User Tag List

Selection Links

This is a discussion on Selection Links within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I've ended up with Selection Links attached to Google Chrome. I've tried to remove it in the usual, low-tech


 
 
Thread Tools Search this Thread
Old 03-29-2013, 01:38 PM   #1
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi,

I've ended up with Selection Links attached to Google Chrome. I've tried to remove it in the usual, low-tech savvie ways and it's not worked.

It is not listed in the Programs and Features/Uninstall a Program section of the Control Tab.

Under Chrome Extensions, it is listed but the Enable box cannot be unchecked and there is no Trash Bin icon next to it.

It says under it in Chrome Extensions:

Select words, get links! To uninstall and remove this extension please do so through Windows Add/Remove Programs. For more information go to Select words, get links | SelectionLinks

Recently, to try and get rid of various malware, I've installed the following programs and am wondering if it hijacked onto them:

Spybot Search and Destroy
SuperAntiSpyWare
Malwarebytes

I've also updated my Gom Player

I've since uninstalled all of those. I also uninstalled and reinstalled Chrome without synching anything except one thing - they make you check one box, but I synched no password or extensions. (I can't remember exactly what I synced - whatever seemed most innocuous).

Can anybody out there help?

It would be much appreciated.

Many thanks,

Matt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by asus at 11:05:22 on 2013-03-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8078.5061 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\JustCloud\JustCloud.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\JustCloud\BackupStack.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Facebook Update] "C:\Users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
StartupFolder: C:\Users\asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JUSTCL~1.LNK - C:\Program Files (x86)\JustCloud\JustCloud.exe
StartupFolder: C:\Users\asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 62.24.134.5 62.24.139.9
TCP: Interfaces\{2658532A-3D61-41AE-BDE1-32DF75C78F57} : DHCPNameServer = 62.24.134.5 62.24.139.9
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\browse~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-13 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-10 30648]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-10 41704]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-28 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R2 BackupStack;Computer Backup (JustCloud);C:\Program Files (x86)\JustCloud\BackupStack.exe [2013-3-7 32808]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-28 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-28 161560]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-28 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-28 17152]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-8 16512]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-13 200488]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-13 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-13 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-13 787736]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-5-28 292456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-28 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;C:\eSupport\eDriver\I386\AsPrOb64.sys [2012-5-28 12416]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-03-29 20:08:36 -------- d-----w- C:\Program Files (x86)\MPlayer
2013-03-29 20:05:03 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A28BB85A-71DE-4464-8BD3-B5F9019CDF23}\offreg.dll
2013-03-29 19:02:04 -------- d-----w- C:\Users\asus\AppData\Local\Deployment
2013-03-29 19:02:04 -------- d-----w- C:\Users\asus\AppData\Local\Apps
2013-03-29 18:32:53 -------- d-----w- C:\Users\asus\AppData\Roaming\Glarysoft
2013-03-29 10:17:23 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A28BB85A-71DE-4464-8BD3-B5F9019CDF23}\mpengine.dll
2013-03-28 18:59:53 -------- d-----w- C:\ProgramData\APN
2013-03-28 18:44:26 -------- d-----w- C:\Users\asus\AppData\Roaming\SUPERAntiSpyware.com
2013-03-28 17:34:05 -------- d-----w- C:\Users\asus\AppData\Roaming\Malwarebytes
2013-03-28 17:34:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-28 17:33:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-28 17:33:33 -------- d-----w- C:\Users\asus\AppData\Local\Programs
2013-03-28 16:13:09 -------- d-----w- C:\Program Files (x86)\Safer Networking
2013-03-25 15:50:43 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-24 14:07:18 -------- d-----w- C:\Users\asus\AppData\Local\{1BC40B13-3CDF-4A75-B093-8C4FE760102B}
2013-03-21 10:51:15 -------- d-----w- C:\Program Files\CCleaner
2013-03-12 02:26:57 -------- d-----w- C:\Users\asus\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2013-03-30 09:57:24 380 ----a-w- C:\Users\asus\AppData\Roaming\sp_data.sys
2013-03-15 09:57:31 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 09:57:31 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 1117.85 ===============

Attachments
Attached Files
File Type: zip ark.zip (5.3 KB, 61 views)
mthwrd is offline  
Sponsored Links
Advertisement
 
Old 04-03-2013, 06:56 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    selectionlinks*
    :regfind
    selectionlinks
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Search
  • Once done, a log will be produced. It can also be found at C:\AdwCleaner[R#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2013, 07:42 AM   #3
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi chemist,

Thanks for helping me out with this. It's greatly appreciated.

I ran both SystemLook and AdwCleaner as administrator.

Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:19 on 03/04/2013 by asus
Administrator - Elevation successful

========== folderfind ==========

Searching for "selectionlinks*"
No folders found.

========== regfind ==========

Searching for "selectionlinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SelectionLinks.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}]
@="ISelectionLinksBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SelectionLinks.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SelectionLinks.DLL]

-= EOF =-


# AdwCleaner v2.200 - Logfile created 04/03/2013 at 15:39:29
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : asus - ASUS-PC
# Boot Mode : Normal
# Running from : C:\Users\asus\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\asus\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\asus\AppData\Local\Conduit
Folder Found : C:\Users\asus\AppData\Local\Ilivid Player
Folder Found : C:\Users\asus\AppData\Local\SwvUpdater
Folder Found : C:\Users\asus\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\asus\AppData\LocalLow\Conduit
Folder Found : C:\Users\asus\AppData\LocalLow\PriceGong

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\sprote~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\5f48dd8b635ea46
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4658 octets] - [03/04/2013 15:39:29]

########## EOF - C:\AdwCleaner[R1].txt - [4718 octets] ##########
mthwrd is offline  
Sponsored Links
Advertisement
 
Old 04-03-2013, 07:55 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Matt.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software, Kaspersky, now to avoid potential conflicts.
  • Run the tool by double-clicking JRT.exe. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-click JRT.exe and select 'Run as administrator'.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • When you close the log, the command window will disappear. Then close your 'My Documents' folder.
  • Post the contents of JRT.txt into your next message.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2013, 08:46 AM   #5
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi again,

Here's the info you requested:

# AdwCleaner v2.200 - Logfile created 04/03/2013 at 16:25:57
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : asus - ASUS-PC
# Boot Mode : Normal
# Running from : C:\Users\asus\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\asus\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\asus\AppData\Local\Conduit
Folder Deleted : C:\Users\asus\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\asus\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\asus\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\asus\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\asus\AppData\LocalLow\PriceGong

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\sprote~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\5f48dd8b635ea46
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4773 octets] - [03/04/2013 15:39:29]
AdwCleaner[S1].txt - [4838 octets] - [03/04/2013 16:25:57]

########## EOF - C:\AdwCleaner[S1].txt - [4898 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by asus on Wed 04/03/2013 at 16:33:41.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{1BC40B13-3CDF-4A75-B093-8C4FE760102B}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{1E4B9FBF-0F4A-448C-A4EF-22594F6072D2}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{58D74E61-91ED-4392-BD7F-DBDBF1D9038C}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{5D5F5536-9FFF-4CCC-8865-D475987EED24}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{D0E7300C-5682-459A-8F59-98FBE293F068}



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/03/2013 at 16:41:53.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mthwrd is offline  
Old 04-03-2013, 09:14 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Matt. Unfortuntely, neither tool sees SelectionLinks.

When you clicked on the wrench icon in Chrome then SelectionLinks, were you able to uncheck the checkbox to disable the extension?

If not, you will have to uninstall Chrome, and delete its folder.

Unfortunately, you will lose all bookmarks, passwords, etc. so make a note of them if needed.

------------------------------------------------------

Download the Google Chrome installer and save it to your desktop:

Chrome Browser

Uninstall Google Chrome via Programs and Features in your Control Panel.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\asus\AppData\Local\Google\Chrome"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Reboot your computer. Re-install Google Chrome using the installer you downloaded earlier.

Is SelectionLinks gone in Chrome now?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2013, 10:25 AM   #7
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi chemist,

OK.

Here's what I did:

Uninstalled Google Chrome through: Control Panel/Programs/Programs and Features

Deleted Google folder under: Computer/OS(C:)/Program Files (x86). It was sent to the Recycle Bin and I deleted it from there.

Did a search on OS(C:) for Chrome. There's a load of files there (I can do a screen shot if you like) under Kapersky, as well as others I'm not sure about, that I am being refused permission to delete.

I then ran the Google Chrome Installer, which immediately installed Google Chrome again. I deleted as above. I then saved (clever boy) the Chrome Installer. I followed the rest of the procedure you outlined, inc. rebooting and re-installing Chrome. The Selection Links extension is still there, the box is checked and it cannot be unchecked.

Thanks,

Matt
mthwrd is offline  
Old 04-03-2013, 11:53 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Matt. Did you do the following? If not, start over.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\asus\AppData\Local\Google\Chrome"

A DOS window will open and close again, this is normal.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2013, 12:04 PM   #9
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi,

Yeah, I did that. I tried it twice, just to make sure I hadn't made a mistake. I'm pretty sure I did it correctly. A window did flash open and closed, but so quickly I couldn't tell you if it was a DOS window.

Best,

Matt
mthwrd is offline  
Old 04-03-2013, 12:11 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Matt. Let's try it again to make sure. That should be where everything is stored in Chrome. Just do the following, don't uninstall, re-install Chrome.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\asus\AppData\Local\Google\Chrome"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist log.txt del /s/q log.txt
dir /a /s "C:\Users\asus\AppData\Local\Google\Chrome" > log.txt
notepad log.txt
del %0
Save this as peek.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on peek.bat and choose 'Run as administrator' to allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2013, 12:18 PM   #11
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi again,

Did exactly as you said. This time the DOS window appeared long enough to notice.

I'm currently running Chrome and using it.

Here are the peek.bat test results.

Volume in drive C is OS
Volume Serial Number is 42C1-2967

Directory of C:\Users\asus\AppData\Local\Google\Chrome

04/03/2013 06:32 PM <DIR> .
04/03/2013 06:32 PM <DIR> ..
04/03/2013 08:17 PM <DIR> User Data
0 File(s) 0 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data

04/03/2013 08:17 PM <DIR> .
04/03/2013 08:17 PM <DIR> ..
04/03/2013 08:16 PM <DIR> Default
04/03/2013 08:02 PM 440,949 en-US-3-0.bdic
04/03/2013 08:17 PM 25,986 Local State
04/03/2013 06:32 PM 0 lockfile
04/03/2013 08:06 PM 6,144 Safe Browsing Cookies
04/03/2013 08:06 PM 4,640 Safe Browsing Cookies-journal
5 File(s) 477,719 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default

04/03/2013 08:16 PM <DIR> .
04/03/2013 08:16 PM <DIR> ..
04/03/2013 06:32 PM 57,344 Archived History
04/03/2013 08:14 PM <DIR> Cache
04/03/2013 08:17 PM 58,368 Cookies
04/03/2013 08:17 PM 16,384 Cookies-journal
04/03/2013 08:16 PM 190,608 Current Session
04/03/2013 08:12 PM 128,321 Current Tabs
04/03/2013 08:14 PM <DIR> Extension Rules
04/03/2013 08:14 PM <DIR> Extension State
04/03/2013 08:13 PM 47,104 Favicons
04/03/2013 08:13 PM 16,384 Favicons-journal
04/03/2013 08:13 PM 200,704 History
04/03/2013 06:32 PM 57,344 History Index 2013-03
04/03/2013 08:13 PM 589,824 History Index 2013-04
04/03/2013 08:13 PM 78,488 History Index 2013-04-journal
04/03/2013 08:13 PM 16,928 History-journal
04/03/2013 08:04 PM <DIR> Local Storage
04/03/2013 06:32 PM 12,288 Login Data
04/03/2013 06:32 PM 512 Login Data-journal
04/03/2013 08:14 PM <DIR> Media Cache
04/03/2013 08:04 PM 104,448 Network Action Predictor
04/03/2013 08:04 PM 16,384 Network Action Predictor-journal
04/03/2013 08:05 PM 15,360 Origin Bound Certs
04/03/2013 08:05 PM 3,608 Origin Bound Certs-journal
04/03/2013 08:16 PM 94,043 Preferences
04/03/2013 08:14 PM <DIR> Session Storage
04/03/2013 08:04 PM 12,288 Shortcuts
04/03/2013 08:04 PM 8,720 Shortcuts-journal
04/03/2013 08:12 PM 69,632 Top Sites
04/03/2013 08:12 PM 16,384 Top Sites-journal
04/03/2013 08:14 PM <DIR> User StyleSheets
04/03/2013 07:14 PM 131,072 Visited Links
04/03/2013 08:09 PM 73,728 Web Data
04/03/2013 08:09 PM 10,792 Web Data-journal
26 File(s) 2,027,060 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Cache

04/03/2013 08:14 PM <DIR> .
04/03/2013 08:14 PM <DIR> ..
04/03/2013 06:52 PM 81,920 data_0
04/03/2013 08:07 PM 1,581,056 data_1
04/03/2013 08:07 PM 4,202,496 data_2
04/03/2013 06:32 PM 4,202,496 data_3
04/03/2013 08:14 PM 37,025 f_0000f9
04/03/2013 08:14 PM 416,995 f_0000fa
04/03/2013 08:14 PM 20,631 f_0000fb
04/03/2013 06:32 PM 524,656 index
8 File(s) 11,067,275 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extension Rules

04/03/2013 08:14 PM <DIR> .
04/03/2013 08:14 PM <DIR> ..
04/03/2013 06:32 PM 1,650 000003.log
04/03/2013 06:32 PM 0 LOCK
04/03/2013 06:32 PM 0 LOG
04/03/2013 06:32 PM 50 MANIFEST-000002
4 File(s) 1,700 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extension State

04/03/2013 08:14 PM <DIR> .
04/03/2013 08:14 PM <DIR> ..
04/03/2013 06:32 PM 1,197 000003.log
04/03/2013 06:32 PM 0 LOCK
04/03/2013 06:32 PM 47 LOG
04/03/2013 06:32 PM 50 MANIFEST-000002
4 File(s) 1,294 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage

04/03/2013 08:04 PM <DIR> .
04/03/2013 08:04 PM <DIR> ..
04/03/2013 08:14 PM 3,072 https_plus.google.com_0.localstorage
04/03/2013 08:14 PM 3,608 https_plus.google.com_0.localstorage-journal
04/03/2013 08:04 PM 3,072 https_www.facebook.com_0.localstorage
04/03/2013 08:04 PM 512 https_www.facebook.com_0.localstorage-journal
4 File(s) 10,264 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Media Cache

04/03/2013 08:14 PM <DIR> .
04/03/2013 08:14 PM <DIR> ..
04/03/2013 06:32 PM 45,056 data_0
04/03/2013 06:32 PM 270,336 data_1
04/03/2013 06:32 PM 1,056,768 data_2
04/03/2013 06:32 PM 8,192 data_3
04/03/2013 06:32 PM 524,656 index
5 File(s) 1,905,008 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Session Storage

04/03/2013 08:14 PM <DIR> .
04/03/2013 08:14 PM <DIR> ..
04/03/2013 06:33 PM 926,660 000003.log
04/03/2013 06:33 PM 0 LOCK
04/03/2013 06:33 PM 47 LOG
04/03/2013 06:33 PM 50 MANIFEST-000002
4 File(s) 926,757 bytes

Directory of C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets

04/03/2013 08:14 PM <DIR> .
04/03/2013 08:14 PM <DIR> ..
04/03/2013 08:14 PM 0 Custom.css
1 File(s) 0 bytes

Total Files Listed:
61 File(s) 16,417,077 bytes
29 Dir(s) 229,115,240,448 bytes free
mthwrd is offline  
Old 04-03-2013, 05:54 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Matt. So everything is OK with Chrome now?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Right-click mbam-setup.exe and choose 'Run as administrator' to install it.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-04-2013, 03:47 AM   #13
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi,

No, Chrome is still infected with Selection Links, same as before. The checkbox refuses to be unchecked and there's no trash bin icon.

I ran the two scans as instructed, having disabled Kapersky, and the results are below.

Many thanks for all your troubles with this.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
Malwarebytes : Free anti-malware download

Database version: v2013.04.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
asus :: ASUS-PC [administrator]

Protection: Disabled

4/4/2013 9:48:02 AM
mbam-log-2013-04-04 (09-48-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230928
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\CCE_Quarantine\{549E9828-AB05-4DCD-A564-E9CE180157ED} a variant of Win32/InstallCore.AY application
C:\CCE_Quarantine\{61A4023A-442F-4EC8-9BDF-0024E8D7B79B} Win32/InstalleRex.E.Gen application
C:\CCE_Quarantine\{E35CE6C0-DB27-412B-8F9C-6A069C3C2E5A} a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave12.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave13.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave17.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave18.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave22.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave23.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave27.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave28.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave32.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave33.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave37.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave38.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave8.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage29.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave12.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave13.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave17.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave18.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave22.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave23.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave27.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave28.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave32.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave33.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave37.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave38.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave8.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage29.zip Win32/Bagle.gen.zip worm
C:\Users\asus\Downloads\AdobeFlash_setup (1).exe a variant of Win32/InstallCore.AZ application
C:\Users\asus\Downloads\AdobeFlash_setup.exe a variant of Win32/InstallCore.AZ application
C:\Users\asus\Downloads\annie_hall_english_spanish_subtitles.exe Win32/InstalleRex.E.Gen application
C:\Users\asus\Downloads\Setup (1).exe a variant of Win32/Adware.iBryte.G application
C:\Users\asus\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application
D:\cbsidlm-tr1_11-RootAlyzer-ORG-75325078.exe Win32/DownloadAdmin.G application
D:\cbsidlm-tr1_12-RunAlyzer-ORG-10974364.exe Win32/DownloadAdmin.G application
D:\cbsidlm-tr1_6-iDailyDiary_Free-10211308.exe Win32/DownloadAdmin.G application
D:\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
D:\PhD\Sussex University\cnet_JPG-to-PDF-Converter-Setup_exe.exe a variant of Win32/InstallCore.D application
I:\PhD\cnet_JPG-to-PDF-Converter-Setup_exe.exe a variant of Win32/InstallCore.D application
mthwrd is offline  
Old 04-04-2013, 04:07 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Matt. Never had trouble deleting everything in Chrome before this way.

When you uninstall Chrome and are given the option to delete your profile, do you choose 'Yes'?

Don't try it yet, just answer my question please.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\CCE_Quarantine\{549E9828-AB05-4DCD-A564-E9CE180157ED}"
"C:\CCE_Quarantine\{61A4023A-442F-4EC8-9BDF-0024E8D7B79B}"
"C:\CCE_Quarantine\{E35CE6C0-DB27-412B-8F9C-6A069C3C2E5A}"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave12.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave13.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave17.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave18.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave2.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave22.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave23.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave27.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave28.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave3.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave32.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave33.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave37.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave38.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave7.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave8.zip"
"C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage29.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave12.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave13.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave17.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave18.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave2.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave22.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave23.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave27.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave28.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave3.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave32.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave33.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave37.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave38.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave7.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave8.zip"
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage29.zip"
"C:\Users\asus\Downloads\AdobeFlash_setup (1).exe"
"C:\Users\asus\Downloads\AdobeFlash_setup.exe"
"C:\Users\asus\Downloads\annie_hall_english_spanish_subtitles.exe"
"C:\Users\asus\Downloads\Setup (1).exe"
"C:\Users\asus\Downloads\Setup.exe"
"D:\cbsidlm-tr1_11-RootAlyzer-ORG-75325078.exe"
"D:\cbsidlm-tr1_12-RunAlyzer-ORG-10974364.exe"
"D:\cbsidlm-tr1_6-iDailyDiary_Free-10211308.exe"
"D:\iLividSetupV1.exe"
"D:\PhD\Sussex University\cnet_JPG-to-PDF-Converter-Setup_exe.exe"
"I:\PhD\cnet_JPG-to-PDF-Converter-Setup_exe.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\CCE_Quarantine\{549E9828-AB05-4DCD-A564-E9CE180157ED}"
"C:\CCE_Quarantine\{61A4023A-442F-4EC8-9BDF-0024E8D7B79B}"
"C:\CCE_Quarantine\{E35CE6C0-DB27-412B-8F9C-6A069C3C2E5A}"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-04-2013, 04:29 AM   #15
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi,

Yes, this malware is pure evil. Thank you for your persistence. Yes, I chose to delete everything. If memory serves, there were two boxes you could check and I checked both - for as full a deletion as poss.

Thanks again,

Matt
mthwrd is offline  
Old 04-04-2013, 04:37 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Matt. You're very welcome.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    chrome
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-04-2013, 04:37 AM   #17
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi,

Sorry, forgot the second stage. I copied and pasted the text into notepad, saved it as fix.bat All Files, then closed Notepad. I right-clicked the desktop icon, ran it as admin. and it said: Deleted Successfully! Press any key to continue... I hit the spacebar and it disappeared. The window closed and the file has gone from the desktop.

Thanks,

Matt
mthwrd is offline  
Old 04-04-2013, 04:40 AM   #18
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Here's the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:39 on 04/04/2013 by asus
Administrator - Elevation successful

========== folderfind ==========

Searching for "chrome"
C:\Program Files (x86)\Google\Chrome d------ [17:32 03/04/2013]
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]\chrome d------ [18:58 24/11/2012]
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]\chrome d------ [18:58 24/11/2012]
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]\chrome d------ [18:58 24/11/2012]
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]\chrome d------ [18:58 24/11/2012]
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]\chrome d------ [18:58 24/11/2012]
C:\Users\asus\AppData\Local\Google\Chrome d------ [17:32 03/04/2013]

-= EOF =-
mthwrd is offline  
Old 04-04-2013, 04:58 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Matt.

Download OTL.exe to your desktop.

Double-click the icon to start the tool.
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.Txt, on Desktop.
Please copy/paste the contents of OTL.Txt in your next reply and attach the Extras.Txt to your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-04-2013, 05:27 AM   #20
Registered Member
 
Join Date: Mar 2013
Posts: 26
OS: Windows 7 Home Premium Service Pack 1



Hi there,

Extras txt attached. Here's the OTL text:

OTL logfile created on: 4/4/2013 1:07:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 52.48% Memory free
15.78 Gb Paging File | 11.60 Gb Available in Paging File | 73.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 212.57 Gb Free Space | 76.07% Space Free | Partition Type: NTFS
Drive D: | 393.86 Gb Total Space | 152.70 Gb Free Space | 38.77% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/04 13:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Desktop\OTL.exe
PRC - [2013/03/21 23:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/31 03:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/24 0940 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/24 20:04:37 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/11/08 03:26:52 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2012/05/28 01:38:00 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012/02/29 02:19:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/02/29 02:19:02 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/02/21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/21 20:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/17 02:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012/02/17 02:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2012/02/07 05:12:52 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/07 03:32:34 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/02/07 03:32:30 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/01/30 22:32:16 | 001,120,936 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/29 23:27:48 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/12/23 09:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/12/22 12:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/12/21 22:15:54 | 000,017,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
PRC - [2011/11/21 07:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011/11/21 07:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/10/24 10:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2011/10/19 02:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/10/03 19:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2010/08/20 17:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/19 03:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 03:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 10:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 14:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 23:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013/03/21 23:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013/03/21 23:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/21 23:49:41 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013/03/21 23:49:40 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013/03/21 23:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013/03/07 21:14:25 | 003,982,848 | ---- | M] () -- C:\Program Files (x86)\JustCloud\MPCBIconOverlays.dll
MOD - [2013/02/14 13:52:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 07:26:48 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 07:26:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f1ed9259488bd5e34e4ff4bf2f01687\System.Data.ni.dll
MOD - [2013/01/10 07:26:47 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/10 07:26:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 07:26:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 07:26:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 07:26:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 07:26:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/08 03:26:52 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/08/06 10:54:24 | 009,843,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2012/03/04 21:22:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012/02/07 03:32:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012/01/13 01:17:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/11 10:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/11/05 02:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/20 17:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 17:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2010/07/13 14:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 10:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/24 02:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 06:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/02 03:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/02 03:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/02 03:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/02 03:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
MOD - [2010/04/18 14:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\JustCloud\x86\System.Data.SQLite.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2007/07/12 19:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/03 06:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/03/04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/15 10:57:32 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 21:13:35 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\JustCloud\BackupStack.exe -- (BackupStack)
SRV - [2013/01/31 03:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/24 20:04:37 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/02/29 02:19:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/29 02:19:02 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/22 08:18:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/21 20:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/02/17 02:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/29 23:27:48 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/12/29 23:09:24 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/11/21 07:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 07:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/29 11:34:47 | 000,030,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/11/24 20:14:46 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/11/24 20:14:45 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/10/25 14:19:54 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 14:19:54 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/13 17:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/10 03:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/26 22:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 08:18:14 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/20 03:31:14 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/02/19 19:16:24 | 000,200,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/02/18 07:50:33 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/18 07:50:33 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/07 05:12:56 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/07 05:12:54 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/07 05:12:54 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/30 22:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/11 05:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/29 23:18:54 | 000,548,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/12/29 23:18:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/12/29 23:17:54 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/12/29 23:17:24 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/12/29 23:17:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/12/29 23:16:54 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/12/29 23:16:36 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/12/29 23:16:18 | 000,338,592 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/12/28 08:15:50 | 000,292,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2011/12/23 04:09:00 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/12/21 22:15:56 | 000,035,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVBus.sys -- (AsusVBus)
DRV:64bit: - [2011/11/10 09:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/08 03:48:28 | 000,016,512 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVTouch.sys -- (AsusVTouch)
DRV:64bit: - [2011/08/23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/11/20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/01/30 22:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011/09/07 02:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2010/05/26 03:45:48 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\eSupport\eDriver\I386\AsPrOb64.sys -- (ASUSProcObsrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 10:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [1999/09/10 1200 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{99D0D760-3F8D-4569-8809-0042FEA61C2F}: "URL" = https://www.bing.com/search?q={searchTerms}&r=398
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/12/21 09:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/12/21 09:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/12/21 09:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/12/21 09:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/12/21 09:33:22 | 000,000,000 | ---D | M]

[2013/02/25 20:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2013/02/25 20:58:15 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/09/23 13:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: WhiteSmoke B = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.15.0.562_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk = C:\Program Files (x86)\JustCloud\JustCloud.exe (JustCloud.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.24.134.5 62.24.139.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2658532A-3D61-41AE-BDE1-32DF75C78F57}: DhcpNameServer = 62.24.134.5 62.24.139.9
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/04 13:07:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\asus\Desktop\OTL.exe
[2013/04/04 10:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/04 10:01:43 | 002,347,384 | ---- | C] (ESET) -- C:\Users\asus\Desktop\esetsmartinstaller_enu.exe
[2013/04/04 09:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/04 09:47:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/04 09:44:32 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\asus\Desktop\mbam-setup-1.70.0.1100.exe
[2013/04/03 18:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/03 18:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/04/03 18:10:58 | 034,228,344 | ---- | C] (Google Inc.) -- C:\Users\asus\Desktop\ChromeStandaloneSetup.exe
[2013/04/03 16:33:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/03 16:32:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/03 16:32:03 | 000,551,246 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\asus\Desktop\JRT.exe
[2013/04/01 19:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/03/31 20:09:29 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2013/03/31 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\asus\Desktop\rkill
[2013/03/30 12:27:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/29 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPlayer
[2013/03/29 20:02:04 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Deployment
[2013/03/29 20:02:04 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Apps
[2013/03/29 19:32:53 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Glarysoft
[2013/03/28 19:44:26 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/28 18:34:05 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Malwarebytes
[2013/03/28 18:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/28 18:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/28 18:33:33 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Programs
[2013/03/28 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2013/03/25 16:50:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/21 14:57:27 | 000,000,000 | ---D | C] -- C:\Users\asus\Documents\OneNote Notebooks
[2013/03/15 10:55:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/15 10:55:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/15 10:55:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/15 10:55:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/15 10:55:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/15 10:55:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/15 10:55:28 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/15 10:55:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/15 10:55:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/15 10:55:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/15 10:55:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/15 10:55:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/15 10:55:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/15 10:55:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/15 10:55:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/15 10:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/15 10:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/15 10:54:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 03:26:57 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Microsoft Games
[2013/03/08 15:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2013/03/08 15:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd

========== Files - Modified Within 30 Days ==========

[2013/04/04 13:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Desktop\OTL.exe
[2013/04/04 12:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/04 12:42:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 12:40:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3832226981-1135813013-2040255317-1001UA.job
[2013/04/04 12:40:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3832226981-1135813013-2040255317-1001Core.job
[2013/04/04 12:38:21 | 000,165,376 | ---- | M] () -- C:\Users\asus\Desktop\SystemLook_x64 (1).exe
[2013/04/04 11:11:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/04/04 10:07:28 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 10:07:28 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 10:07:28 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/04 10:01:43 | 002,347,384 | ---- | M] (ESET) -- C:\Users\asus\Desktop\esetsmartinstaller_enu.exe
[2013/04/04 09:47:20 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/04 09:44:59 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\asus\Desktop\mbam-setup-1.70.0.1100.exe
[2013/04/04 09:38:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 09:38:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 09:31:32 | 000,002,285 | ---- | M] () -- C:\Users\asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 09:31:20 | 000,000,380 | ---- | M] () -- C:\Users\asus\AppData\Roaming\sp_data.sys
[2013/04/04 09:30:56 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/04/04 09:30:52 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 09:30:45 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/04/04 09:30:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 09:30:36 | 2057,707,519 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/03 18:32:09 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/03 18:11:39 | 034,228,344 | ---- | M] (Google Inc.) -- C:\Users\asus\Desktop\ChromeStandaloneSetup.exe
[2013/04/03 18:07:35 | 000,001,256 | ---- | M] () -- C:\Users\asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/03 16:32:07 | 000,551,246 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\asus\Desktop\JRT.exe
[2013/04/03 15:38:37 | 000,613,083 | ---- | M] () -- C:\Users\asus\Desktop\AdwCleaner.exe
[2013/04/03 15:17:49 | 000,165,376 | ---- | M] () -- C:\Users\asus\Desktop\SystemLook_x64.exe
[2013/03/31 18:47:17 | 000,002,204 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/03/30 12:41:24 | 000,002,074 | ---- | M] () -- C:\Users\asus\Desktop\ark.zip
[2013/03/30 12:26:40 | 746,781,587 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/29 11:56:57 | 000,001,877 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/03/28 20:19:45 | 000,000,157 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/28 14:12:59 | 000,001,051 | ---- | M] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/28 14:12:51 | 000,001,017 | ---- | M] () -- C:\Users\asus\Desktop\Dropbox.lnk
[2013/03/21 15:38:18 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2013/03/21 14:58:39 | 000,001,298 | ---- | M] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/03/21 14:57:05 | 000,438,272 | ---- | M] () -- C:\Users\asus\Documents\Database1.accdb
[2013/03/15 10:57:31 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/15 10:57:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/04/04 12:38:21 | 000,165,376 | ---- | C] () -- C:\Users\asus\Desktop\SystemLook_x64 (1).exe
[2013/04/04 09:47:20 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/03 18:32:09 | 000,002,285 | ---- | C] () -- C:\Users\asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/03 18:32:09 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/03 18:31:59 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/03 18:31:57 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/03 15:38:31 | 000,613,083 | ---- | C] () -- C:\Users\asus\Desktop\AdwCleaner.exe
[2013/04/03 15:17:48 | 000,165,376 | ---- | C] () -- C:\Users\asus\Desktop\SystemLook_x64.exe
[2013/03/30 12:41:24 | 000,002,074 | ---- | C] () -- C:\Users\asus\Desktop\ark.zip
[2013/03/30 12:26:40 | 746,781,587 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/28 20:19:45 | 000,000,157 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/28 13:32:20 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3832226981-1135813013-2040255317-1001UA.job
[2013/03/28 13:32:19 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3832226981-1135813013-2040255317-1001Core.job
[2013/03/21 14:57:31 | 000,001,298 | ---- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/03/21 14:56:28 | 000,438,272 | ---- | C] () -- C:\Users\asus\Documents\Database1.accdb
[2013/03/15 18:39:10 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2013/03/15 18:39:10 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/12/26 15:40:47 | 000,000,663 | ---- | C] () -- C:\Users\asus\AppData\Local\cookies.ini
[2012/10/19 09:36:14 | 000,187,904 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe
[2012/10/19 09:36:14 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\Lame_enc.dll
[2012/10/19 09:36:13 | 000,641,021 | ---- | C] () -- C:\Windows\unins000.exe
[2012/10/19 09:36:13 | 000,001,676 | ---- | C] () -- C:\Windows\unins000.dat
[2012/07/18 05:14:56 | 000,000,380 | ---- | C] () -- C:\Users\asus\AppData\Roaming\sp_data.sys
[2012/03/13 10:08:55 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/03/13 10:08:49 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/03/13 10:08:47 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/13 10:08:45 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/02/18 08:36:19 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/03 06:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Attached Files
File Type: txt Extras.Txt (73.7 KB, 62 views)
mthwrd is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Modern UI Links don't work
None of my links actually open up to a browser page when I click them in the Modern UI Evernote, Bing Search, XBox Games (including the "Play" link) or any other start screen app that has links. They do work while in the browsers. I updated from Windows 7 keeping apps and files etc. I had...
Sommers Windows 8, 8.1 Support 0 10-31-2012 01:00 PM
Published: Facebook Security
https://i517.photobucket.com/albums/u340/someguy20111/FeaturedImage.jpg A Guide to Facebook Security – What are the risks? With over 600 Million active users, Facebook has become the largest and most widely used social networking site in existence. However, this widespread usage has not been...
Will Watts Dead-Sea Scrolls 11 01-03-2012 10:34 AM
Opening a selection of links on a page
Hi, I have two columns of links on a webpage. Is there any hack/addon/shortcut way to select or 'lasso' the first column of links and have them all open in new tabs? Currently I have to control-click or right click > open in new tab each one which is very time consuming! Oh yeah, it must...
RandmTask Internet Explorer & Edge Forum 1 08-23-2011 03:51 AM
Pending: Power Supply Information and Selection
CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must be evaluated...
Tumbleweed36 Dead-Sea Scrolls 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:53 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts