-BF58-A214FDE1BDE7}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F8A363E5-823B-4043-A139-DAECB8D33A2E}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F8F850FF-04F6-4260-92C6-57F678189F7D}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F90CDDFE-736F-497C-9329-13B72AD08167}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{F92459E8-CDA2-450E-AB9C-AB779173DBDC}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FA0D861E-928B-4335-8295-1ED0F5002E29}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FA483F1A-4107-489B-AF5D-41F410AC1C71}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FAE32D55-D34F-4C86-A4AC-DC1E09BAB478}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FB98C699-0460-44D7-A381-B7F726FF29F4}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FD141220-C295-44B2-B7A6-E12701E8A4E1}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FD61EF9C-BF37-47E8-BBC3-FDFA35287FB5}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FFB7AA77-90F1-4592-AC38-BD821FE446E0}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FFC32CED-5354-47E3-A12B-7087DDB4181B}
Successfully deleted: [Empty Folder] C:\Users\Patty\appdata\local\{FFF761B3-E8D4-48A0-A173-940C816864B9}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Patty\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/26/2013 at 18:49:56.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL Logs

OTL logfile created on: 10/26/2013 7:11:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patty\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 169.70 Mb Available Physical Memory | 16.77% Memory free
1.99 Gb Paging File | 0.86 Gb Available in Paging File | 43.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 69.22 Gb Free Space | 69.22% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.75 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

Computer Name: PATTY-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Patty\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Installer\MSI406.tmp ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Asus\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe (ASUS)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinAgent.exe ()
PRC - C:\Program Files\Asus\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Asus\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinService.exe ()
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Asus\CapsHook\CapsHook.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\659692c78b36fafa5b93498807a2d1ae\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fe6960e8cec492f2312a99dd36ebb82d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bc25d53a57aeb37670249b00b8710ef2\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\ExpressGateUtil\VAWinAgent.exe ()


========== Services (SafeList) ==========

SRV - (Level Quality Watcher) -- C:\windows\Installer\MSI406.tmp ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (ASUS InstantOn) -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
SRV - (DCDhcpService) -- C:\Program Files\WiSharing\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (lsnfd) -- C:\Windows\System32\drivers\lsnfd.sys (Linksicle)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (AiDriver) -- C:\Windows\System32\drivers\AiDriver.sys (ASUSTek Computer Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SAVB_enUS504
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]

[2013/10/21 18:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions
[2013/10/21 18:36:32 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/10/21 18:36:34 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2012/12/27 11:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncodin
g}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugk
ey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.newzjunky.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\PerHelperGC.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Linksicle = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\
CHR - Extension: ScorpionSaver = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [iSeriesCharge] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [BC709601F80CC137C2510FB0F0C99293758EA3EC._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E6A6C6F404D367BBE5539910DF85D2D4] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [HP Photosmart 5520 series (NET)] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex....rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACF3E696-9908-48CE-B069-C06327FFF7E6}: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8C86D20-7DCF-4CA3-A0EC-27F7BAC44808}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/26 19:02:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patty\Desktop\OTL.exe
[2013/10/26 18:39:11 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/10/25 18:50:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/25 17:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/25 17:22:29 | 000,105,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2013/10/25 17:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/25 17:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\ScorpionSaver
[2013/10/25 17:10:12 | 000,000,000 | ---D | C] -- C:\temp
[2013/10/25 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/10/25 17:04:32 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/22 23:58:25 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/10/22 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\what the tech OCT 2013
[2013/10/22 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Malwarebytes
[2013/10/22 21:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/22 21:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/22 21:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/22 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Programs
[2013/10/22 21:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/21 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Mozilla
[2013/10/20 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\com.adobe.mauby
[2013/10/20 23:08:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\Documents\Wondershare PDF Converter
[2013/10/20 23:08:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Wondershare
[2013/10/20 23:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2013/10/20 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2013/10/10 15:10:33 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/10/10 15:10:27 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/10/10 15:10:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/10/10 15:10:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/10/10 15:10:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/10/10 15:10:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/10/10 15:10:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/10/10 15:10:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/10/10 15:10:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/10/10 15:10:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/10/09 21:51:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2013/10/09 21:50:59 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidparse.sys
[2013/10/09 21:50:05 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/10/09 21:50:02 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/10/09 21:50:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tdh.dll
[2013/10/09 21:49:48 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 21:49:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2013/10/09 21:49:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dciman32.dll
[2013/10/09 21:49:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2013/10/09 21:49:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2013/10/09 21:49:40 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2013/10/09 21:49:28 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/10/02 17:14:50 | 000,052,688 | ---- | C] (Linksicle) -- C:\windows\System32\drivers\lsnfd.sys
[2013/09/09 18:39:10 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Files\AVAST Softwar
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/26 19:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patty\Desktop\OTL.exe
[2013/10/26 18:36:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/26 18:26:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/26 17:38:44 | 000,105,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2013/10/26 17:37:37 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/26 16:58:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/26 16:58:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/26 16:50:33 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/26 16:50:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/26 16:49:01 | 795,824,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/22 23:58:25 | 000,001,222 | ---- | M] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/22 21:12:53 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/10/21 18:42:00 | 000,000,000 | ---- | M] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:21 | 000,203,032 | ---- | M] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/10/18 20:04:48 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/14 13:41:59 | 000,770,344 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/10/14 13:41:59 | 000,369,584 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/10/14 13:41:59 | 000,175,176 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/10/14 13:41:59 | 000,061,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/10/14 13:41:59 | 000,056,080 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/10/14 13:41:59 | 000,049,376 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/10/14 13:41:58 | 000,066,336 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/10/14 13:41:58 | 000,029,816 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/10/14 13:41:27 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/10/14 13:41:20 | 000,236,840 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/10/10 15:55:01 | 000,671,730 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/10/10 15:55:01 | 000,124,966 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/10 15:47:19 | 000,333,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/10/09 21:27:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/10/09 21:27:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/10/02 17:14:50 | 000,052,688 | ---- | M] (Linksicle) -- C:\windows\System32\drivers\lsnfd.sys
[2013/09/30 11:53:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr80.dll
[2013/09/30 11:53:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp80.dll
[2013/09/30 11:53:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcm80.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/22 21:33:08 | 000,001,222 | ---- | C] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/21 18:42:00 | 000,000,000 | ---- | C] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:20 | 000,203,032 | ---- | C] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
[2013/04/17 23:19:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 16:26:03 | 000,175,176 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/17 16:26:03 | 000,049,376 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2012/10/05 06:12:46 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012/04/11 01:19:13 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2012/04/11 01:19:13 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2012/04/11 01:16:34 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2012/04/11 01:16:34 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2012/04/11 01:11:44 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2012/04/11 01:06:33 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2012/04/11 01:06:33 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2012/04/11 01:06:28 | 000,003,475 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/04/05 09:19:10 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/04/05 09:19:06 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/11 01:32:38 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\ASUS WebStorage
[2013/10/20 23:27:55 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\com.adobe.mauby
[2013/02/21 19:57:39 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/11 01:17:37 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\E-Cam
[2012/12/27 11:22:21 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Rovio
[2012/10/05 12:20:43 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Temp
[2013/01/08 11:36:09 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 10/26/2013 7:11:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patty\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 169.70 Mb Available Physical Memory | 16.77% Memory free
1.99 Gb Paging File | 0.86 Gb Available in Paging File | 43.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 69.22 Gb Free Space | 69.22% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.75 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

Computer Name: PATTY-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Patty\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00799626-6433-4E77-B752-CBCB984AE41C}" = lport=80 | protocol=6 | dir=in | app=c:\program files\wisharing\p2puimain.exe |
"{03DF8654-068A-4741-9423-96F07E5920EC}" = lport=138 | protocol=17 | dir=in | app=system |
"{09CA92BE-1A2B-4A4C-93A0-366018EFF41F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16E46EC3-5B7E-4F61-AAF0-A68038007C7B}" = lport=24501 | protocol=6 | dir=in | name=wisharingport |
"{3196661D-311D-4EB0-9B1A-DA8C4AD8CFD4}" = lport=24401 | protocol=6 | dir=in | name=wisharingport |
"{596EF54F-796E-4BAB-810E-0112A9C54886}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5CB53D79-181A-47CC-94E8-17AB3561886F}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E2F9D3D-97DB-4D2E-B7E3-F3F16E2EB951}" = lport=445 | protocol=6 | dir=in | app=system |
"{7752590F-0288-47CE-BB11-5D20BE2BF27B}" = lport=24601 | protocol=6 | dir=in | name=wisharingport |
"{7EF93033-B36E-4CEA-94F3-3130F2D35853}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{808C11D6-C015-47BF-9426-7E8DB717043B}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{8CE0DC7B-A40D-4B20-8E23-0D001D8C8911}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F4CA959-BED4-428F-B07C-4BE338F4266B}" = rport=445 | protocol=6 | dir=out | app=system |
"{901A45A7-A000-4609-8718-4A9F1FB8DE3C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{943880C6-D602-4AE6-B6BD-4FC391916A70}" = lport=53 | protocol=17 | dir=in | app=c:\program files\wisharing\dcdhcpservice.exe |
"{9D2875B6-B6CD-40EA-9ACF-8079484ECC1F}" = lport=24501 | protocol=17 | dir=in | name=wisharingport |
"{9D855B6B-588B-4A7E-A576-F9E46508F045}" = lport=24301 | protocol=6 | dir=in | name=wisharingport |
"{9DB6B910-730F-486E-8411-505B0FAA838C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7E889AC-002E-42B4-B7DC-09FF31CCA400}" = rport=137 | protocol=17 | dir=out | app=system |
"{BCCAF693-8FD4-4423-9567-47DCD8757B1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D67B95A4-3081-4E08-B784-26146C73E7CD}" = lport=24601 | protocol=17 | dir=in | name=wisharingport |
"{DD32C660-6527-41CA-8540-4B820FBC3D40}" = lport=137 | protocol=17 | dir=in | app=system |
"{E39C4B18-2912-4E08-8250-AF44F1F6099C}" = lport=24301 | protocol=17 | dir=in | name=wisharingport |
"{EF675D55-149D-4267-9875-8014130B20C4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F5B06C63-3FCB-4569-AF0C-BB16746814F4}" = lport=139 | protocol=6 | dir=in | app=system |
"{FA0B5D64-00D2-4F1A-A051-3B1E4677B175}" = lport=24401 | protocol=17 | dir=in | name=wisharingport |
"{FE31BE50-1048-44BE-AD25-E716E6A24548}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FFFC6614-C920-40B7-9201-DBE89266E31F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02128A15-C81B-4670-8DF4-C7A0C5ACE826}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe |
"{05CA2610-9926-47E1-AF29-EFC3E50E278D}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{0A703E52-D64A-46B7-BD1E-6EBD4E41B37F}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{1B76162A-E626-47E0-98CE-4FDBDC964E88}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{1E2BA515-E1FE-4036-99C0-E12532930801}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{2B3C9E67-6CF5-4A56-B1E8-47A5BEC361B5}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3205B426-885A-414A-BFE7-620320A346E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{39B7271C-E3E8-428B-96AA-B0717C7DD273}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{44EB4CF9-B192-45E7-A69C-6EA038620EF1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{47C84DA6-DF3C-407D-949C-18DEC739D346}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{4B1706CF-3108-4B8B-A6C2-339B7C833239}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicatorcom.exe |
"{549851DE-F6B5-4F58-88C8-44CC73C889D0}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{721E84E0-7CA4-4E44-BA64-D814C0464B5F}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{7D0AA4D4-C1FC-4034-8E04-64ECCB96E784}" = protocol=6 | dir=in | app=c:\program files\wisharing\wisharing.exe |
"{7EB250C4-488D-4456-AD49-B5AE26A7BA97}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{86DEBC79-F996-40A2-9155-87C83166F3A6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8C390B1A-0F10-4886-9DEB-96763C99F541}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{90861DA7-51A5-49A5-9FA2-7BD186036B69}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{95234D05-0234-4C3A-A82C-ACC6C5063B20}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9F3D8A81-BA4A-4D80-9CE6-83E9D7A214E3}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A4CD7354-97D4-474F-B34F-48B88C76BCE2}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{A75623C2-0DB7-43B7-B7FE-CD0C021988A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B003C45B-8D7D-48F5-AE65-968FD6DD4C9D}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe |
"{C50AD7DF-BFB6-48AC-8B62-A7AA97D38814}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C68B8BE1-A10E-43DF-81CC-2645D13767C9}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{C8C78716-3A15-4ABF-A44B-B77983AD3595}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{D797F2DF-FB87-42F8-88FF-4ADEC8EF1D9D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD6CDBA5-C5D7-49F7-9BB2-871EB1A9CEBC}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E1DA1D1C-9F4B-4C7E-980B-0054D4C1721E}" = protocol=17 | dir=in | app=c:\program files\wisharing\wisharing.exe |
"{E451AB40-0A77-4318-9817-0D3FF63BACCD}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F0FD1F73-17C0-4CAE-AAD4-994665F13E1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F6AFF0D4-B047-450A-9B5C-2D6E2AB5F97E}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{072B53D7-DAAD-4562-8764-B528D0ADA7C4}" = Windows Live Family Safety
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = WiSharing
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{273E1F1A-7B1A-436C-A783-A4A8C97AD036}" = ScorpionSaver
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{670DC8DB-0BE2-464B-A2FE-863BDAECC523}" = Windows Live Family Safety
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for EPC
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{7CBE9636-B985-4ACB-9CC7-D7E79FDADEA8}" = Angry Birds
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8165EFD2-0EB8-4C4F-A0E4-0E641B117ED2}" = USBCharge+
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9042F9FE-43CB-4ACF-9978-F62235127F90}" = ASUS Media Sharing
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C861504E-2F57-4F95-AB0A-C7C7D8E46A4E}" = Windows Live Family Safety
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}" = HP Photosmart 5520 series Basic Device Software
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Eee Docking_is1" = Eee Docking 3.10.5
"Elantech" = ETDWare PS/2-X86 8.0.5.2_WHQL
"Google Chrome" = Google Chrome
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"Linksicle" = Linksicle
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.95
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2013 7:10:27 PM | Computer Name = Patty-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 46c Start Time:
01ced29f83311885 Termination Time: 31 Application Path: C:\Users\Patty\Desktop\OTL.exe

Report
Id:

[ System Events ]
Error - 10/26/2013 7:10:30 PM | Computer Name = Patty-PC | Source = DCOM | ID = 10010
Description =





< End of report >

System seems to be clear

#8 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 27 October 2013 - 05:56 AM

Hello dbjb7606,

there are traces of ScorpionSaver on your pc.
My advice is to uninstall it.
Start > Control Panel > Programs and Features ( Vista | Windows 7/8 ).

Uninstall ScorpionSaver:
http://www.scorpionsaver.com/EULA.php

...
c) To uninstall the Toolbar, including and all aspects of it and all components of any Scorpion Saver Licensor software or Other Software, you may take the following steps:

i) For Windows Internet Explorer:

1. Click on Tools, then Manage Add-ons. Under Toolbars and Extensions, you can disable Scorpion Saver.

2. Under Add and Remove Programs located in the Control-Panel, Scorpion Saver can be permanently uninstalled.

ii) For FireFox:

1. Click on Tools, then Add-ons Manager. Under Extensions, you can remove
and/or disable Scorpion Saver.

2. Under Add and Remove Programs located in the Control-Panel, Scorpion Saver can be permanently uninstalled.

iii) For Google Chrome:

1. Click on Customize and Control Google Chrome, then select Tools and choose Extensions. Under Extensions, you can remove and/or disable Scorpion Saver.

2. Under Add and Remove Programs located in the Control-Panel, Scorpion Saver can be permanently uninstalled.

***

Looks like Malwarebytes' Anti-Malware is already installed on your pc!
  • If yes: Run Malwarebytes' Anti-Malware
    Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • If not installed:
  • Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup****.exe and follow the prompts to install the program.
    Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
[*] Once the program has loaded, select Perform quick scan, then click Scan.
[*] When the scan is complete, click OK, then Show Results to view the results.
[*] Be sure that everything is checked, and click Remove Selected.
[*] When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
[/list]Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.

***

Java
  • Install latest Java:
  • Install latest Java 7 update: JAVA Click this link and click on the Free JAVA Download.
  • Uninstall old Java versions:
    • Please go to Start > Control Panel > Programs and Features .
    • Locate the following programs:
    • all other Java versions except Version 7 Update 45
  • Uninstall them all.

***

Run OTL again.
  • Double click on the OTL icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

How the computer is running now?
Graduate of the WTT Classroom
Cheers,
Jo

#9 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 27 October 2013 - 11:51 AM

Malwarebytes found no problems

OTL Log

OTL logfile created on: 10/27/2013 1:16:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patty\Desktop\what the tech OCT 2013
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 212.81 Mb Available Physical Memory | 21.03% Memory free
1.99 Gb Paging File | 0.63 Gb Available in Paging File | 31.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 69.09 Gb Free Space | 69.09% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.75 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

Computer Name: PATTY-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Patty\Desktop\what the tech OCT 2013\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Asus\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe (ASUS)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinAgent.exe ()
PRC - C:\Program Files\Asus\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Asus\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinService.exe ()
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Asus\CapsHook\CapsHook.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\659692c78b36fafa5b93498807a2d1ae\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fe6960e8cec492f2312a99dd36ebb82d\System.Configuration.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bc25d53a57aeb37670249b00b8710ef2\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\ExpressGateUtil\VAWinAgent.exe ()


========== Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (ASUS InstantOn) -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
SRV - (DCDhcpService) -- C:\Program Files\WiSharing\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (lsnfd) -- C:\Windows\System32\drivers\lsnfd.sys (Linksicle)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (AiDriver) -- C:\Windows\System32\drivers\AiDriver.sys (ASUSTek Computer Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SAVB_enUS504
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]

[2013/10/21 18:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions
[2013/10/21 18:36:32 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/10/21 18:36:34 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2012/12/27 11:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncodin
g}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugk
ey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.newzjunky.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\PerHelperGC.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Linksicle = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [iSeriesCharge] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [BC709601F80CC137C2510FB0F0C99293758EA3EC._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E6A6C6F404D367BBE5539910DF85D2D4] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [HP Photosmart 5520 series (NET)] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex....rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACF3E696-9908-48CE-B069-C06327FFF7E6}: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8C86D20-7DCF-4CA3-A0EC-27F7BAC44808}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/27 10:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/27 10:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/27 10:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/27 10:21:49 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/27 10:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/27 10:20:53 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/27 10:20:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/27 10:20:46 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/27 10:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/27 10:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/26 23:37:51 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbport.sys
[2013/10/26 23:37:50 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbd.sys
[2013/10/26 19:41:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/10/26 18:39:11 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/10/25 18:50:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/25 17:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/25 17:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/25 17:10:12 | 000,000,000 | ---D | C] -- C:\temp
[2013/10/25 17:04:32 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/22 23:58:25 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/10/22 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\what the tech OCT 2013
[2013/10/22 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Malwarebytes
[2013/10/22 21:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/22 21:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/22 21:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/22 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Programs
[2013/10/22 21:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/21 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Mozilla
[2013/10/20 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\com.adobe.mauby
[2013/10/20 23:08:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\Documents\Wondershare PDF Converter
[2013/10/20 23:08:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Wondershare
[2013/10/20 23:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2013/10/20 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2013/10/10 15:10:33 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/10/10 15:10:27 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/10/10 15:10:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/10/10 15:10:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/10/10 15:10:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/10/10 15:10:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/10/10 15:10:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/10/10 15:10:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/10/10 15:10:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/10/10 15:10:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/10/09 21:51:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2013/10/09 21:50:59 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidparse.sys
[2013/10/09 21:50:05 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/10/09 21:50:02 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/10/09 21:50:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tdh.dll
[2013/10/09 21:49:48 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 21:49:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2013/10/09 21:49:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dciman32.dll
[2013/10/09 21:49:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2013/10/09 21:49:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2013/10/09 21:49:40 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2013/10/09 21:49:28 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/10/02 17:14:50 | 000,052,688 | ---- | C] (Linksicle) -- C:\windows\System32\drivers\lsnfd.sys
[2013/09/09 18:39:10 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Files\AVAST Softwar
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/27 13:26:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/27 12:36:09 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/27 10:20:23 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/27 10:20:10 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/27 10:20:10 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/27 10:20:09 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/27 10:12:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 10:12:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 10:04:30 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/27 10:03:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/27 10:03:38 | 795,824,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/26 17:37:37 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/22 23:58:25 | 000,001,222 | ---- | M] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/22 21:12:53 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/10/21 18:42:00 | 000,000,000 | ---- | M] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:21 | 000,203,032 | ---- | M] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/10/18 20:04:48 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/14 13:41:59 | 000,770,344 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/10/14 13:41:59 | 000,369,584 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/10/14 13:41:59 | 000,175,176 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/10/14 13:41:59 | 000,061,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/10/14 13:41:59 | 000,056,080 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/10/14 13:41:59 | 000,049,376 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/10/14 13:41:58 | 000,066,336 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/10/14 13:41:58 | 000,029,816 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/10/14 13:41:27 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/10/14 13:41:20 | 000,236,840 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/10/10 15:55:01 | 000,671,730 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/10/10 15:55:01 | 000,124,966 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/10 15:47:19 | 000,333,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/10/09 21:27:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/10/09 21:27:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/10/02 17:14:50 | 000,052,688 | ---- | M] (Linksicle) -- C:\windows\System32\drivers\lsnfd.sys
[2013/09/30 11:53:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr80.dll
[2013/09/30 11:53:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp80.dll
[2013/09/30 11:53:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcm80.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/22 21:33:08 | 000,001,222 | ---- | C] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/21 18:42:00 | 000,000,000 | ---- | C] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:20 | 000,203,032 | ---- | C] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
[2013/04/17 23:19:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 16:26:03 | 000,175,176 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/17 16:26:03 | 000,049,376 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2012/10/05 06:12:46 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012/04/11 01:19:13 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2012/04/11 01:19:13 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2012/04/11 01:16:34 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2012/04/11 01:16:34 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2012/04/11 01:11:44 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2012/04/11 01:06:33 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2012/04/11 01:06:33 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2012/04/11 01:06:28 | 000,003,475 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/04/05 09:19:10 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/04/05 09:19:06 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#10 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 27 October 2013 - 02:18 PM

Hello dbjb7606,


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    
    :Services
    lsnfd
    
    :Reg
    
    :Files
    C:\Windows\System32\drivers\lsnfd.sys 
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

Graduate of the WTT Classroom
Cheers,
Jo

    Advertisements

Register to Remove


#11 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 27 October 2013 - 05:58 PM

OTL Fix Log

All processes killed
========== SERVICES/DRIVERS ==========
Error: Unable to stop service lsnfd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsnfd deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Windows\System32\drivers\lsnfd.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 121064 bytes
->Temporary Internet Files folder emptied: 327990 bytes
->Flash cache emptied: 57882 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Patty
->Temp folder emptied: 33029676 bytes
->Temporary Internet Files folder emptied: 187124628 bytes
->Java cache emptied: 48020 bytes
->Google Chrome cache emptied: 170945422 bytes
->Flash cache emptied: 59537 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14152525 bytes
RecycleBin emptied: 65700 bytes

Total Files Cleaned = 387.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10272013_185848

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\windows\temp\HS.log moved successfully.
C:\windows\temp\wbxtra_10272013_185239.wbt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL Log after reboot


OTL logfile created on: 10/27/2013 7:15:44 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patty\Desktop\what the tech OCT 2013
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 95.95 Mb Available Physical Memory | 9.48% Memory free
1.99 Gb Paging File | 0.63 Gb Available in Paging File | 31.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 69.12 Gb Free Space | 69.12% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.75 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

Computer Name: PATTY-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Patty\Desktop\what the tech OCT 2013\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files\Asus\AsusVibe\AsusVibe2.0.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Asus\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe (ASUS)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinAgent.exe ()
PRC - C:\Program Files\Asus\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Asus\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinService.exe ()
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Asus\CapsHook\CapsHook.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\659692c78b36fafa5b93498807a2d1ae\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fe6960e8cec492f2312a99dd36ebb82d\System.Configuration.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bc25d53a57aeb37670249b00b8710ef2\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\ExpressGateUtil\VAWinAgent.exe ()


========== Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (ASUS InstantOn) -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
SRV - (DCDhcpService) -- C:\Program Files\WiSharing\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (AiDriver) -- C:\Windows\System32\drivers\AiDriver.sys (ASUSTek Computer Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SAVB_enUS504
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]

[2013/10/21 18:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions
[2013/10/21 18:36:32 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/10/21 18:36:34 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2012/12/27 11:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncodin
g}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugk
ey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.newzjunky.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\PerHelperGC.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Linksicle = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [iSeriesCharge] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [BC709601F80CC137C2510FB0F0C99293758EA3EC._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E6A6C6F404D367BBE5539910DF85D2D4] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [HP Photosmart 5520 series (NET)] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex....rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACF3E696-9908-48CE-B069-C06327FFF7E6}: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8C86D20-7DCF-4CA3-A0EC-27F7BAC44808}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/27 18:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/27 14:17:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{332D9B2E-C2F7-468C-B891-77966966904D}
[2013/10/27 10:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/27 10:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/27 10:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/27 10:21:49 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/27 10:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/27 10:20:53 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/27 10:20:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/27 10:20:46 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/27 10:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/27 10:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/26 23:37:51 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbport.sys
[2013/10/26 23:37:50 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbd.sys
[2013/10/26 19:41:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/10/26 18:39:11 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/10/25 18:50:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/25 17:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/25 17:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/25 17:10:12 | 000,000,000 | ---D | C] -- C:\temp
[2013/10/25 17:04:32 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/22 23:58:25 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/10/22 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\what the tech OCT 2013
[2013/10/22 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Malwarebytes
[2013/10/22 21:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/22 21:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/22 21:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/22 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Programs
[2013/10/22 21:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/21 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Mozilla
[2013/10/20 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\com.adobe.mauby
[2013/10/20 23:08:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\Documents\Wondershare PDF Converter
[2013/10/20 23:08:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Wondershare
[2013/10/20 23:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2013/10/20 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2013/10/10 15:10:33 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/10/10 15:10:27 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/10/10 15:10:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/10/10 15:10:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/10/10 15:10:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/10/10 15:10:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/10/10 15:10:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/10/10 15:10:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/10/10 15:10:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/10/10 15:10:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/10/09 21:51:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2013/10/09 21:50:59 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidparse.sys
[2013/10/09 21:50:05 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/10/09 21:50:02 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/10/09 21:50:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tdh.dll
[2013/10/09 21:49:48 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 21:49:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2013/10/09 21:49:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dciman32.dll
[2013/10/09 21:49:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2013/10/09 21:49:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2013/10/09 21:49:40 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2013/10/09 21:49:28 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/09/09 18:39:10 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Files\AVAST Softwar
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/27 19:26:09 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/27 19:18:44 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 19:18:44 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 19:10:15 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/27 19:09:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/27 19:09:52 | 795,824,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/27 16:36:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/27 10:20:23 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/27 10:20:10 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/27 10:20:10 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/27 10:20:09 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/26 17:37:37 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/22 23:58:25 | 000,001,222 | ---- | M] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/22 21:12:53 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/10/21 18:42:00 | 000,000,000 | ---- | M] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:21 | 000,203,032 | ---- | M] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/10/18 20:04:48 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/14 13:41:59 | 000,770,344 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/10/14 13:41:59 | 000,369,584 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/10/14 13:41:59 | 000,175,176 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/10/14 13:41:59 | 000,061,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/10/14 13:41:59 | 000,056,080 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/10/14 13:41:59 | 000,049,376 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/10/14 13:41:58 | 000,066,336 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/10/14 13:41:58 | 000,029,816 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/10/14 13:41:27 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/10/14 13:41:20 | 000,236,840 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/10/10 15:55:01 | 000,671,730 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/10/10 15:55:01 | 000,124,966 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/10 15:47:19 | 000,333,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/10/09 21:27:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/10/09 21:27:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/09/30 11:53:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr80.dll
[2013/09/30 11:53:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp80.dll
[2013/09/30 11:53:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcm80.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/22 21:33:08 | 000,001,222 | ---- | C] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/21 18:42:00 | 000,000,000 | ---- | C] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:20 | 000,203,032 | ---- | C] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
[2013/04/17 23:19:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 16:26:03 | 000,175,176 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/17 16:26:03 | 000,049,376 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2012/10/05 06:12:46 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012/04/11 01:19:13 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2012/04/11 01:19:13 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2012/04/11 01:16:34 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2012/04/11 01:16:34 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2012/04/11 01:11:44 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2012/04/11 01:06:33 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2012/04/11 01:06:33 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2012/04/11 01:06:28 | 000,003,475 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/04/05 09:19:10 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/04/05 09:19:06 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#12 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 28 October 2013 - 06:22 AM

Hello dbjb7606,

go on with:

1. Uninstall:

Please go to Start > Control Panel > Programs and Features.
Locate the following program:
  • look for PC performer and Speed Analysis names
  • If still present - uninstall them.

***


2. Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/10/21 18:36:32 | 000,000,000 | ---D | M]
    CHR - Extension: Linksicle = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log .

***


3. Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S..].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


4. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push Posted Image

***


5. Restart your pc:

How the computer is running now?
Graduate of the WTT Classroom
Cheers,
Jo

#13 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 28 October 2013 - 03:10 PM

ADW Cleaner log # AdwCleaner v3.010 - Report created 28/10/2013 at 08:53:24 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Starter Service Pack 1 (32 bits) # Username : Patty - PATTY-PC # Running from : C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FU4UU61\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6521 octets] - [25/10/2013 18:51:17] AdwCleaner[R1].txt - [946 octets] - [28/10/2013 08:50:58] AdwCleaner[S0].txt - [6660 octets] - [26/10/2013 00:52:41] AdwCleaner[S1].txt - [868 octets] - [28/10/2013 08:53:24] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [927 octets] ########## Eset Scan Log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=8900f34baa6f384d87943f261eca87f7 # engine=15664 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-10-28 03:28:28 # local_time=2013-10-28 11:28:28 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=771 16777213 83 81 0 158762380 0 0 # compatibility_mode=5893 16776573 100 94 0 134518899 0 0 # scanned=111531 # found=0 # cleaned=0 # scan_time=7731 Computer seems to be running fine

#14 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 29 October 2013 - 03:57 AM

Hello dbjb7606,

Run OTL again.
  • Double click on the OTL icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

Graduate of the WTT Classroom
Cheers,
Jo

#15 dbjb7606

dbjb7606

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 29 October 2013 - 02:56 PM

OTL Log

OTL logfile created on: 10/29/2013 4:31:27 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patty\Desktop\what the tech OCT 2013
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 264.32 Mb Available Physical Memory | 26.12% Memory free
1.99 Gb Paging File | 0.98 Gb Available in Paging File | 49.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 69.28 Gb Free Space | 69.28% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.75 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

Computer Name: PATTY-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Patty\Desktop\what the tech OCT 2013\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Asus\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe (ASUS)
PRC - C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinAgent.exe ()
PRC - C:\Program Files\Asus\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Asus\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
PRC - C:\ExpressGateUtil\VAWinService.exe ()
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Asus\CapsHook\CapsHook.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\659692c78b36fafa5b93498807a2d1ae\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fe6960e8cec492f2312a99dd36ebb82d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bc25d53a57aeb37670249b00b8710ef2\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\ExpressGateUtil\VAWinAgent.exe ()


========== Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (Cisco WebEx LLC)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (ASUS InstantOn) -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe (ASUS)
SRV - (DCDhcpService) -- C:\Program Files\WiSharing\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (AiDriver) -- C:\Windows\System32\drivers\AiDriver.sys (ASUSTek Computer Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SAVB_enUS504
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/21 18:36:34 | 000,000,000 | ---D | M]

[2013/10/28 08:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions
[2013/10/21 18:36:34 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Patty\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2012/12/27 11:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncodin
g}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugk
ey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.newzjunky.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\PerHelperGC.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [iSeriesCharge] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [BC709601F80CC137C2510FB0F0C99293758EA3EC._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E6A6C6F404D367BBE5539910DF85D2D4] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [HP Photosmart 5520 series (NET)] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex....rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACF3E696-9908-48CE-B069-C06327FFF7E6}: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8C86D20-7DCF-4CA3-A0EC-27F7BAC44808}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 09:36:18 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{9252E254-8AE2-4493-BB1F-870238446222}
[2013/10/28 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\AVAST Software
[2013/10/28 17:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/28 17:25:55 | 000,057,672 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/10/28 17:25:54 | 000,774,392 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/10/28 17:25:54 | 000,403,440 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/10/28 17:25:54 | 000,070,384 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/10/28 17:25:53 | 000,079,720 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/10/28 17:25:53 | 000,035,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/10/28 17:25:46 | 000,269,216 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/10/28 17:25:44 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/10/28 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{5A4234DF-D3B5-4E96-B2A7-DB1351E2E016}
[2013/10/28 09:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/10/27 18:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/27 14:17:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{332D9B2E-C2F7-468C-B891-77966966904D}
[2013/10/27 10:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/27 10:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/27 10:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/27 10:21:49 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/27 10:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/27 10:20:53 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/27 10:20:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/27 10:20:46 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/27 10:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/27 10:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/26 23:37:51 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbport.sys
[2013/10/26 23:37:50 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbd.sys
[2013/10/26 19:41:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/10/26 18:39:11 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/10/25 18:50:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/25 17:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/25 17:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/25 17:10:12 | 000,000,000 | ---D | C] -- C:\temp
[2013/10/25 17:04:32 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/22 23:58:25 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/10/22 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\what the tech OCT 2013
[2013/10/22 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Malwarebytes
[2013/10/22 21:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/22 21:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/22 21:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/22 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Programs
[2013/10/22 21:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/21 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Mozilla
[2013/10/20 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\com.adobe.mauby
[2013/10/20 23:08:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\Documents\Wondershare PDF Converter
[2013/10/20 23:08:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Wondershare
[2013/10/20 23:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2013/10/20 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2013/10/10 15:10:33 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/10/10 15:10:27 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/10/10 15:10:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/10/10 15:10:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/10/10 15:10:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/10/10 15:10:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/10/10 15:10:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/10/10 15:10:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/10/10 15:10:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/10/10 15:10:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/10/09 21:51:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2013/10/09 21:50:59 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidparse.sys
[2013/10/09 21:50:05 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/10/09 21:50:02 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/10/09 21:50:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tdh.dll
[2013/10/09 21:49:48 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 21:49:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2013/10/09 21:49:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dciman32.dll
[2013/10/09 21:49:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2013/10/09 21:49:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2013/10/09 21:49:40 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2013/10/09 21:49:28 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/09/09 18:39:10 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Files\AVAST Softwar
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/29 16:36:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 16:26:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 09:17:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/29 08:53:06 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 08:53:06 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 08:45:05 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 08:44:34 | 795,824,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/28 17:25:44 | 000,774,392 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/10/28 17:25:44 | 000,403,440 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/10/28 17:25:44 | 000,269,216 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/10/28 17:25:44 | 000,178,304 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/10/28 17:25:44 | 000,079,720 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/10/28 17:25:44 | 000,070,384 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/10/28 17:25:44 | 000,057,672 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/10/28 17:25:44 | 000,049,944 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/10/28 17:25:44 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/10/28 17:25:44 | 000,035,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/10/28 17:16:42 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/10/27 10:20:23 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/27 10:20:10 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/27 10:20:10 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/27 10:20:09 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/26 17:37:37 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/10/22 23:58:25 | 000,001,222 | ---- | M] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/21 18:42:00 | 000,000,000 | ---- | M] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:21 | 000,203,032 | ---- | M] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/10/18 20:04:48 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/10 15:55:01 | 000,671,730 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/10/10 15:55:01 | 000,124,966 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/10 15:47:19 | 000,333,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/10/09 21:27:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/10/09 21:27:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/09/30 11:53:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr80.dll
[2013/09/30 11:53:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp80.dll
[2013/09/30 11:53:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcm80.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/28 17:25:55 | 000,178,304 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/10/28 17:25:54 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/10/22 21:33:08 | 000,001,222 | ---- | C] () -- C:\Users\Patty\Desktop\Revo Uninstaller.lnk
[2013/10/21 18:42:00 | 000,000,000 | ---- | C] () -- C:\Users\Patty\AppData\Roaming\pdfconverter
[2013/10/20 23:40:20 | 000,203,032 | ---- | C] () -- C:\Users\Patty\Desktop\watertown application Executive Sec.pdf
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
[2013/07/25 16:49:26 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
[2013/04/17 23:19:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/05 06:12:46 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012/04/11 01:19:13 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2012/04/11 01:19:13 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2012/04/11 01:16:34 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2012/04/11 01:16:34 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2012/04/11 01:11:44 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2012/04/11 01:06:33 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2012/04/11 01:06:33 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2012/04/11 01:06:28 | 000,003,475 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/04/05 09:19:10 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/04/05 09:19:06 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users