Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #16  
Old December 20th, 2011, 04:27 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Let's clean up a few things. Run OTL.exe (Windows Vista and Windows7 users, right click on OTL.exe and then click Run as Administrator.)
Do not run a scan.
Copy the contents of the code box and paste them into the Custom scans/fixes box at the bottom. Then click the Run Fix button.

When finished a log will open. Please post the contents of that log here.

Code:
:OTL 

O3 - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)

[3 C:\Users\J. Michael\Desktop\*.tmp files -> C:\Users\J. Michael\Desktop\*.tmp -> ]
 

[2011/12/16 12:22:44 | 000,009,498 | -HS- | M] () -- C:\Users\J. Michael\AppData\Local\qivhlh1u5udy0ppx2sfe2h812s8r
[2011/12/16 12:22:44 | 000,009,498 | -HS- | M] () -- C:\ProgramData\qivhlh1u5udy0ppx2sfe2h812s8r

[2011/12/15 23:41:37 | 000,009,258 | -HS- | M] () -- C:\ProgramData\786687y7c168q428n153s8xbl4s1
[2011/12/15 23:41:36 | 000,009,258 | -HS- | M] () -- C:\Users\J. Michael\AppData\Local\786687y7c168q428n153s8xbl4s1





Outdated software can contain security holes which malware can exploit to install itself in your system.
Your java is out of date:

Please go here and update both your 32 bit & 64 bit java:
http://java.com/en/download/manual.jsp


Some of these installers, although legitimate, will have extras like the ASK toolbar automatically selected to be installed. Uncheck anything extra and only install what you set out to install originally.


Then uninstall the followiung
(while in Regular Windows, not Safe Mode)


Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 26

-----------------

Please update your Avast free AV, then run ASWmBR.exe and see if you still receive that same error. Let me know. ASWmbr.exe peforms an AV scan on certain folders using the Avast Definitions.
Whenever you run Roguekiller, a new RKReport is created. They are numbered. If you were to run it again, the log woould be named RKreport(5).txt.
Reply With Quote


  #17  
Old December 20th, 2011, 04:29 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Next, I'd like you to run something so we can get a more in depth look at your drive partitions.

Copy the contents of the code box to notepad.
Name the file dpart.bat
Save as Type: All files
Save someplace convenient like the desktop.
Double click on dpart.bat to run it. (Vista and Windows 7 users right-click on dpart.bat and click Run As Administrator.)

When the dpart.bat has finished running, a file named logfile.txt will open.
Please post the contents of final.txt into your next reply.
(final.txt will be located in the same folder as dpart.bat)



Code:
@echo off


Echo List volume >"%~dp0\dscript.txt"
Echo List Disk >> "%~dp0\dscript.txt"
Echo exit  >> "%~dp0\dscript.txt"
If Exist "%~dp0\d.txt"  del "%~dp0\d.txt"

diskpart /s "%~dp0\dscript.txt">"%~dp0\logfile.txt"

type "%~dp0\logfile.txt">"%~dp0\final.txt"

If Exist "%~dp0\p.txt"  del "%~dp0\p.txt"
Type "%~dp0\logfile.txt"|find /i "Online" > "%~dp0\disk.txt"



For /f "tokens=2" %%a in ('type "%~dp0\disk.txt"') do echo select disk %%a >>"%~dp0\d.txt"  & echo List Partition >>"%~dp0\d.txt" & echo select disk %%a >>"%~dp0\p.txt" & echo List Partition >>"%~dp0\p.txt"
echo exit >> "%~dp0\d.txt"

echo ============================================>>"%~dp0\final.txt"


diskpart /s "%~dp0\d.txt" >>"%~dp0\logfile.txt"

echo exit >> "%~dp0\p.txt"


echo exit >> "%~dp0\l.txt"
diskpart /s "%~dp0\p.txt" >"%~dp0\l.txt"


 Type "%~dp0\l.txt"|findstr /i "selected Primary" > "%~dp0\l2.txt"

 Type "%~dp0\l.txt">>"%~dp0\final.txt"


echo .>>"%~dp0\final.txt"
echo .>>"%~dp0\final.txt"
 If exist "%~dp0\l.txt" del "%~dp0\l.txt"



for /f "tokens=1,2" %%b in ('type "%~dp0\l2.txt"') do echo Select %%b %%c >> "%~dp0\l3.txt"  & echo %%b|find /i "Partition">>null &&  echo Detail  %%b  >> "%~dp0\l3.txt" 
echo . >>"%~dp0\final.txt"
echo . >>"%~dp0\final.txt"
echo ============================================>>"%~dp0\final.txt"

echo  Checking Primary Partitions on Disks >>"%~dp0\final.txt"


echo ============================================>>"%~dp0\final.txt"

echo exit >> "%~dp0\l3.txt"

diskpart /s "%~dp0\l3.txt"  >>"%~dp0\final.txt"




 Start notepad "%~dp0\final.txt"

If exist "%~dp0\l2.txt" del "%~dp0\l2.txt"
If exist "%~dp0\l3.txt"  del "%~dp0\l3.txt"


If exist "%~dp0\d.txt"  del "%~dp0\d.txt"
If exist "%~dp0\dscript.txt"  del "%~dp0\dscript.txt"
If exist "%~dp0\disk.txt"  del "%~dp0\disk.txt"
If exist "%~dp0\logfile.txt"  del "%~dp0\logfile.txt"
If exist "%~dp0\p.txt"  del "%~dp0\p.txt"
Reply With Quote
  #18  
Old December 21st, 2011, 04:18 AM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
OK. Here is the OTL log:

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1822810635-4175533143-411407106-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE 3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C84 0-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C84 0-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C84 0-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C84 0-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
C:\Users\J. Michael\Desktop\~WRL0003.tmp deleted successfully.
C:\Users\J. Michael\Desktop\~WRL0004.tmp deleted successfully.
C:\Users\J. Michael\Desktop\~WRL2722.tmp deleted successfully.
C:\Users\J. Michael\AppData\Local\qivhlh1u5udy0ppx2sfe2h812s8r moved successfully.
C:\ProgramData\qivhlh1u5udy0ppx2sfe2h812s8r moved successfully.
C:\ProgramData\786687y7c168q428n153s8xbl4s1 moved successfully.
C:\Users\J. Michael\AppData\Local\786687y7c168q428n153s8xbl4s1 moved successfully.
Unable to delete ADS echo off .
File G] code is On not found.

OTL by OldTimer - Version 3.2.31.0 log created on 12202011_221658
Reply With Quote
  #19  
Old December 21st, 2011, 04:52 AM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
I updated the Java, but when I went into control panel, remove programs, I didn't see
Java(TM) 6 Update 24 (64-bit) or Java(TM) 6 Update 26. I only saw the update 30s. I think that the installer got rid of the other versions. Could that be?
Reply With Quote
  #20  
Old December 21st, 2011, 05:18 AM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
Avast said that it was already updated. I was able to run the ASWMBR.exe. Here is the log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-20 23:02:11
-----------------------------
23:02:11.676 OS Version: Windows x64 6.1.7601 Service Pack 1
23:02:11.676 Number of processors: 8 586 0x2A07
23:02:11.677 ComputerName: MOBILE1-HP UserName: J. Michael
23:02:13.089 Initialize success
23:02:13.219 AVAST engine defs: 11122001
23:02:18.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:02:18.860 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
23:02:18.954 Disk 0 MBR read successfully
23:02:18.960 Disk 0 MBR scan
23:02:18.968 Disk 0 Windows 7 default MBR code
23:02:18.982 Service scanning
23:02:20.254 Modules scanning
23:02:20.263 Disk 0 trace - called modules:
23:02:20.330 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
23:02:20.340 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008385790]
23:02:20.349 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa800828cb10]
23:02:20.359 5 hpdskflt.sys[fffff88001dec189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008163050]
23:02:21.734 AVAST engine scan C:\Windows
23:02:26.568 AVAST engine scan C:\Windows\system32
23:03:24.311 AVAST engine scan C:\Windows\system32\drivers
23:03:33.912 AVAST engine scan C:\Users\J. Michael
23:14:36.107 AVAST engine scan C:\ProgramData
23:15:34.447 Scan finished successfully
23:15:50.412 Disk 0 MBR has been saved successfully to "C:\Users\J. Michael\Desktop\MBR.dat"
23:15:50.419 The log file has been saved successfully to "C:\Users\J. Michael\Desktop\NewaswMBR.txt"
Reply With Quote
  #21  
Old December 21st, 2011, 05:21 AM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
When you wrote "Whenever you run Roguekiller, a new RKReport is created. They are numbered. If you were to run it again, the log woould be named RKreport(5).txt" you meant for me to run Roguekiller again, right? Here is RKreport(5).txt:

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: J. Michael [Admin rights]
Mode: Scan -- Date : 12/20/2011 23:20:31
Bad processes: 0
Registry Entries: 1
[SUSP PATH] Update Check.job : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe -> FOUND
Particular Files / Folders:
Driver: [NOT LOADED]
Infection : Root.MBR
HOSTS File:

MBR Check:
--- User ---
[MBR] 739d487d0feea891bc0e14a931f8fb37
[BSP] 020c9e162599a6e0ef6bf64a048703f7 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 734364 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 1434716160 | Size: 15472 Mo
3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 1464936448 | Size: 107 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1a6b56e3b8874dbce1e7ab81e4003acf
[BSP] 020c9e162599a6e0ef6bf64a048703f7 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 81604 Mo
1 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 159793152 | Size: 419 Mo
Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
Reply With Quote
  #22  
Old December 21st, 2011, 05:29 AM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
Here is what I got back from dpart.bat:


Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: MOBILE1-HP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 199 MB Healthy System
Volume 2 C NTFS Partition 683 GB Healthy Boot
Volume 3 D RECOVERY NTFS Partition 14 GB Healthy
Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Leaving DiskPart...
============================================
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: MOBILE1-HP
Disk 0 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 683 GB 200 MB
Partition 3 Primary 14 GB 684 GB
Partition 4 Primary 102 MB 698 GB
Leaving DiskPart...
.
.
.
.
============================================
Checking Primary Partitions on Disks
============================================
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: MOBILE1-HP
Disk 0 is now the selected disk.
Partition 1 is now the selected partition.
Partition 1
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 1048576
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System
Partition 2 is now the selected partition.
Partition 2
Type : 07
Hidden: No
Active: No
Offset in Bytes: 209715200
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 683 GB Healthy Boot
Partition 3 is now the selected partition.
Partition 3
Type : 07
Hidden: No
Active: No
Offset in Bytes: 734574673920
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 14 GB Healthy
Partition 4 is now the selected partition.
Partition 4
Type : 0C
Hidden: No
Active: No
Offset in Bytes: 750047461376
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy
Leaving DiskPart...
Reply With Quote
  #23  
Old December 22nd, 2011, 08:39 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
I looked at the results and for a newer HP running Windows 7, your partitions look exactly as they should. The RKreport on your partitions are a bit confusing, however.

ASWMBR has now been updated. Let's run it and see if it agrees with diskpart.bat.

Delete Aswmbr.exe and download a new copy:


Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it (For Vista/Windows 7, right click the file and select: Run as Administrator)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How is your system running at this point?
Reply With Quote
  #24  
Old December 23rd, 2011, 09:29 PM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
Things seem to be running fine - no pop error messages or anything like that. Here is the new log:
aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-23 15:10:36
-----------------------------
15:10:36.298 OS Version: Windows x64 6.1.7601 Service Pack 1
15:10:36.298 Number of processors: 8 586 0x2A07
15:10:36.298 ComputerName: MOBILE1-HP UserName: J. Michael
15:10:38.716 Initialize success
15:10:38.934 AVAST engine defs: 11122300
15:11:11.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:11:11.741 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
15:11:11.788 Disk 0 MBR read successfully
15:11:11.788 Disk 0 MBR scan
15:11:11.788 Disk 0 Windows 7 default MBR code
15:11:11.803 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:11:11.834 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700345 MB offset 409600
15:11:11.866 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14756 MB offset 1434716160
15:11:11.881 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
15:11:11.897 Service scanning
15:11:13.332 Modules scanning
15:11:13.332 Disk 0 trace - called modules:
15:11:13.379 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
15:11:13.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083aa790]
15:11:13.410 3 CLASSPNP.SYS[fffff88001dca43f] -> nt!IofCallDriver -> [0xfffffa80082abb10]
15:11:13.410 5 hpdskflt.sys[fffff88001d71189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008181050]
15:11:15.298 AVAST engine scan C:\Windows
15:11:19.166 AVAST engine scan C:\Windows\system32
15:12:17.823 AVAST engine scan C:\Windows\system32\drivers
15:12:27.885 AVAST engine scan C:\Users\J. Michael
15:24:25.392 AVAST engine scan C:\ProgramData
15:25:24.844 Scan finished successfully
15:26:11.863 Disk 0 MBR has been saved successfully to "C:\Users\J. Michael\Desktop\MBR.dat"
15:26:11.879 The log file has been saved successfully to "C:\Users\J. Michael\Desktop\NewNewaswMBR.txt"
Reply With Quote
  #25  
Old December 27th, 2011, 08:59 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Sorry for the delay. I holpe you had a good Holiday.


Can you run a new otl scan please so
ican check the current status of your system?

Are thiings all in order? We can do some housekeeping once we're sure.
Reply With Quote
  #26  
Old December 28th, 2011, 03:21 AM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
Please don't worry about the delay.I had a great holiday and hope you did as well. So far things seem to be running fine. Here is the new OTL log.

OTL logfile created on: 12/27/2011 9:02:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\J. Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.96 Gb Available Physical Memory | 75.03% Memory free
15.90 Gb Paging File | 13.57 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.93 Gb Total Space | 520.04 Gb Free Space | 76.04% Space Free | Partition Type: NTFS
Drive D: | 14.41 Gb Total Space | 1.60 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: MOBILE1-HP | User Name: J. Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 20:57:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J. Michael\Desktop\OTL.exe
PRC - [2011/12/06 01:38:54 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Ac tiveX.exe
PRC - [2011/12/03 22:24:23 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/13 15:15:24 | 001,409,384 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/07/06 19:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/07/29 21:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/03 22:27:38 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torUtil\89933ca5a3d6ecfddac2f276746e939e\IAStorUti l.ni.dll
MOD - [2011/12/03 22:27:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorC ommon.ni.dll
MOD - [2011/10/12 12:04:20 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\Syst em.Xml.Linq.ni.dll
MOD - [2011/10/12 12:04:19 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.X aml.ni.dll
MOD - [2011/10/12 10:00:14 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.We b.ni.dll
MOD - [2011/10/12 10:00:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d \System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 09:59:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db \System.Windows.Forms.ni.dll
MOD - [2011/10/12 09:59:13 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\3b2cfd85528a27eb71dc41d8067359a1\Syste m.Drawing.ni.dll
MOD - [2011/10/12 09:59:01 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsB ase.ni.dll
MOD - [2011/10/12 09:58:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\130ad4d9719e566ca933ac7158a04203\System.Xm l.ni.dll
MOD - [2011/10/12 09:58:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\2d5bcbeb9475ef62189f605bcca1cec6 \System.Configuration.ni.dll
MOD - [2011/10/12 09:58:53 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 09:58:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni .dll
MOD - [2011/10/12 09:39:31 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\813a0913bea1269e48613509609e72b4 \PresentationFramework.ni.dll
MOD - [2011/10/12 09:39:20 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\8244412387a82c0acd3d63622e22cef5\Pre sentationCore.ni.dll
MOD - [2011/10/12 09:39:18 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6 \System.Windows.Forms.ni.dll
MOD - [2011/10/12 09:39:14 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\44a7d2597981a82da8b9e3e2298602de\System.C ore.ni.dll
MOD - [2011/10/12 09:39:11 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xm l.ni.dll
MOD - [2011/10/12 09:39:10 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsB ase.ni.dll
MOD - [2011/10/12 09:39:10 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\17bfc7131aca3a393f430121f79307bd\Syste m.Drawing.ni.dll
MOD - [2011/10/12 09:39:10 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\9211f2faac02f0082b201a95731736c4 \PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 09:39:08 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\4844dd28e0611d1ebd1e449fe822c2a5 \System.Configuration.ni.dll
MOD - [2011/10/12 09:39:07 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011/10/12 09:39:02 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni .dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
MOD - [2005/04/29 16:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/03 22:27:55 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/12/03 22:27:53 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/03/15 12:58:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/29 21:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/12/03 22:25:58 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/03 22:27:55 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/12/03 22:25:58 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/12/03 22:24:23 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/12/03 22:24:23 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/12/03 22:22:36 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/15 13:28:58 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/15 12:24:40 | 000,301,056 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 19:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/27 11:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/20 16:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 16:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 16:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 09:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] --
Reply With Quote
  #27  
Old December 28th, 2011, 03:22 AM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/12/11 21:43:56 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dailykos.com/
IE - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp .dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\J. Michael\AppData\Roaming\Mozilla\plugins\npgoogleta lk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\J. Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dau toplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\J. Michael\AppData\Local\Google\Update\1.3.21.79\npGo ogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\J. Michael\AppData\Local\Google\Update\1.3.21.79\npGo ogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf3 2.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoog leNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dl l
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\J. Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjgh lompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.d ll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Website Logon = C:\Users\J. Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjgh lompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\J. Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\J. Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\
CHR - Extension: Print Plus = C:\Users\J. Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmfccjbmmiihefchodekgaebpo didoem\1.0.3.29_0\
CHR - Extension: avast! WebRep = C:\Users\J. Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Users\J. Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1822810635-4175533143-411407106-1000..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{03824D30-A140-42B1-807E-E06C107F35E4}: DhcpNameServer = 192.168.2.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{757A9FAC-6B8F-4623-AFC3-416C36213E3E}: DhcpNameServer = 150.100.2.6
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1822810635-4175533143-411407106-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 20:57:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\J. Michael\Desktop\OTL.exe
[2011/12/25 23:36:01 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\Desktop\Adverbs
[2011/12/25 23:18:51 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\Desktop\Pics
[2011/12/25 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\Desktop\Clips
[2011/12/25 22:17:17 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\Desktop\Misc MP3s and Albums
[2011/12/25 21:55:34 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\Desktop\537 Exams
[2011/12/23 20:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/23 20:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/23 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/23 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/23 20:33:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/23 20:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/23 20:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/12/20 22:42:17 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/12/20 22:42:17 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/12/20 22:42:17 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/12/20 22:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/20 22:35:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/20 22:35:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/20 22:35:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/20 22:08:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 03:01:40 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/19 03:01:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/19 03:01:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/19 03:01:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/19 03:01:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/19 03:01:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/19 03:01:36 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/19 03:01:36 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/19 03:01:36 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/19 03:01:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/19 03:01:35 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/18 11:53:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/18 11:53:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/18 11:53:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/17 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\AppData\Roaming\Malwarebytes
[2011/12/17 23:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 23:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 23:23:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/17 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/16 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\Desktop\desk
[2011/12/13 17:11:47 | 000,000,000 | ---D | C] -- C:\Users\J. Michael\AppData\Roaming\Mozilla
[2011/12/06 01:38:55 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/04 00:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/03 22:28:43 | 001,965,056 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/12/03 22:28:43 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/12/03 22:28:43 | 000,528,384 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/12/03 22:28:43 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/12/03 22:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/12/03 22:26:57 | 000,557,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/12/03 22:26:29 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2011/12/03 22:24:23 | 000,208,896 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys
[2011/12/03 22:24:23 | 000,091,648 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys
[2011/12/03 22:24:23 | 000,081,920 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\nusb3co2.dll
[2011/12/03 22:23:12 | 001,451,056 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/12/03 22:23:12 | 000,226,600 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/12/03 22:23:12 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2011/12/03 22:23:12 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/12/03 22:23:00 | 000,276,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/12/03 22:23:00 | 000,222,504 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/12/03 22:22:59 | 000,177,448 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll

========== Files - Modified Within 30 Days ==========

[2011/12/27 21:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 20:57:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J. Michael\Desktop\OTL.exe
[2011/12/27 20:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/27 20:16:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1822810635-4175533143-411407106-1000UA.job
[2011/12/27 19:49:45 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/12/27 19:08:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 19:08:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 19:01:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/27 19:00:55 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMOBILE1-HP$.job
[2011/12/27 19:00:38 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 17:16:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1822810635-4175533143-411407106-1000Core.job
[2011/12/27 15:59:47 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/27 15:59:47 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/27 15:59:47 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/26 11:02:28 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJ. Michael.job
[2011/12/23 20:37:31 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/23 20:27:58 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/20 23:26:43 | 000,000,044 | ---- | M] () -- C:\Windows\SysNative\null
[2011/12/20 22:54:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/20 22:42:12 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/12/20 22:42:12 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/12/20 22:42:12 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/12/20 22:42:12 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/12/20 22:35:43 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/20 22:35:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/20 22:35:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/20 22:35:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/12/19 03:21:59 | 000,415,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/17 23:23:39 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 12:02:34 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/06 01:38:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/03 22:27:55 | 004,779,520 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/12/03 22:27:55 | 001,965,056 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/12/03 22:27:55 | 001,128,448 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2011/12/03 22:27:55 | 000,654,336 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/12/03 22:27:55 | 000,528,384 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/12/03 22:27:55 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/12/03 22:27:55 | 000,224,256 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2011/12/03 22:27:54 | 006,382,080 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2011/12/03 22:27:54 | 004,933,120 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2011/12/03 22:27:54 | 001,523,712 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2011/12/03 22:27:54 | 001,029,120 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2011/12/03 22:27:54 | 000,221,184 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll
[2011/12/03 22:27:54 | 000,212,480 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2011/12/03 22:27:53 | 000,442,368 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll
[2011/12/03 22:27:53 | 000,162,304 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll
[2011/12/03 22:27:53 | 000,090,624 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll
[2011/12/03 22:27:53 | 000,068,608 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll
[2011/12/03 22:25:58 | 009,888,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2011/12/03 22:25:58 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2011/12/03 22:24:23 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys
[2011/12/03 22:24:23 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys
[2011/12/03 22:24:23 | 000,081,920 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\nusb3co2.dll
[2011/12/03 22:22:36 | 001,451,056 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/12/03 22:22:36 | 000,226,600 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/12/03 22:22:36 | 000,148,264 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2011/12/03 22:22:36 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/12/03 22:22:36 | 000,066,856 | ---- | M] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/12/03 22:22:35 | 000,411,944 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/12/03 22:22:35 | 000,276,264 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/12/03 22:22:35 | 000,222,504 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/12/03 22:22:35 | 000,177,448 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/12/23 20:37:31 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/23 20:27:58 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/20 23:26:43 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\null
[2011/12/17 23:23:39 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 17:11:28 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1822810635-4175533143-411407106-1000UA.job
[2011/12/13 17:11:28 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1822810635-4175533143-411407106-1000Core.job
[2011/12/03 22:23:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/10/15 14:28:27 | 000,043,989 | ---- | C] () -- C:\Users\J. Michael\AppData\Roaming\UserTile.png
[2011/10/14 17:11:43 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011/10/14 17:11:32 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011/10/14 17:11:24 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2011/08/09 17:17:28 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/08/09 17:17:27 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/08/09 16:06:37 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/09 15:31:31 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/08/09 15:31:31 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/08/09 15:30:59 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/09 15:30:59 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9440cn.dat
[2011/08/09 15:30:59 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/08/09 15:28:43 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/08/09 15:28:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/09 15:28:31 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/05/31 21:21:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/31 21:11:42 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/05/31 21:10:20 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/31 21:10:20 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/31 21:10:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/31 21:10:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/31 21:05:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/08 15:54:49 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/02/22 18:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Files - Unicode (All) ==========
[2011/11/22 11:37:39 | 000,151,535 | ---- | M] ()(C:\Users\J. Michael\Desktop\???? ????.pdf) -- C:\Users\J. Michael\Desktop\وليد عامر.pdf
[2011/11/22 11:37:39 | 000,151,535 | ---- | C] ()(C:\Users\J. Michael\Desktop\???? ????.pdf) -- C:\Users\J. Michael\Desktop\وليد عامر.pdf
< End of report >
Reply With Quote
  #28  
Old December 29th, 2011, 05:32 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Thanks. That's looking good.

We can remove our tools now.

These files can be deleted:
aswmbr.exe
aswmbr.txt
aswmbr.dat
dpart.bat
logfile.txt
Roguekiller.exe and all of the RKreports it created.
-------------

Then run Otl, but don't scan. Press the Cleanup button. This will uninstall Otl.exe.
---------------------------------



Go to each of these sites and update to the latest version .
http://get.adobe.com/flashplayer/com...tivex/?a=false
(For Adobe Reader and Flash Player)

http://java.com/en/download/manual.jsp


Some of these installers, although legitimate, will have extras like the ASK toolbar automatically selected to be installed. Uncheck anything extra and only install what you set out to install originally.
-----------------------------
Be sure everything is in working order. Then we'll flush your old system restore points. They may contain traces of the infection, and if used, could reinfect you.


To flush the restore points:


In Control Panel , open System. Then click System Protection.

When the system properties page appears, click the Configure button.

When the new page opens, click the delete button. Click apply and then ok.


Once the restore points have been flushed, go back in. But this time, instead of clicking the configure button, click the Create Button. Name the restore point.
Reply With Quote
  #29  
Old January 3rd, 2012, 09:04 PM
jmterry jmterry is offline
Senior Member
 
Join Date: Jun 2004
Posts: 345
OK. Great. Thanks so much for all of your help!
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:03 PM.