grimly92x Posted August 3, 2013 ID:710457 Share Posted August 3, 2013 Hello. I'm currently working on cleaning a friend's computer of an infection but I'm running into problems that I can't resolve. I've run Malwarebytes, with up-to-date virus definitions and it found 138 infected files that were the result of sevral different PUPs: -PUP.Optional.OptimizerPro -PUP.Webcake -PUP.TidyNetwork There were a few others, but they were the most prominent. I thought with all those deleted the infection would be over, but there are still toolsbars in both Google Chrome and Internet Explorer I can't get rid of and the computer still runs slowly. Also the web browser constantly reverts to the conduit search page. Malwarebyte no longer picks up anything and IO don't want this to keep spreading. This computer is a laptop running Windows 8. It has the free versions of Avast! Antivirus and Malwarebytes. Logs will follow below. Link to post Share on other sites More sharing options...
grimly92x Posted August 3, 2013 Author ID:710459 Share Posted August 3, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537Run by EL LOBO GRANDE at 22:56:54 on 2013-08-02Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3540.2027 [GMT -4:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exeC:\Program Files (x86)\TidyNetwork.com\tidy2start.exeC:\Windows\system32\taskhostex.exeC:\Program Files\ASUS\P4G\BatteryLife.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exeC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exeC:\Windows\system32\dashost.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\windows\system32\mfevtps.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXEC:\Windows\SysWOW64\rundll32.exeC:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\spotify.exeC:\Windows\SysWOW64\ACEngSvr.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Windows\System32\RuntimeBroker.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ctfmon.exeC:\Program Files\Common Files\McAfee\Core\mchost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>uURLSearchHooks: {650598e1-b35a-45d3-b607-896d7acb64c3} - <orphaned>mURLSearchHooks: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>mURLSearchHooks: {650598e1-b35a-45d3-b607-896d7acb64c3} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {650598e1-b35a-45d3-b607-896d7acb64c3} - <orphaned>BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\EL LOBO GRANDE\AppData\Local\DefineExt\temp.datTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [EPSON171396 (Epson Stylus NX430)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\ELLOBO~1\AppData\Local\Temp\E_S2876.tmp" /EF "HKCU"uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [spotify Web Helper] "C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [Facebook Update] "C:\Users\EL LOBO GRANDE\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [ConduitFloatingPlugin_iigplimlmgilpobjilfbfeilnpiigpgl] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309350\plugins\TBVerifier.dll",RunConduitFloatingPlugin iigplimlmgilpobjilfbfeilnpiigpgluRun: [spotify] "C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostartmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /SmRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunStartupFolder: C:\Users\ELLOBO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeTCP: NameServer = 192.168.1.1TCP: Interfaces\{4B3368CB-939B-42A7-8028-B4173E025AB4} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{4B3368CB-939B-42A7-8028-B4173E025AB4}\9485249333 : DHCPNameServer = 192.168.1.1 71.250.0.12TCP: Interfaces\{4B3368CB-939B-42A7-8028-B4173E025AB4}\E45445745414254343 : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exex64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dllx64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2013-2-19 79528]R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2013-2-19 26280]R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-21 65336]R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-21 189936]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-21 1030952]R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-21 378944]R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-2-19 199008]R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-21 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-21 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-21 46808]R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-7-3 101888]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-22 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-22 701512]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-6-19 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-6-19 201304]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-6-19 201304]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-11-23 241456]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-11-23 218760]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-23 182752]R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-14 94208]R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-11-12 21152]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-6-22 25928]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-19 690832]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-2-19 57000]S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-6-19 196440]S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 647736]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-11-23 332080]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-6-23 23552]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-6-19 201304].=============== File Associations ===============.FileExt: .txt: Applications\addtap.bat="C:\Program Files\AVAST Software\Avast\OpenVPN\driver\win32\addtap.bat" "%1" [userChoice].=============== Created Last 30 ================.2013-08-01 16:51:21 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin2013-07-29 22:11:19 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\OpenOffice.org2013-07-29 18:02:43 -------- d-----w- C:\Program Files (x86)\JRE2013-07-29 18:02:34 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 32013-07-29 17:54:02 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake2013-07-29 17:53:45 -------- d-----w- C:\Program Files (x86)\TidyNetwork.com2013-07-29 17:53:29 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Local\DefineExt2013-07-29 17:52:32 -------- d-----w- C:\Program Files (x86)\BrowserPlus22013-07-29 17:51:59 -------- d-----w- C:\Program Files (x86)\SearchProtect2013-07-21 19:00:56 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Local\Facebook2013-07-20 09:20:25 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-07-20 09:20:25 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll2013-07-20 09:20:23 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-07-20 09:20:23 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll2013-07-20 09:20:22 493056 ----a-w- C:\Windows\SysWow64\mscms.dll2013-07-20 09:20:22 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe2013-07-20 09:20:21 67584 ----a-w- C:\Windows\SysWow64\samlib.dll2013-07-20 09:16:20 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-07-19 19:25:50 -------- d-----w- C:\Users\EL LOBO GRANDE\New folder2013-07-19 19:25:43 -------- d-----w- C:\Users\EL LOBO GRANDE\uuuuuuuuuu2013-07-16 07:35:19 -------- d-----w- C:\Program Files (x86)\Thief II - Shadows of the Metal Age2013-07-16 04:48:46 -------- d-----w- C:\Program Files (x86)\Thief III - Deadly Shadows2013-07-16 04:45:50 -------- d-----w- C:\Program Files (x86)\Thief II - The Metal Age2013-07-16 04:32:28 51472 ----a-w- C:\Windows\SysWow64\dllcache\IMAGECFG.exe2013-07-16 04:32:28 -------- d-----w- C:\Windows\SysWow64\dllcache2013-07-16 04:32:27 51472 ----a-w- C:\Windows\SysWow64\IMAGECFG.exe2013-07-16 04:28:13 -------- d-----w- C:\Program Files (x86)\Thief - Gold Edition2013-07-16 03:35:30 144384 ----a-w- C:\Windows\System32\tssdisai.dll2013-07-16 03:11:12 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\Optimizer Pro2013-07-16 03:00:58 -------- d-----w- C:\ProgramData\StarApp2013-07-16 03:00:19 -------- d-----w- C:\Windows\SysWow64\X862013-07-16 03:00:19 -------- d-----w- C:\Windows\SysWow64\AMD642013-07-16 03:00:19 -------- d-----w- C:\Program Files (x86)\EZDownloader2013-07-16 02:39:34 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility2013-07-16 02:38:49 -------- d-----w- C:\ProgramData\InstallMate2013-07-10 12:31:48 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll2013-07-10 12:31:47 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 12:31:46 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 12:31:46 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 12:31:46 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 12:31:45 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll2013-07-10 12:31:44 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll2013-07-10 12:30:41 4036096 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 12:30:37 1838080 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 12:30:37 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-07-10 12:30:35 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 12:30:34 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 12:30:24 595968 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 12:30:23 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 12:30:06 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-09 17:52:20 -------- d-----w- C:\Program Files (x86)\Conduit2013-07-09 17:52:03 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Local\Conduit2013-07-09 17:52:03 -------- d-----w- C:\Program Files (x86)\InternetHelper3.12013-07-09 17:51:28 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent2013-07-09 17:51:16 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\SearchProtect2013-07-09 17:51:10 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Local\CRE.==================== Find3M ====================.2013-08-03 02:35:14 401 ----a-w- C:\Users\EL LOBO GRANDE\AppData\Roaming\sp_data.sys2013-07-29 22:03:02 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-06-30 18:42:49 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll2013-06-28 15:57:53 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-06-28 15:57:53 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr2013-05-08 06:10:12 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll.============= FINISH: 22:57:48.82 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume1Install Date: 6/18/2013 3:21:21 PMSystem Uptime: 8/2/2013 10:33:20 PM (0 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | K55NProcessor: AMD A8-4500M APU with Radeon HD Graphics | P0 | 1900/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 444 GiB total, 322.605 GiB free.E: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP9: 7/13/2013 12:47:11 PM - Windows UpdateRP10: 7/17/2013 1:26:56 PM - Windows UpdateRP11: 7/21/2013 8:35:55 PM - Windows Update.==== Installed Programs ======================.Adobe Reader X MUIAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD FuelAMD Quick StreamAMD VISION Engine Control CenterASUS Instant ConnectASUS InstantOnASUS LifeFrame3ASUS Live UpdateASUS Power4Gear HybridASUS Product Demo Movie ASUS Smart GestureASUS Splendid Video Enhancement TechnologyASUS TutorASUS USB Charger PlusASUS WebStorage Sync AgentASUSDVDATK Packageavast! Free AntivirusAVG SafeGuard toolbarBrowserPlus2 ToolbarCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishD3DX10Define ExtDownload Updater (AOL Inc.)EPSON NX430 Series Printer UninstallEZDownloaderFacebook Video Calling 1.2.0.287Freemake Video Converter version 4.0.2Galerie de photosGalería de fotosGoogle ChromeGoogle DriveGoogle Update HelperImage ConverterImage Editor PackagesInternetHelper3.1 ToolbarMalwarebytes Anti-Malware version 1.75.0.1300McAfee Internet SecurityMicrosoft Application Error ReportingMicrosoft OfficeMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft VC9 runtime librariesMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Movie MakerMSVCRTMSVCRT110MSVCRT110_amd64MyBitCast 2.0OblivionOpenOffice.org 3.1Photo CommonPhoto GalleryQualcomm Atheros Client Installation ProgramRealtek Ethernet Controller DriverRealtek High Definition Audio DriverShared C Run-time for x64SpotifyStar Wars: The Old RepublicSteamTeam Fortress 2Thief - Gold EditionThief 2Thief GoldThief II - Shadows of the Metal AgeThief II - The Metal AgeThief III - Deadly ShadowsUpdate for Image EditorWeb Cake 3.00Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)Windows LiveWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWinFlash.==== Event Viewer Messages From Past Week ========.8/2/2013 12:59:11 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user GRIMDIAL\EL LOBO GRANDE SID (S-1-5-21-2030453646-4111714286-3060093009-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.8/2/2013 12:59:11 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A188DB29-2ABC-46CB-9A38-40B82CF5D051} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user GRIMDIAL\EL LOBO GRANDE SID (S-1-5-21-2030453646-4111714286-3060093009-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.8/2/2013 11:30:56 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.8/2/2013 11:30:56 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.8/2/2013 10:44:35 PM, Error: Service Control Manager [7034] - The vToolbarUpdater15.4.0 service terminated unexpectedly. It has done this 1 time(s).8/2/2013 10:33:27 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.8/1/2013 10:41:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.7/30/2013 1:08:22 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.7/28/2013 3:11:27 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The pipe has been ended.7/28/2013 2:43:48 PM, Error: Service Control Manager [7034] - The vToolbarUpdater15.3.0 service terminated unexpectedly. It has done this 1 time(s).7/27/2013 2:46:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfevtp service.7/27/2013 2:46:48 PM, Error: Service Control Manager [7023] - The McAfee VirusScan Announcer service terminated with the following error: Incorrect function..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted August 4, 2013 ID:710848 Share Posted August 4, 2013 Hello grimly92x and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 I notice that you are using more than one antivirus program.avast! Free AntivirusMcAfee Internet SecurityThis is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them. Also, please uninstall the following programs: AVG SafeGuard toolbar BrowserPlus2 Toolbar Define Ext InternetHelper3.1 Toolbar Web Cake 3.00 Finally, restart your computer. Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 4Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Step 5Download on the desktop RogueKillerQuit all programsStart RogueKiller.exeWait until Prescan has finished ...Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware logRogueKiller loga new fresh DDS log Link to post Share on other sites More sharing options...
grimly92x Posted August 5, 2013 Author ID:711294 Share Posted August 5, 2013 BrowserPlus2 Toolbar and InternetHelp3.1 Toolbar wouldn't uninstall when I tried, but after running all the mentioned programs the toolbars have disappeared. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.3.3 (08.04.2013:1)OS: Windows 8 x64Ran by EL LOBO GRANDE on Mon 08/05/2013 at 15:07:11.64~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2030453646-4111714286-3060093009-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exeFailed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcoreSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer proSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbarFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdateFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowserFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontrollerFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3309350Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9FCA807-961D-4AAB-89E6-573818329E16}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3} ~~~ Files Failed to delete [File] C:\Windows\Tasks\dsite.jobFailed to delete: [File] "C:\end"Successfully deleted: [File] "C:\Users\EL LOBO GRANDE\desktop\optimizer pro.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\Users\EL LOBO GRANDE\AppData\Roaming\dsite"Successfully deleted: [Folder] "C:\Users\EL LOBO GRANDE\AppData\Roaming\opencandy"Successfully deleted: [Folder] "C:\Users\EL LOBO GRANDE\AppData\Roaming\optimizer pro"Successfully deleted: [Folder] "C:\Users\EL LOBO GRANDE\AppData\Roaming\searchprotect"Successfully deleted: [Folder] "C:\Users\EL LOBO GRANDE\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\EL LOBO GRANDE\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\EL LOBO GRANDE\appdata\locallow\internethelper3.1"Failed to delete: [Folder] "C:\Program Files (x86)\conduit"Failed to delete: [Folder] "C:\Program Files (x86)\internethelper3.1"Failed to delete: [Folder] "C:\Program Files (x86)\searchprotect"Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\software update utility"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 08/05/2013 at 15:11:55.89End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 08/05/2013 at 15:15:26# Updated 19/07/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : EL LOBO GRANDE - GRIMDIAL# Boot Mode : Normal# Running from : C:\Users\EL LOBO GRANDE\Desktop\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpglDeleted on reboot : C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogimFile Deleted : C:\ENDFile Deleted : C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journalFile Deleted : C:\Users\ELLOBO~1\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Windows\Tasks\DSite.jobFolder Deleted : C:\Program Files (x86)\BrowserPlus2Folder Deleted : C:\Program Files (x86)\Common Files\Software Update UtilityFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\internethelper3.1Folder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpglFolder Deleted : C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogimFolder Deleted : C:\Users\EL LOBO GRANDE\AppData\LocalLow\BrowserPlus2Folder Deleted : C:\Users\EL LOBO GRANDE\AppData\LocalLow\ConduitFolder Deleted : C:\Users\ELLOBO~1\AppData\Local\Temp\AirInstaller ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\BrowserPlus2Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1Key Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpglKey Deleted : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogimKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}Key Deleted : HKCU\Software\SearchProtectKey Deleted : HKLM\Software\BrowserPlus2Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXEKey Deleted : HKLM\SOFTWARE\Classes\dnUpdateKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowserKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControllerKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\InternetHelper3.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A83013E6-BF8A-410F-B343-E9D1E597A36E}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}Key Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A83013E6-BF8A-410F-B343-E9D1E597A36E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpglKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogimKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D46D0C-460C-4932-9A79-5685A6A66451}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F34029D-17F4-4414-B5EB-6706200F5E88}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80A4EE4F-4D73-4508-9553-056FF5A61CFA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2F550B3-BA8D-4625-9AE3-E31D195A82E0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{650598E1-B35A-45D3-B607-896D7ACB64C3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserPlus2 ToolbarKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 ToolbarKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtilityKey Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Deleted : HKLM\SOFTWARE\Tarma InstallerValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{650598E1-B35A-45D3-B607-896D7ACB64C3}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{650598E1-B35A-45D3-B607-896D7ACB64C3}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{650598E1-B35A-45D3-B607-896D7ACB64C3}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{650598E1-B35A-45D3-B607-896D7ACB64C3}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[s1].txt - [8380 octets] - [05/08/2013 15:15:26] ########## EOF - C:\AdwCleaner[s1].txt - [8440 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.05.07 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16635EL LOBO GRANDE :: GRIMDIAL [administrator] 8/5/2013 3:43:36 PMmbam-log-2013-08-05 (15-43-36).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 223513Time elapsed: 4 minute(s), 19 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : EL LOBO GRANDE [Admin rights]Mode : Scan -- Date : 08/05/2013 15:36:45| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] TidyNetwork Update : C:\Users\EL LOBO GRANDE\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++--- User ---[MBR] 74dec987ca56517407a93f7235236403[bSP] 387e503a3a0716500845246d3caf6514 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_08052013_153645.txt >> DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537Run by EL LOBO GRANDE at 15:38:02 on 2013-08-05Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3540.2526 [GMT -4:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exeC:\Windows\system32\dashost.exeC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exeC:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exeC:\Program Files\ASUS\P4G\BatteryLife.exeC:\Program Files (x86)\TidyNetwork.com\tidy2start.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXEC:\Windows\SysWOW64\ACEngSvr.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SysWOW64\ctfmon.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [EPSON171396 (Epson Stylus NX430)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\ELLOBO~1\AppData\Local\Temp\E_S2876.tmp" /EF "HKCU"uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [spotify Web Helper] "C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [Facebook Update] "C:\Users\EL LOBO GRANDE\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [spotify] "C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostartmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /SmRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunStartupFolder: C:\Users\ELLOBO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeTCP: NameServer = 192.168.1.1TCP: Interfaces\{4B3368CB-939B-42A7-8028-B4173E025AB4} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{4B3368CB-939B-42A7-8028-B4173E025AB4}\9485249333 : DHCPNameServer = 192.168.1.1 71.250.0.12TCP: Interfaces\{4B3368CB-939B-42A7-8028-B4173E025AB4}\E45445745414254343 : DHCPNameServer = 192.168.1.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2013-2-19 79528]R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2013-2-19 26280]R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-21 65336]R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-21 189936]R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-21 1030952]R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-21 378944]R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-2-19 199008]R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-21 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-21 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-21 46808]R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-7-3 101888]R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-14 94208]R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-11-12 21152]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-19 690832]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-2-19 57000]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-22 418376]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-22 701512]S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 647736]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-6-22 25928]S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-6-23 23552].=============== File Associations ===============.FileExt: .txt: Applications\addtap.bat="C:\Program Files\AVAST Software\Avast\OpenVPN\driver\win32\addtap.bat" "%1" [userChoice].=============== Created Last 30 ================.2013-08-05 19:15:34 310 ----a-w- C:\Windows\DeleteOnReboot.bat2013-08-05 19:07:08 -------- d-----w- C:\Windows\ERUNT2013-08-01 16:51:21 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin2013-07-29 22:11:19 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\OpenOffice.org2013-07-29 18:02:43 -------- d-----w- C:\Program Files (x86)\JRE2013-07-29 18:02:34 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 32013-07-29 17:54:02 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake2013-07-29 17:53:45 -------- d-----w- C:\Program Files (x86)\TidyNetwork.com2013-07-29 17:53:29 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Local\DefineExt2013-07-21 19:00:56 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Local\Facebook2013-07-20 09:20:25 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-07-20 09:20:25 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll2013-07-20 09:20:23 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-07-20 09:20:23 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll2013-07-20 09:20:22 493056 ----a-w- C:\Windows\SysWow64\mscms.dll2013-07-20 09:20:22 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe2013-07-20 09:20:21 67584 ----a-w- C:\Windows\SysWow64\samlib.dll2013-07-20 09:16:20 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-07-19 19:25:50 -------- d-----w- C:\Users\EL LOBO GRANDE\New folder2013-07-19 19:25:43 -------- d-----w- C:\Users\EL LOBO GRANDE\uuuuuuuuuu2013-07-16 07:35:19 -------- d-----w- C:\Program Files (x86)\Thief II - Shadows of the Metal Age2013-07-16 04:48:46 -------- d-----w- C:\Program Files (x86)\Thief III - Deadly Shadows2013-07-16 04:45:50 -------- d-----w- C:\Program Files (x86)\Thief II - The Metal Age2013-07-16 04:32:28 51472 ----a-w- C:\Windows\SysWow64\dllcache\IMAGECFG.exe2013-07-16 04:32:28 -------- d-----w- C:\Windows\SysWow64\dllcache2013-07-16 04:32:27 51472 ----a-w- C:\Windows\SysWow64\IMAGECFG.exe2013-07-16 04:28:13 -------- d-----w- C:\Program Files (x86)\Thief - Gold Edition2013-07-16 03:35:30 144384 ----a-w- C:\Windows\System32\tssdisai.dll2013-07-16 03:00:58 -------- d-----w- C:\ProgramData\StarApp2013-07-16 03:00:19 -------- d-----w- C:\Windows\SysWow64\X862013-07-16 03:00:19 -------- d-----w- C:\Windows\SysWow64\AMD642013-07-16 03:00:19 -------- d-----w- C:\Program Files (x86)\EZDownloader2013-07-16 02:38:49 -------- d-----w- C:\ProgramData\InstallMate2013-07-10 12:31:48 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll2013-07-10 12:31:47 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 12:31:46 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 12:31:46 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 12:31:46 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 12:31:45 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll2013-07-10 12:31:44 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll2013-07-10 12:30:41 4036096 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 12:30:37 1838080 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 12:30:37 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-07-10 12:30:35 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 12:30:34 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 12:30:24 595968 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 12:30:23 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 12:30:06 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-09 17:51:28 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent2013-07-09 17:51:10 -------- d-----w- C:\Users\EL LOBO GRANDE\AppData\Local\CRE.==================== Find3M ====================.2013-08-05 19:18:06 401 ----a-w- C:\Users\EL LOBO GRANDE\AppData\Roaming\sp_data.sys2013-06-30 18:42:49 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll2013-06-28 15:57:53 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-06-28 15:57:53 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr2013-05-08 06:10:12 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll.============= FINISH: 15:38:42.99 =============== Link to post Share on other sites More sharing options...
Maniac Posted August 5, 2013 ID:711360 Share Posted August 5, 2013 How are things now? Link to post Share on other sites More sharing options...
grimly92x Posted August 6, 2013 Author ID:711475 Share Posted August 6, 2013 The toolbars are gone and the computer is running faster than before. The only problem I can see is that when loading any page from Chrome I can see the tidynetworks site being connected to. Link to post Share on other sites More sharing options...
Maniac Posted August 6, 2013 ID:711623 Share Posted August 6, 2013 Okay, let's take a deeper look: Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
grimly92x Posted August 6, 2013 Author ID:711639 Share Posted August 6, 2013 OTL logfile created on: 8/6/2013 12:37:51 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EL LOBO GRANDE\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.46 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.83% Memory free5.96 Gb Paging File | 4.27 Gb Available in Paging File | 71.68% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 444.45 Gb Total Space | 326.69 Gb Free Space | 73.50% Space Free | Partition Type: NTFS Computer Name: GRIMDIAL | User Name: EL LOBO GRANDE | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/08/06 12:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EL LOBO GRANDE\Desktop\OTL.exePRC - [2013/07/07 18:59:34 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exePRC - [2013/07/02 06:20:38 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exePRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/10/31 16:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exePRC - [2012/10/26 18:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exePRC - [2012/10/17 23:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exePRC - [2012/10/05 19:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exePRC - [2012/09/18 16:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exePRC - [2012/09/14 17:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exePRC - [2012/09/11 18:01:34 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exePRC - [2012/09/11 18:01:30 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exePRC - [2012/08/31 23:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exePRC - [2012/07/25 13:53:18 | 001,558,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exePRC - [2012/05/28 14:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exePRC - [2012/04/13 14:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exePRC - [2011/11/21 18:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exePRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.binPRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe ========== Modules (No Company Name) ========== MOD - [2013/07/22 00:48:36 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\1f8e89f1344171031271d80ff21366ec\UIAutomationTypes.ni.dllMOD - [2013/07/13 16:47:05 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a78b71db2984a6ec1cf110e4118603f3\System.Xml.ni.dllMOD - [2013/07/13 16:46:43 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\05b44a1e63e3783b11917d612cf75d5f\System.Xaml.ni.dllMOD - [2013/07/13 16:46:38 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cae4b27345e2bab9e11b8c9c8ca3fe83\System.Windows.Forms.ni.dllMOD - [2013/07/13 16:44:45 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6a84c818148c37e1585c0422cae02fb0\System.Drawing.ni.dllMOD - [2013/07/13 16:44:20 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5f9957f3dee5c7bc9f1bef69a923cf9d\System.Configuration.ni.dllMOD - [2013/07/13 16:44:16 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\178b22f2da7c2497aa67a36f4edf0674\PresentationFramework.Aero2.ni.dllMOD - [2013/07/13 16:44:03 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\f7eb12f973b31390974c3858523fd3cb\PresentationFramework.ni.dllMOD - [2013/07/13 16:43:23 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\df2f0c372aad4d363f071625a9df28e7\PresentationCore.ni.dllMOD - [2013/07/13 16:42:41 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6531f34b3e528a70be121dee8ee129fa\WindowsBase.ni.dllMOD - [2013/07/13 16:42:18 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9823be5b56f36a3be7905df81b9c3683\System.ni.dllMOD - [2013/07/13 16:41:52 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dllMOD - [2012/09/11 18:01:28 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dllMOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)SRV:64bit: - [2013/03/28 21:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2013/01/28 21:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2012/11/23 13:23:20 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2012/11/23 13:22:56 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2012/11/23 13:22:53 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV - [2013/07/09 21:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/07/02 06:20:38 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/11/23 13:22:53 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2012/10/05 19:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2012/04/13 14:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)SRV - [2011/11/21 18:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/28 11:57:53 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)DRV:64bit: - [2013/06/28 11:57:53 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)DRV:64bit: - [2013/06/28 11:57:53 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)DRV:64bit: - [2013/06/01 07:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/28 22:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2013/03/28 21:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)DRV:64bit: - [2013/02/14 07:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)DRV:64bit: - [2013/01/28 21:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2013/01/28 19:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2012/11/23 13:22:53 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2012/11/23 13:22:53 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2012/11/23 13:22:53 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2012/10/31 16:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2012/10/11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)DRV:64bit: - [2012/10/11 01:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)DRV:64bit: - [2012/09/18 16:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)DRV:64bit: - [2012/09/14 01:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)DRV:64bit: - [2012/08/23 00:18:40 | 003,624,960 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)DRV:64bit: - [2012/08/01 23:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)DRV:64bit: - [2012/07/30 12:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2012/07/25 22:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2012/07/23 01:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)DRV:64bit: - [2012/07/23 01:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)DRV:64bit: - [2012/06/23 19:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/06/23 10:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)DRV:64bit: - [2012/06/18 06:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)DRV:64bit: - [2012/06/02 10:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)DRV:64bit: - [2012/06/02 10:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2012/06/02 10:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)DRV:64bit: - [2012/05/30 23:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)DRV - [2011/09/07 13:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)DRV - [2009/07/02 21:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JSIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comIE - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.comIE - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\EL LOBO GRANDE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/07/03 10:24:40 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllCHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dllCHR - Extension: Google Docs = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: TidyNetwork.com = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhncoiobiengfommbkbedpcejgpmpj\5.0.0.0_0\CHR - Extension: Wolf and the Ice Planet = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck\1_0\CHR - Extension: Freemake Video Converter = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\CHR - Extension: Gmail = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hostsO2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\EL LOBO GRANDE\AppData\Local\DefineExt\temp.dat File not foundO3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe (ASUS Cloud Corporation)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001..\Run: [EPSON171396 (Epson Stylus NX430)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\ELLOBO~1\AppData\Local\Temp\E_S2876.tmp" /EF "HKCU" File not foundO4 - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001..\Run: [Facebook Update] C:\Users\EL LOBO GRANDE\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)O4 - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001..\Run: [spotify] C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)O4 - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001..\Run: [spotify Web Helper] C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O4 - HKU\S-1-5-21-2030453646-4111714286-3060093009-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)O4 - Startup: C:\Users\EL LOBO GRANDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3368CB-939B-42A7-8028-B4173E025AB4}: DhcpNameServer = 192.168.1.1O18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/06 12:36:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EL LOBO GRANDE\Desktop\OTL.exe[2013/08/05 15:34:26 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\Desktop\RK_Quarantine[2013/08/05 15:07:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/08/05 15:03:43 | 000,562,008 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\EL LOBO GRANDE\Desktop\JRT.exe[2013/08/05 14:52:19 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EL LOBO GRANDE\Desktop\dds.scr[2013/07/30 21:47:40 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\Desktop\New folder[2013/07/29 18:11:19 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\OpenOffice.org[2013/07/29 14:04:05 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1[2013/07/29 14:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE[2013/07/29 14:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3[2013/07/29 13:54:02 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake[2013/07/29 13:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork.com[2013/07/29 13:53:29 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Local\DefineExt[2013/07/21 15:00:56 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Local\Facebook[2013/07/19 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\New folder[2013/07/19 15:25:43 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\uuuuuuuuuu[2013/07/16 03:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thief II - Shadows of the Metal Age[2013/07/16 01:15:20 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\Documents\Thief - Deadly Shadows[2013/07/16 00:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thief III - Deadly Shadows[2013/07/16 00:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thief II - The Metal Age[2013/07/16 00:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief - Keeper's Collection[2013/07/16 00:32:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\dllcache[2013/07/16 00:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thief - Gold Edition[2013/07/15 23:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp[2013/07/15 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader[2013/07/15 23:00:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\X86[2013/07/15 23:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EZDownloader[2013/07/15 23:00:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AMD64[2013/07/15 22:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate[2013/07/12 01:23:07 | 000,000,000 | R--D | C] -- C:\Users\EL LOBO GRANDE\Documents\Notes[2013/07/09 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent[2013/07/09 13:51:10 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Local\CRE ========== Files - Modified Within 30 Days ========== [2013/08/06 12:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EL LOBO GRANDE\Desktop\OTL.exe[2013/08/06 12:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/08/06 11:18:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/08/06 10:51:01 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2030453646-4111714286-3060093009-1001UA.job[2013/08/05 23:46:09 | 000,000,401 | ---- | M] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\sp_data.sys[2013/08/05 23:45:54 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/08/05 23:44:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2013/08/05 23:44:44 | 2969,829,376 | -HS- | M] () -- C:\hiberfil.sys[2013/08/05 15:31:02 | 003,800,064 | ---- | M] () -- C:\Users\EL LOBO GRANDE\Desktop\RogueKillerX64.exe[2013/08/05 15:15:54 | 000,000,310 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat[2013/08/05 15:14:34 | 000,666,633 | ---- | M] () -- C:\Users\EL LOBO GRANDE\Desktop\AdwCleaner.exe[2013/08/05 15:03:47 | 000,562,008 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\EL LOBO GRANDE\Desktop\JRT.exe[2013/08/05 14:52:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EL LOBO GRANDE\Desktop\dds.scr[2013/08/05 13:51:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2030453646-4111714286-3060093009-1001Core.job[2013/08/05 05:31:09 | 000,000,005 | ---- | M] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\WBPU-TTL.DAT[2013/08/01 12:22:20 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/07/29 18:11:59 | 000,001,201 | ---- | M] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk[2013/07/29 18:00:01 | 000,298,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/07/29 14:04:08 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk[2013/07/29 09:35:58 | 000,000,073 | ---- | M] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\WB.CFG[2013/07/27 00:43:57 | 002,743,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/07/27 00:43:57 | 000,799,196 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat[2013/07/27 00:43:57 | 000,797,120 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat[2013/07/27 00:43:57 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/07/27 00:43:57 | 000,162,488 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat[2013/07/27 00:43:57 | 000,155,218 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat[2013/07/27 00:43:57 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/07/24 18:48:26 | 000,000,043 | ---- | M] () -- C:\Users\EL LOBO GRANDE\Desktop\New Text Document.vbs[2013/07/24 18:47:50 | 000,000,043 | ---- | M] () -- C:\Users\EL LOBO GRANDE\Desktop\google chrome.vbs[2013/07/19 14:54:15 | 000,001,744 | ---- | M] () -- C:\Users\EL LOBO GRANDE\Desktop\obse_loader - Shortcut.lnk[2013/07/16 03:38:02 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\Thief II - Shadows of the Metal Age.lnk[2013/07/16 00:52:23 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Thief III - Deadly Shadows.lnk[2013/07/16 00:48:12 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Thief II - The Metal Age.lnk[2013/07/16 00:32:32 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Thief - Gold Edition.lnk[2013/07/15 23:00:22 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\EZDownloader.lnk[2013/07/12 01:23:48 | 000,001,440 | ---- | M] () -- C:\Users\EL LOBO GRANDE\Desktop\Journal - Shortcut.lnk ========== Files Created - No Company Name ========== [2013/08/05 15:30:47 | 003,800,064 | ---- | C] () -- C:\Users\EL LOBO GRANDE\Desktop\RogueKillerX64.exe[2013/08/05 15:15:34 | 000,000,310 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat[2013/08/05 15:14:32 | 000,666,633 | ---- | C] () -- C:\Users\EL LOBO GRANDE\Desktop\AdwCleaner.exe[2013/07/29 18:11:59 | 000,001,201 | ---- | C] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk[2013/07/29 14:04:08 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk[2013/07/27 01:31:04 | 000,000,073 | ---- | C] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\WB.CFG[2013/07/24 18:48:26 | 000,000,043 | ---- | C] () -- C:\Users\EL LOBO GRANDE\Desktop\New Text Document.vbs[2013/07/24 18:47:49 | 000,000,043 | ---- | C] () -- C:\Users\EL LOBO GRANDE\Desktop\google chrome.vbs[2013/07/21 15:01:12 | 000,000,982 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2030453646-4111714286-3060093009-1001UA.job[2013/07/21 15:01:10 | 000,000,960 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2030453646-4111714286-3060093009-1001Core.job[2013/07/20 05:19:36 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml[2013/07/19 14:54:15 | 000,001,744 | ---- | C] () -- C:\Users\EL LOBO GRANDE\Desktop\obse_loader - Shortcut.lnk[2013/07/17 01:05:48 | 000,298,216 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/07/16 03:38:02 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\Thief II - Shadows of the Metal Age.lnk[2013/07/16 00:52:23 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Thief III - Deadly Shadows.lnk[2013/07/16 00:48:12 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Thief II - The Metal Age.lnk[2013/07/16 00:32:32 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Thief - Gold Edition.lnk[2013/07/15 23:00:22 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\EZDownloader.lnk[2013/07/12 01:23:48 | 000,001,440 | ---- | C] () -- C:\Users\EL LOBO GRANDE\Desktop\Journal - Shortcut.lnk[2013/06/30 14:31:03 | 000,000,005 | ---- | C] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\WBPU-TTL.DAT[2013/06/18 15:24:35 | 000,000,401 | ---- | C] () -- C:\Users\EL LOBO GRANDE\AppData\Roaming\sp_data.sys[2013/03/28 22:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe[2013/03/28 22:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe[2013/02/19 23:01:48 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2013/02/19 23:01:48 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2013/02/19 23:01:48 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2013/02/19 22:56:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll[2012/11/23 13:22:56 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll[2012/11/23 12:32:22 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe[2012/11/23 12:32:22 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd[2012/11/23 12:32:22 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2012/07/25 16:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin[2012/07/25 16:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013/06/30 14:45:17 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/06/18 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\ASUS WebStorage[2013/06/29 18:32:14 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Image Editor Packages[2013/07/29 18:11:19 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\OpenOffice.org[2013/08/06 12:39:25 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Spotify[2013/08/02 21:56:58 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent[2013/08/02 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/6/2013 12:39:39 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EL LOBO GRANDE\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.46 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.83% Memory free5.96 Gb Paging File | 4.27 Gb Available in Paging File | 71.68% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 444.45 Gb Total Space | 326.69 Gb Free Space | 73.50% Space Free | Partition Type: NTFS Computer Name: GRIMDIAL | User Name: EL LOBO GRANDE | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2030453646-4111714286-3060093009-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{16C13DB4-3FD9-45E6-8ADC-F0111973E6BF}" = lport=138 | protocol=17 | dir=in | app=system | "{1DB4529B-6C5E-4858-A398-7C04F1E4DD81}" = lport=139 | protocol=6 | dir=in | app=system | "{24C74D64-29A7-4041-9979-5584C0C3DDF3}" = lport=2869 | protocol=6 | dir=in | app=system | "{29A1A3A4-11AC-49D4-BE8D-61A269E996F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2F28DEBF-3AB0-4BF8-AE29-9650AC8C072F}" = rport=10243 | protocol=6 | dir=out | app=system | "{38114C48-07C1-4B46-BCE4-91B2A5ABD7A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D98B249-E416-4D64-9E85-AA7999DFD943}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{50E89CD8-493E-4DAA-866D-99FBCC9C9DFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{54A8C7FD-8BB5-4660-896F-E5891F129B69}" = rport=137 | protocol=17 | dir=out | app=system | "{815561F8-0CBF-4972-9E52-D1D517B76560}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8A9C5E5D-3B43-4B3E-AD0C-3974C7EFA9CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8CFA2A7F-C57B-4ADA-B080-D48A8B604E86}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{95831175-A466-4A47-9E4F-649720019C94}" = rport=445 | protocol=6 | dir=out | app=system | "{9F25673E-3DA9-4AF5-B8D3-22A598095E76}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BC61B6F4-D179-45DC-9F0B-F16926B55FB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C58A8B59-48FA-4DA0-9FE6-91C9C912AD75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{CDB0C54F-6CB1-4F8D-BD4D-341DC3E9033F}" = lport=10243 | protocol=6 | dir=in | app=system | "{CF0C5927-707E-4D3A-958E-63CDBD2035CB}" = rport=138 | protocol=17 | dir=out | app=system | "{D28A567C-AF50-45C7-8D32-652D9B383304}" = rport=139 | protocol=6 | dir=out | app=system | "{D7EE1067-FAAC-4695-BFA5-A3098A2D1A58}" = lport=137 | protocol=17 | dir=in | app=system | "{DB5DD150-593E-4EE8-9366-D051FA49E182}" = lport=445 | protocol=6 | dir=in | app=system | "{EF61267D-0B33-414A-8174-EF0CF9C01F36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F6A5A44D-72D2-4A98-88B2-2C2667B5A6A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00ADFE41-7401-407A-BA8D-BD7AFE047180}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{040494FB-A713-452A-9009-24F045F6A4DB}" = dir=in | name=youtube player/downloader - megatube | "{09322C8C-47B9-4476-B3BD-557B90789B1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0CBDF31A-87F4-4A16-9D40-B410EAF0CDB4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{11E6007F-DA14-4AD9-9080-BE71F7DC2EA3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{1DCF2861-B34F-4984-A4C7-0B96A33A14C9}" = protocol=6 | dir=out | app=system | "{253233FF-894E-4515-A48D-B97557525EE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4C62FE40-5003-4323-A473-AEDB247F3D6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{53D50BE0-54AD-4813-8A02-CB68B14C2C0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{575CCA08-BF81-4D04-B2CF-ECE700628664}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | "{5D4CAEB3-F33B-42B4-981E-CEA45C021063}" = dir=out | name=tips and info | "{6A482194-7B7E-4783-B9F3-486A60C07DA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6AB73228-3786-44E1-8F27-C63452F261C8}" = dir=out | name=fresh paint | "{6D988606-3266-4EFD-B9B8-17D0682C0438}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{714B2E62-F3EC-4E3D-A2AD-2D3BE060A31B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7DAC9D26-F0D8-4EF0-AC84-F1A92786D163}" = dir=out | name=youtube player/downloader - megatube | "{88B47537-A2D6-4304-9D9C-4AF7F9B5C8CA}" = dir=in | app=c:\users\el lobo grande\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{88F0E062-760C-4671-8807-3BB6BDF44F8C}" = dir=out | name=windows_ie_ac_001 | "{9668DDEB-8018-45E1-894D-C3A2FF267CA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{99F5C681-631D-45B5-85CE-BB9277E68735}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9CF72C56-F516-45B6-BC95-757169F0FEFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A837C87C-BA8A-4F3F-A59A-F038252E91A5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{A8F6257E-29D4-4768-ADFC-01507E837D0C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B25B389A-0E7A-4F56-9DB0-C1C8D503E586}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B45E6172-F72E-4F40-8F47-FA3684F2BDA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B7557380-F1D3-4AE6-9BAC-DE1F69448ECB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C7BF307E-C452-4154-9A9D-34BA3F3165A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | "{C99EF6C5-4849-4B2C-BA24-46003ABE635A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CAD8EB86-027D-41B2-B5FC-CD98678F2AB4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{CB734511-B1D2-4B52-9463-258FEF9792CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CDFBEAED-A907-42E4-90EE-7C9A8D5117A7}" = dir=out | name=adera | "{CE122F02-114C-412D-9ED7-48147F4D5C25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D1E42FFA-6E24-4055-88C0-B09A38E4980D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D22AB32F-799E-4D95-9910-9C81812F1A3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E577A833-B54E-40C0-B10B-92783695DF26}" = dir=out | name=skype | "{E6017FE6-D23F-4EA7-AA25-45EC110EEEED}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{E99FE4AD-5A74-46B2-9E2B-4563EA85A7BA}" = dir=in | name=skype | "{EFA2C92B-9D41-497D-839E-EE034B44F0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F2A40CC9-8C46-4DA2-BB1A-CD5D32D6A770}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{F794B58F-DFE0-4D12-AF18-06AF17ACF091}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{FA0C5D8E-2348-4DB4-89BA-59E225E93921}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "TCP Query User{F332E980-35CB-466E-BD99-0DDE08769EFF}C:\users\el lobo grande\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\el lobo grande\appdata\roaming\spotify\spotify.exe | "TCP Query User{FCB984E4-2A78-45A4-8D39-3725F6AA7E2E}C:\users\el lobo grande\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\el lobo grande\appdata\roaming\spotify\spotify.exe | "UDP Query User{1DAA369C-2523-4B86-B686-ADDB8F14C922}C:\users\el lobo grande\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\el lobo grande\appdata\roaming\spotify\spotify.exe | "UDP Query User{6B1D9B83-6950-4E46-9E67-22E1AF696A9C}C:\users\el lobo grande\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\el lobo grande\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{2AE2789B-454A-0A8D-D848-38F1F7070C73}" = AMD Catalyst Install Manager"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{5AD06A0A-1B07-F618-B880-688FCDE74079}" = AMD Accelerated Video Transcoding"{92975EB0-17E5-5FB4-F4CA-D7E4DA7FA085}" = AMD Fuel"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64"{F9D06DFC-32E9-F40A-230C-9673E8DDC2F6}" = ccc-utility64"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)"EPSON NX430 Series" = EPSON NX430 Series Printer Uninstall [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0201CB85-955D-60E0-4EC0-380D3B7FB80E}" = CCC Help Thai"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology"{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1" = EZDownloader"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker"{1456C739-DD89-70D6-E2C0-AF5CDDA5D90F}" = CCC Help Chinese Traditional"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack"{18406507-8ABA-4397-9287-58F9A9BBD689}_is1" = Thief II - Shadows of the Metal Age"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials"{20B0DF0F-10F7-64EF-4EA0-C82642223AC2}" = CCC Help Russian"{265F885E-107E-A142-500D-5E86D3176D2F}" = CCC Help Greek"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion"{38136734-7051-347E-59C7-FF6CB35543ED}" = Catalyst Control Center InstallProxy"{3960C198-FEC4-C593-2248-0A5FDB8FF88A}" = CCC Help Hungarian"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos"{4665F775-11B5-AEFB-8861-47703834248B}" = CCC Help German"{46A2018B-3954-0B0C-F5EE-FDB07E405889}" = CCC Help Korean"{4A3BFBE9-1FDD-E558-025E-E296E8F3CA34}" = Catalyst Control Center Localization All"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries"{553C9E3C-CC38-3C7B-4188-23C747273237}" = CCC Help Danish"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker"{5C4C1F60-F86D-0494-C496-42B1B16DBEBC}" = AMD VISION Engine Control Center"{6A4A9DC2-AC2E-BAA4-FB72-5B09B444D4C9}" = CCC Help English"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform"{6BB6DA0C-58DB-0163-E446-2B315041B4FC}" = CCC Help Polish"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn"{7E94B0E5-83E6-F980-F81E-2E74655DE671}" = CCC Help French"{7FB95D00-6B0C-5075-B689-1F8F50024CC0}" = Catalyst Control Center Graphics Previews Common"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live"{8DC71E37-9530-10E1-F73D-8E6880A17C26}" = CCC Help Finnish"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{8F05F450-C755-F948-C218-7788DC4F51F7}" = CCC Help Japanese"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A103196A-792C-A348-F6E5-0DCB33DC6D0A}" = CCC Help Norwegian"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker"{A30B38FA-99DA-97DD-F8DB-F8252C140651}" = CCC Help Portuguese"{A8486C38-2301-46B8-8FEB-C1316B93AF87}_is1" = Thief - Gold Edition"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI"{B6F6F91F-CEE7-0030-3436-5DDDB1B07046}" = CCC Help Dutch"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287"{BE3EF4B9-5E0F-4525-927C-DCFEF7902BE5}_is1" = Thief II - The Metal Age"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials"{C127399A-BFB5-C9C2-F1D7-89E4C27AAF99}" = CCC Help Turkish"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common"{D50FF6FD-CF9C-4A9A-9160-4B089023E914}_is1" = Thief III - Deadly Shadows"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common"{DC06C90B-C5BE-42F6-B74D-A9503170998C}" = ASUS Product Demo Movie "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E1B9CA9C-4403-184D-1FDC-647D360664C6}" = CCC Help Italian"{E34CBAE0-5464-0542-5761-DEA44B32B5C0}" = CCC Help Czech"{E44C0D5F-CAD6-80AE-5686-3F6C0AA1440E}" = CCC Help Swedish"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding"{EC6663B3-177C-3484-12A5-24B37983AAC2}" = CCC Help Chinese Standard"{ED110DBC-19EC-6243-F26B-162DB415F19E}" = CCC Help Spanish"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE"ASUS WebStorage" = ASUS WebStorage Sync Agent"avast" = avast! Free Antivirus"Google Chrome" = Google Chrome"Image Converter Image Converter" = Image Converter"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"MyBitCast" = MyBitCast 2.0"Steam App 440" = Team Fortress 2"Thief2DeinstallKey" = Thief 2"ThiefGoldDeinstallKey" = Thief Gold"WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2030453646-4111714286-3060093009-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"DSite" = Update for Image Editor"Image Editor Packages" = Image Editor Packages"Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 7/23/2013 1:05:11 PM | Computer Name = GRIMDIAL | Source = Application Hang | ID = 1002Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 41c Start Time: 01ce87c6b4443df4 Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe Report Id: fc2d6c56-f3b9-11e2-be8a-60a44c04deda Faulting package full name: Microsoft.ZuneMusic_1.4.18.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneMusic Error - 7/23/2013 1:05:12 PM | Computer Name = GRIMDIAL | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error - 7/24/2013 6:56:55 PM | Computer Name = GRIMDIAL | Source = Application Error | ID = 1000Description = Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9 Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9 Exception code: 0xc0000005 Fault offset: 0x000000000002ea19 Faulting process id: 0x8a0 Faulting application start time: 0x01ce88c116d9bcdd Faulting application path: C:\Windows\system32\atieclxx.exe Faulting module path: C:\Windows\system32\atieclxx.exeReport Id: 55d429be-f4b4-11e2-be8f-60a44c04deda Faulting package full name: Faulting package-relative application ID: Error - 7/25/2013 2:56:14 AM | Computer Name = GRIMDIAL | Source = Customer Experience Improvement Program | ID = 1008Description = Error - 7/25/2013 4:58:45 PM | Computer Name = GRIMDIAL | Source = Application Hang | ID = 1002Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14bc Start Time: 01ce88ebbde431ab Termination Time: 317 Application Path: C:\Windows\system32\wwahost.exe Report Id: fbf55b82-f56c-11e2-be8f-60a44c04deda Faulting package full name: Microsoft.ZuneVideo_1.4.19.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneVideo Error - 7/26/2013 2:09:30 AM | Computer Name = GRIMDIAL | Source = Application Hang | ID = 1002Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f68 Start Time: 01ce8979c222369f Termination Time: 0 Application Path: C:\Windows\system32\wwahost.exe Report Id: e00a2a78-f5b9-11e2-be8f-60a44c04deda Faulting package full name: Microsoft.ZuneVideo_1.4.19.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneVideo Error - 7/26/2013 2:09:30 AM | Computer Name = GRIMDIAL | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error - 7/26/2013 6:27:01 PM | Computer Name = GRIMDIAL | Source = Application Hang | ID = 1002Description = The program FreemakeVC.exe version 4.0.2.7 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2bb4 Start Time: 01ce89bf2585998b Termination Time: 437 Application Path: C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe Report Id: 6d7599fb-f642-11e2-be8f-60a44c04deda Faulting package full name: Faulting package-relative application ID: Error - 7/28/2013 12:42:44 PM | Computer Name = GRIMDIAL | Source = Customer Experience Improvement Program | ID = 1008Description = Error - 7/29/2013 1:52:53 PM | Computer Name = GRIMDIAL | Source = CltMngSvc | ID = 1000Description = [ System Events ]Error - 8/2/2013 12:11:20 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36874Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 8/2/2013 12:11:20 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36888Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. Error - 8/2/2013 12:12:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36874Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 8/2/2013 12:12:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36888Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. Error - 8/2/2013 12:12:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36874Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 8/2/2013 12:12:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36888Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. Error - 8/2/2013 12:13:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36874Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 8/2/2013 12:13:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36888Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. Error - 8/2/2013 12:13:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36874Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 8/2/2013 12:13:21 AM | Computer Name = GRIMDIAL | Source = Schannel | ID = 36888Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. < End of report > Link to post Share on other sites More sharing options...
Maniac Posted August 6, 2013 ID:711645 Share Posted August 6, 2013 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTL CHR - Extension: TidyNetwork.com = C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhncoiobiengfommbkbedpcejgpmpj\5.0.0.0_0\ [2013/07/29 13:54:02 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake [2013/07/29 13:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork.com [2013/07/29 13:53:29 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Local\DefineExt [2013/07/09 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent [2013/07/09 13:51:10 | 000,000,000 | ---D | C] -- C:\Users\EL LOBO GRANDE\AppData\Local\CRE [2013/08/02 21:56:58 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent [2013/08/02 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake :files ipconfig /flushdns /c :Commands [emptytemp] [clearallrestorepoints]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply.Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Link to post Share on other sites More sharing options...
grimly92x Posted August 6, 2013 Author ID:711702 Share Posted August 6, 2013 All processes killed========== OTL ==========C:\Users\EL LOBO GRANDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhncoiobiengfommbkbedpcejgpmpj\5.0.0.0_0 folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake\dat\update folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake\dat folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake folder moved successfully.C:\Program Files (x86)\TidyNetwork.com folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Local\DefineExt folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent\share folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent\Cache folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent\apps folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent folder moved successfully.C:\Users\EL LOBO GRANDE\AppData\Local\CRE folder moved successfully.Folder C:\Users\EL LOBO GRANDE\AppData\Roaming\uTorrent\ not found.Folder C:\Users\EL LOBO GRANDE\AppData\Roaming\Web Cake\ not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\EL LOBO GRANDE\Desktop\cmd.bat deleted successfully.C:\Users\EL LOBO GRANDE\Desktop\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: EL LOBO GRANDE->Temp folder emptied: 529879248 bytes->Temporary Internet Files folder emptied: 461863495 bytes->Google Chrome cache emptied: 410253957 bytes->Flash cache emptied: 8409 bytes User: hedev->Temp folder emptied: 43164427 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 182815601 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytesRecycleBin emptied: 1629504223 bytes Total Files Cleaned = 3,107.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 08062013_160059 Files\Folders moved on Reboot...C:\Users\EL LOBO GRANDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Maniac Posted August 7, 2013 ID:711922 Share Posted August 7, 2013 What is the situation now? Link to post Share on other sites More sharing options...
grimly92x Posted August 8, 2013 Author ID:712636 Share Posted August 8, 2013 I haven't seen any more traffic from TidyNetwork, so everything looks fine right now. If anything comes up i'll post again, but it looks alright. Thanks for all the assistance! Link to post Share on other sites More sharing options...
Maniac Posted August 9, 2013 ID:712838 Share Posted August 9, 2013 Glad I could help! Please re-run OTL and click on CleanUp button. Next:Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesSome malware prevention tips: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 12, 2013 Root Admin ID:714227 Share Posted August 12, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts