[Closed] Rootkit found

By Padredw
Nov 16, 2012
Topic Status:
Not open for further replies.
  1. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    OK hope that went as desired. Will just report that the AVAST message about Rootkit appeared again:

    SVC:mrxsmb14>system32\DRIVERS\mrxsmb10.SysE'
  2. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Here is the EXTRAS.TXT

    OTL Extras logfile created on: 11/20/2012 8:46:32 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 52.71% Memory free
    7.81 Gb Paging File | 5.81 Gb Available in Paging File | 74.46% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.24 Gb Total Space | 71.45 Gb Free Space | 64.23% Space Free | Partition Type: NTFS

    Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07A99DB6-FEB6-432B-8B6A-F700E24B99BC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{12D04B65-7E09-4963-9D0C-41499B6A6BFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{166FA973-2B64-4DD0-BE66-963A0758E1AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{17F486CE-63E5-47E0-BF95-0D5830D841C9}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2E0E9E85-043E-4036-81BA-0A5BDD62C97C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3CEC3A54-1617-4468-A250-A2CA67D1A543}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3E63850B-B151-4A10-AD01-2CEC6F3B045A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3ED4FC2A-3D2A-42F6-A2FF-9249A9BE3EB2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{699F7A6F-D63E-4B59-92A4-89706F2BB345}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7081D260-9409-4793-B02F-BE1796177D39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7C1141BC-88FC-4B1E-8C95-EABFB3D9A901}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{838273E3-16C9-421A-A695-32BE9C70AF3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A6FA3F52-DACD-4DC6-9760-F0940C776AED}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A73DE6D3-EA1F-4D7F-8118-A9AC01593523}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A7F1DCEE-E13E-4CF3-8D2E-07CAC64A8503}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A9B37307-27C3-4E2F-8604-6FF568BA3BB5}" = lport=445 | protocol=6 | dir=in | app=system |
    "{AD2D4D0C-7ADB-4E22-BD70-B16DC3A384BE}" = rport=138 | protocol=17 | dir=out | app=system |
    "{BBA1DEB4-7C45-4558-B84E-A61924C65606}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D253A2C5-80B0-48CC-BE41-4B373152E316}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D397B4BD-AA49-4229-89DF-2609DFCA57F0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D5F4D59D-7748-4FC5-A043-9B5E7B385D04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DB502312-15E2-4562-8580-0BF9A2875BA0}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E162F97B-257C-452A-A0CD-32FB98F550F1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F1C3E909-19A2-4A13-9284-721D2B7BC942}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{F44A415D-3D6B-401B-BF79-2D514D4A233C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F7D4F805-DFFE-429A-B989-E45733AA6D02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AFA925B-1969-44FE-9AB1-9D782E64625B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0B8AC230-A037-4717-BBCD-7625506A1CC0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{0FBDDCC9-B056-4B02-BC2D-C06B9FD82797}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{12A6E9C4-4F97-431A-BB28-2EDFEAC40596}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{195329F7-49B7-47FA-BF4D-5FC738502C34}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{225CFD1A-2CD5-41D7-BC8B-13AF16C2AA76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{376B9571-92E4-40A8-AE23-DDC139496954}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{3D7DC975-F348-4850-8388-2D5A41952924}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{42EE006C-425E-4ABE-BAC7-8625CD2FC7A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4A1F0DE7-9A6A-4849-92B5-EE9E8E2EEA18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4A5A04A5-8160-41A6-AB35-934975C4EABD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4D0B191E-57C3-4B04-879A-1E9FA3B66207}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{500C108A-1176-4B64-884D-3883489B9F3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{61516047-33BC-4408-A48E-CAE4FA977599}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{63A1D1AC-CC3F-4CC0-A2B4-B57AF2AFACA6}" = protocol=6 | dir=out | app=system |
    "{796C8EE3-3B18-46C6-B44C-95B1311573DA}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
    "{7A6DB55B-0EBE-4A17-940C-B816E6E74017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7DE2D04C-A5DB-40A8-8713-C07D08E266BB}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
    "{8607BF7E-409B-469D-B20C-D0BE78E6194F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8ACA1F4B-7A70-4445-BBB3-9F7A0FB410EA}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
    "{8DB2682B-C240-49D4-83FC-99199D766EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{927088F2-C849-4406-97F8-841DA95370C7}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
    "{9311E0C9-43C4-48F1-BFA3-46CC37CA7E24}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{AC727256-6EE0-45C6-8065-4D9A01BBE041}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
    "{AD69F378-F196-4D6F-96C0-A43714E3DF48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B604405B-D902-4921-96AD-B1A8638A0D8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B8C0BFC5-4657-4259-9B6F-1056C919280A}" = dir=in | app=c:\users\padredw\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{BF0F0FA6-8F7E-48A5-B40A-3F1AD3E9A295}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{D2D63729-28A7-4FA0-A0FC-D1B47BCE6E92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D4CD7096-AE21-49E2-A045-CA2A364614DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E59846E7-A660-43D6-B551-F16FCDCCF83C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E6D7B2A9-4522-47EF-BA12-74B1972425B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E86FB507-1818-4FC7-B382-C9C9779666E1}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
    "{E97023BE-1B03-425C-B768-0A4C9BF81586}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{FA329BE1-0283-4DC5-A450-2488C445FDCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01E66AC4-B28B-494C-993D-3CD17020BEBC}" = Fresco Logic USB3.0 Host Controller
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.441
    "{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
    "{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
    "{749BE6FF-815E-4F36-901B-7AC301B50330}" = Windows Live Family Safety
    "{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "Elantech" = ETDWare PS/2-X64 10.0.5.2_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93}" = ThumbsPlus
    "{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
    "{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}" = ASUS PowerWiz
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
    "{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
    "{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
    "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Asus Vibe2.0" = AsusVibe2.0
    "ASUS WebStorage" = ASUS WebStorage
    "avast" = avast! Free Antivirus
    "BabylonToolbar" = Babylon toolbar on IE
    "FileZilla Client" = FileZilla Client 3.5.3
    "Google Chrome" = Google Chrome
    "Icon Restore_is1" = Icon Restore 1.0
    "IncrediMail" = IncrediMail 2.0
    "InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nvu_is1" = Nvu 1.0PR
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
    "TeamViewer 7" = TeamViewer 7
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoforFiles" = GoforFiles
    "ThumbsPlus" = ThumbsPlus

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/18/2012 4:58:13 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 7010
    Description =

    Error - 11/18/2012 4:58:43 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3057
    Description =

    Error - 11/18/2012 4:58:43 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3029
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = ESENT | ID = 490
    Description = Windows (5776) Windows: An attempt to open the file "C:\Windows\system32\Windows.edb"
    for read / write access failed with system error 5 (0x00000005): "Access is denied.
    ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 9000
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 7040
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 9002
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3029
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3029
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3028
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3058
    Description =

    Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 7010
    Description =

    [ System Events ]
    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1075

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
    Description = The Workstation service depends the following service: MRxSmb20. This
    service might not be installed.

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1075

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
    Description = The Workstation service depends the following service: MRxSmb20. This
    service might not be installed.

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1075

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
    Description = The Workstation service depends the following service: MRxSmb20. This
    service might not be installed.

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1075

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
    Description = The Workstation service depends the following service: MRxSmb20. This
    service might not be installed.

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1075

    Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
    Description = The Workstation service depends the following service: MRxSmb20. This
    service might not be installed.


    < End of report >
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Open OTL, click the None button, copy and paste this to the Custom Scans/Fixes box and hit Run Scan:

    2083006
  4. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    OK, if I understood correctly, I get this much shorter txt file:

    OTL logfile created on: 11/21/2012 11:22:05 AM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.15% Memory free
    7.81 Gb Paging File | 6.00 Gb Available in Paging File | 76.90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.24 Gb Total Space | 73.89 Gb Free Space | 66.42% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32
    Drive E: | 58.20 Gb Total Space | 57.19 Gb Free Space | 98.27% Space Free | Partition Type: FAT32

    Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < 2083006 >

    < End of report >
  5. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    If I may post an image file. This is the original report of problem:

    [​IMG]
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's right. Good job. Sorry for delay. I just came back from my short vacation. :)

    Open OTL, click the None button, copy and paste this to the Custom Scans/Fixes box and hit Run Scan:

    mrxsmb*
    mrxsmb*.*
  7. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Hope this will send [not too many characters] REPORT:

    OTL logfile created on: 11/23/2012 2:00:24 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.36% Memory free
    7.81 Gb Paging File | 5.66 Gb Available in Paging File | 72.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.24 Gb Total Space | 73.35 Gb Free Space | 65.94% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

    Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Modules (No Company Name) ==========

    MOD - [2012/10/08 18:58:29 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    MOD - [2012/09/08 07:08:43 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
    MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
    MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    MOD - [2003/02/21 18:38:54 | 000,028,672 | ---- | M] () -- D:\Program Files (x86)\ThumbsPlus\Bin\cwebpage.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
    DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
    DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Window?\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:?/go?mic?osoft.com/f?lin?/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={sear...SP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1pb9F3Lvbfa
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
    [2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
    [2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
    [2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    [2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/19 17:10:14 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - default_search_provider: MyStart Search ()
    CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Web Assistant = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\
    CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk = C:\Users\Padredw\AppData\Local\Temp\_uninst_61846147.bat ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O13 - gopher Prefix: missing
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\javascript - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local - No CLSID value found
    O18:64bit: - Protocol\Handler\mailto - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\javascript - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\local - No CLSID value found
    O18 - Protocol\Handler\mailto - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  8. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    PART TWO: same report

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
    [2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
    [2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
    [2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
    [2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
    [2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
    [2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
    [2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/23 13:55:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2012/11/23 13:55:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/23 13:54:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/23 13:54:54 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/21 13:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/21 12:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
    [2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
    [2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
    [2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 15:07:25 | 000,001,015 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
    [2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 15:07:25 | 000,001,015 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < mrxsmb* >

    < mrxsmb*.* >

    < End of report >
  9. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
    [2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
    [2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
    [2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
    [2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
    [2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
    [2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
    [2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/23 13:55:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2012/11/23 13:55:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/23 13:54:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/23 13:54:54 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/21 13:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/21 12:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
    [2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
    [2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
    [2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 15:07:25 | 000,001,015 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
    [2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 15:07:25 | 000,001,015 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < mrxsmb* >

    < mrxsmb*.* >

    < End of report >
  10. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    I think the second part of the report was duplicated. Some error in sending. Let me know if it did not come through.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • One to Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these one to two log files in your next reply.
     
  12. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    [​IMG]
    OK, still doing my best to follow instructions. Ran Malwarebytes Anti-Rootkit and got the response:

    [​IMG]
  13. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    However. I got these same two messages at startup just before reading your instructions and scanning as directed:


    [​IMG]


    [​IMG]
  14. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Using my desktop. Problem connecting from Notebook:
    [​IMG]
  15. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    So here is the file I was trying to send:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 1.696000 GHz
    Memory total: 4192882688, free: 2586247168

    ------------ Kernel report ------------
    11/24/2012 10:36:51
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\Drivers\assd.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\System32\Drivers\rdbss.SYS
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\AiCharger.sys
    \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\ETD.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbfiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\btath_bus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\Drivers\RtsUVStor.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\btfilter.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\TurboB.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btath_rcp.sys
    \SystemRoot\system32\drivers\btath_avdt.sys
    \SystemRoot\system32\drivers\btath_a2dp.sys
    \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    \SystemRoot\system32\DRIVERS\btath_hcrp.sys
    \SystemRoot\system32\DRIVERS\btath_flt.sys
    \SystemRoot\system32\DRIVERS\btath_lwflt.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\kernel32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\nsi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\user32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\lpk.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ole32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8008b31270
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007e\
    Lower Device Object: 0xfffffa8008ab5b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004dbc060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xfffffa80047c4050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2012.11.24.06
    Downloaded database version: v2012.11.19.01
    Initializing...
    Done!
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004dbc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004c539d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004dbc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800478f640, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80047c4050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a00350e700, 0xfffffa8004dbc060, 0xfffffa8003ed4790
    Lower DeviceData: 0xfffff8a00bb31ca0, 0xfffffa80047c4050, 0xfffffa8004079090
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 13BA8FCF

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 233287680
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 233289728 Numsec = 16777216

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8008b31270, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008a9d4d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008b31270, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008ab5b60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a00d5aa7b0, 0xfffffa8008b31270, 0xfffffa8004b2f790
    Lower DeviceData: 0xfffff8a00b7e2f20, 0xfffffa8008ab5b60, 0xfffffa80096c81e0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5B6AC646

    Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 312576642

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 1.696000 GHz
    Memory total: 4192882688, free: 2562359296
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Post new log from OTL please.
  17. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    OTL logfile created on: 11/25/2012 1:14:25 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 61.15% Memory free
    7.81 Gb Paging File | 6.16 Gb Available in Paging File | 78.90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.24 Gb Total Space | 71.68 Gb Free Space | 64.43% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

    Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Modules (No Company Name) ==========

    MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
    MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
    MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
    DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
    DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Window?\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:?/go?mic?osoft.com/f?lin?/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={sear...SP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1pb9F3Lvbfa
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
    [2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
    [2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
    [2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    [2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/19 17:10:14 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - default_search_provider: MyStart Search ()
    CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Web Assistant = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\
    CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - Startup: C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk = C:\Users\Padredw\AppData\Local\Temp\_uninst_61846147.bat ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O13 - gopher Prefix: missing
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\javascript - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local - No CLSID value found
    O18:64bit: - Protocol\Handler\mailto - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\javascript - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\local - No CLSID value found
    O18 - Protocol\Handler\mailto - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL


    Then, once that's done, run one more scan from OTL and post a FULL log, please. :)
  19. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/24 10:32:49 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\mbar
    [2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
    [2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
    [2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
    [2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
    [2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
    [2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
    [2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
    [2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/25 13:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/25 13:14:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/25 13:14:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/25 13:07:05 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2012/11/25 13:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/25 13:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/25 13:06:52 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/24 19:20:16 | 000,040,663 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
    [2012/11/24 10:48:45 | 000,053,262 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
    [2012/11/23 18:21:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
    [2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
    [2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
    [2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 15:07:25 | 000,001,015 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
    [2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/24 19:20:15 | 000,040,663 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
    [2012/11/24 10:48:45 | 000,053,262 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
    [2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 15:07:25 | 000,001,015 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
  20. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Here is the first short file. I will now run OTL the second time.


    Files\Folders moved on Reboot...
    C:\Users\Padredw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  21. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    PART ONE:

    OTL logfile created on: 11/26/2012 12:36:57 PM - Run 6
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.72% Memory free
    7.81 Gb Paging File | 6.01 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.24 Gb Total Space | 71.98 Gb Free Space | 64.71% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

    Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/20 08:45:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Padredw\Downloads\OTL(1).exe
    PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/06/20 17:21:46 | 001,556,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    PRC - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    PRC - [2012/02/16 17:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    PRC - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    PRC - [2011/12/23 15:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2011/12/22 18:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2011/12/05 16:21:50 | 000,646,808 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
    PRC - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2011/10/24 16:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2011/10/04 14:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    PRC - [2011/10/04 14:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
    PRC - [2011/10/03 13:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/09 00:10:06 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/06/29 18:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2008/12/22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/13 20:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
    MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
    MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
    DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
    DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Window?\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:?/go?mic?osoft.com/f?lin?/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
    [2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
    [2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
    [2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
    [2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    [2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/19 17:10:14 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - default_search_provider: MyStart Search ()
    CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O13 - gopher Prefix: missing
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\javascript - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local - No CLSID value found
    O18:64bit: - Protocol\Handler\mailto - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\javascript - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\local - No CLSID value found
    O18 - Protocol\Handler\mailto - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  22. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    PART TWO:



    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/26 12:29:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/11/24 10:32:49 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\mbar
    [2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
    [2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
    [2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
    [2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
    [2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
    [2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
    [2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
    [2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
    [2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
    [2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
    [2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/26 12:38:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/26 12:38:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/26 12:31:02 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2012/11/26 12:30:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/26 12:30:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/26 12:30:48 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/25 20:33:47 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/25 18:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
    [2012/11/24 19:20:16 | 000,040,663 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
    [2012/11/24 10:48:45 | 000,053,262 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
    [2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
    [2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
    [2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
    [2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
    [2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
    [2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
    [2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
    [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
    [2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
    [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
    [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
    [2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/24 19:20:15 | 000,040,663 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
    [2012/11/24 10:48:45 | 000,053,262 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
    [2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
    [2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
    [2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
    [2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
    [2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
    [2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
    [2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
    [2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
    [2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Did you do the fix first?
  24. Padredw

    Padredw Newcomer, in training Topic Starter Posts: 57

    Yes. Posted before the two part long file. Here it is again:


    Files\Folders moved on Reboot...
    C:\Users\Padredw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Similar to what we did above...do the fix first then run OTL again please.

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.